last executing test programs:

7m30.999008391s ago: executing program 32 (id=3501):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000021c0), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000002240)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000002280)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044040}, 0x4040)

7m20.01881112s ago: executing program 33 (id=3566):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x8c, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x6d, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0xf, 0x5}}, 0xfffffffffffffffb, @default, 0x11002, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @void, @val={0x6, 0x2, 0x1fc}, @val={0x5, 0x7, {0x7f, 0xf5, 0x2, "421b9775"}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x300, 0x100, 0x1}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x69, 0xfe, 0x1, 0xffffffffffffffff, 0x1, 0x9, 0x20}}, @void}}]}, 0x8c}, 0x1, 0x0, 0x0, 0xc0}, 0x10)

4m15.954859396s ago: executing program 3 (id=5203):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

4m14.94020061s ago: executing program 3 (id=5208):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x3, &(0x7f0000002480))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
prlimit64(0x0, 0xe, 0x0, 0x0)

4m13.465780117s ago: executing program 3 (id=5224):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newneigh={0x30, 0x1c, 0x1, 0x0, 0xfffffffd, {0xa, 0x0, 0x0, r2, 0x0, 0x8}, [@NDA_DST_IPV6={0x14, 0x1, @local}]}, 0x30}}, 0x0)

4m13.225646372s ago: executing program 3 (id=5227):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f00000000c0)='./file1\x00', 0x18410, &(0x7f0000000180)=ANY=[], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000100)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2000, 0x1e1)

4m12.810582652s ago: executing program 3 (id=5229):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x10000000000)
preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0)

4m11.989580905s ago: executing program 3 (id=5236):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9902)

4m11.782232801s ago: executing program 34 (id=5236):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9902)

4m9.062449921s ago: executing program 4 (id=5264):
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f00000001c0)="92", 0x1}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x10002)
sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x1, @loopback}, 0x10, &(0x7f0000000140)=[{&(0x7f00000021c0)="e4", 0x1}], 0x1}, 0x10)

4m6.933892448s ago: executing program 4 (id=5281):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x12, 0xa, 0x8, 0x2, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r1, &(0x7f0000000080), 0x0}, 0x20)

4m6.043594924s ago: executing program 4 (id=5270):
syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}])

4m5.860541401s ago: executing program 4 (id=5273):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000140), 0x8, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@userxattr}]})

4m3.377603793s ago: executing program 4 (id=5305):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d10501200006010203010902120008000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000580)={0x20, 0xc, 0x2, "64c3"}, 0x0, 0x0, 0x0, 0x0})

4m1.149391564s ago: executing program 4 (id=5319):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e1400"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)

4m0.655691959s ago: executing program 35 (id=5319):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e1400"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)

3m19.38876866s ago: executing program 5 (id=5647):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/prev\x00')
exit(0xffff)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
writev(r0, &(0x7f0000000540)=[{&(0x7f00000000c0)="d67275", 0x3}], 0x1)

3m18.353437573s ago: executing program 5 (id=5658):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xfc0, &(0x7f0000003d00)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfb2, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xf9e, 0x0, @gue={{0x1, 0x0, 0x0, 0x6, 0x0, @void}, "22ae48c903772370181c31d37d6754e78d5dc0d11d50a1e33c83a8130becd5c06711b6d72382b2084ad9281156b590a0bfae4bc0c4ef04cd34f0b43d4c0371123f08e438290608aeeec30baf0f83d14af8e0807e2c63b185530b8643a7a901aa4e09d74546818a81ea678b0d21b347ce64d3bac57d09ad9b7877544a39805b8c57c52793dd1bbdf46d1e0748d8fc3e08edd510975e1842b4462d7a6dcbff61ca91e4836d04cd1b495f1766035723ee980ab51e21d016fde2f32194d461bef8c320340548304f6de2eff17ba206448d8d26a1da98b523c715304b1d2864582ec34fe8f8db940076ce76b874fece87a75bcbaf6e80a8e06a6c9c810f35c9fa4dc799e22ebc51ad02e2d1a4d2e9b96b12232a6016d49981b6bc6dc962394e8923af8357636383c94d178766a472a50d06b7251b571320d9d52777045634fd99d5c3f851c1291847b28f9f9d6cbdb979d7cdc56affd87bc980fbd7d35e9a6e012eceac0b673b809db6c7d17878ac0a94b071c7a7d9e05064f0148ab142b8e9366312f2a22919fe81c7c55853561cd286c33e4691c7b343acf3adc54150f5f4ebfd951e36593751acaa0e479d0b4f49d026805127c2bb9a71a7588e679afd18be4d98f1d5c4910c93484afbb0e251c6722fb6617368b0c74e538713ec76f0afd0cea432173543fd18222875da0f11f6802f3a6c266c4060698d08574d8a9f285fb15946b340392d94c48026ad4c74e4493335b21719fdddae3203f23a45eb7ba3702623a39d7df35226fc17e53a9851229e54861a4d8feb6d6fe4e0f3707cee73ae81c611b68a5f9b8b67b2bae22a4387c92ff97b0e34034f9f39981709a7dc01c2e9bc2b6ddd848b2180f34b798b8499e05417837d7efc62026d3bedb2c3996d7ad622c03d63ee09024efcb60c90a220449802472ac9f1ba4c5ae271d0f05f79c635f5769eb5869a0332fd1acde1b2f94a7a7589296d083c24f291c01975bcb05f8db16cab9b419bba2fc0c14ffa1cd222fe867c880646cc8443c1a51a344eeceed8bb7a42ae945c40cc6856ef47da10574bc01fef93700d7cb3ec1fbd50e2c216f8bb0f65d5104f2b77b7a2bad3295ca7e07e3176d343d111659cb529ef7a29d6c15c54f1b1b2007647333e586e50d4d134760c9c7911f3c9f472cf5a3866d8c9f91f3689cd38cbd8db816202a545e8c1751ba83f73dc0c9e6d39568dcce3af99ec5a5a92e2ce84065ca6627a42f56525726c148fd0614dd9390759f0ec31919f987a33db919ed6372ae53f43e7c032433ecf7482667c35bc92ee9923c94a1cf8115e6d460245bb3a4732b6cf6a5e61a794e201ddda352351cb0375937aec47aabc411c6309bd6d2d397c4302d25ff214727f5395c599c262808813186ccda295614417443c4af2c0320802f60f2939ea84f6f2d4790040064e1406613f91aa37d79ce8e1aa2ee1b5d44154baba69a00fafe991d3f6e2a497767267840c999c8c5d41f199279b91259878892b199e4bf77bf3738935afcb229fbd0e4d6965d1030ca09c78ddd97b80d24bbf5af960c68a2240d377c2fbcc8f5901802aa0546245bee6a5bbc1175fb9621a85cb711517e54c0473576f910087f896ec4ef5e6658c48160a9182238749f01e42f2410ecfe626b3c8c3c6ff0eba181d55bc325b6eb4094f85ffe202079d6e4cd0c46651134bf28d6ca14952e4f4d35f3b5eab6c214b64c04fde626557a444167d011713cc9cc240bf9a5f6bc0da68272f069b40d9c93633bcb683cf9c115e3694a4ba8c113b98a86fe136f7974ca2a3d8f25588f06fdffa95a75a1403720368e1e71438db24ac61c555eae753d447945bca766b19b9a98a6f0dee729cd45838c262a0debc9a12dacaf7dff31fd4e73e92bd7a068c23b2f636221d92ef988bf5ad552779bd1cc42c8f30e8eb552e6df209103dbc76bf4532a5a98712274447fbbc5353fdfb43c3ef5d79fe9328c455184375459becd941a0f6250a6f0848bb36ef5b9fc9b7990255b283a276ed7bbcc0787a591ad7c9055c3c96fb91d7e93c7a1ffa011a1ce4cfb18ef8dbeea175d6c5da9da816ea00a64c1f4e6fce59409b35d97e53119293b8784f203fb03f90ac9e066932a9b36516f51b513935a3eabfa86a16c6ce831898aab62332b98b2efff8595eeed785239906ef7126f132df7f59724351b62f8552e1d86fdd7e65cf7679fc5cd35ce29866c9c5ce1357148c508a972d2968803bad15b05ac6d8f41c5c6b502e3042741ddf2a1f0742d1b351dcea35a1e7b4f0101aa4caaf225e983eac9157ece6d2b095b9ac0d3a5fcaa02a6fc2acc379decc25a8d6069c8b2caa9db7af80c9edf0895985b489851490b8c13cde445d13919268cdb52a2cd5d692a705c98458c070cdc43a9fcd905c1df7bfc77b1b72da20a4fa0ad9d3ff91c82030ebbca4c04e6460dacb756c50103ba803905c904cb2c0fb37041aa48fe0705652d78784cf64b99ddba9c209d244c7fa30afee904877028fd918dfb8e15048f0bb0715649d7135828d671eaa98263a56fa7bd0bdc0af022277b005a739c40be6053ebab71eb072029446a1c03bd53422aae5f37b1470a0f8a4d82664243ad4317db38090336d0332b66e69cc342962e95353f00f0bbb417d0dc64e0b55ffd91e56f5b5dd8a29d824d00baf4c25c326d09ca78e786c25c2f75df77f02f821b29fe8bfca8d222f420b8d403d031b2e280002d6791121a7a98a9c3350ac68793464a000ce9cbf63a0b4455e03d747bec56e1e9db21fabd27d8d92f0c9d0b67bb24c64b1d08b582e51dfea2cb0825b12b90c672ca80ff8bd49a823ca28ee6be339fffd1cd3d1d6e79f993dd7fb3fafffe8b81289c6e323991c53a0305c46ac483143b6f02868e9624ecc95355575b37227312c35270f66b78e19523ef6178587c7af2dbf556d65d79a02c9c3d05417081d4c813b18390b2f4206ba0c95c200eb15c5ce49ec5cadbd23050f9af3779d5addbef1261e965702f11bcb61248dffeeb491e94cad4efee240641713b5c0324731b89db067f82e41595e76b1e31f29a329f54615a3ea4cc8085a5d26bc4e164f353ff07257f8b68baf7eb9a2f197caf423445c6e26a841631cc669c65358ee3a2c86418a356f847354b0cfea28b3faa557041baff59f067e8313473ffe032f811cddbb275d940536fb7687c0324c0d87bc57c416ad71fce847a32dd854ae03fb9cfb3cdb6031e568790766f2022715859290bddc0d1ea49466e18d3ffeeda3c93ff10a310c9a43090649d66f0954077c93581de9dae75ecb1768e5c7ab4627c12fca3f8950a12025d3d106e3686034875f702309bfe79ec4cd1db07c166706c7e54575bdd934d3b04dfc1dee53d5c7e54a98c6068bbb088c847e82e90bbcb33944af0cb9096efe0005b7151dbbef853e2d3786b7a9eaa8a143eda417711ff45ec6d4db3990b75aedc1ac33848ae088ea81b2f270038a66babd66ec226f25c12ddd76984d7e326383e1298cb8d2a857c858837bf667c0995d9725bc7f364d772176f3aba92862c4c975e00ac642f624e120049c86b480c4474288b7c4c44e7b3688bf2d3e28ce19a673e3d67e84bc2737603cfb0a781f95851cbf656aca49e6dbf4b02e70fbb9f12221f9d25710b5685516a4a2dbbd64c994e9f07586f16466c088fb85c6f8d2a5a8733b330eb6172960c02ce7135b2789c0bf10a90123175f1d4071f9e9ece380bb186d4e0dc2c2af380b9c369d25c397227ce33273640747ef1777ceed16f17396a6d7bd780191437ae9726f62276f459802ce7be671d2f7a28aae730f9273b5eaa8fdfa3ada720a0a23941dc7963e757ef2d04726fb283a66a973d911075a8c57d589c810b06e1476bec7c2469c7c15a4e8f93c427805ef8980f634e2ee9602f2bb0ed6a09e60f1a017bd084f93752acc24d207c61458465a201177f37f6b0b73c5fb2ba85c8f429e7ae52d54e66a32356cdda929d673f754bda1c7317afc93e936eca98e1dc5ef3ddf0f5f230f023774356838d15b3f368532d1cb006fc29bc40b70b1a8d3ffec23174d113237f5bbec4ba11387bcb912c55bfc084745408f02c72603ab29389df1adfd4d06089077e79da5ad4cfa658cef2915cd423769cd9e6b53523cc76b83db473561a8d575bc8aff8c9e69bf2852724529fbbf044895186909b1e446a65a5713adb732f730388208597a10a1e139f04f9852f7fc69efc37b10bf9afbc30e85ff6f7a64cc0fe711d55872d4cd63a75825cb81ccb49a7d1a5bfd16f732fd431dc1774e9c69963845df602648bf93bfb775f2f79907ee62eb79575791a69d42c70d13817a7ee525c9dab21e9ace1dbc20141333ac864aed145ef9957cd22e3b50d838972ff213592b0ef26be0dc94e666308bb88886d3cbac543f2f7bc88021578acf588080330add4dc33576f64e3574e2448b3a00509b2ed0221f9844e3f0720257078067dac5acc22d90cef50f1491a2dc6e49c0fab398e16ffcbd0263bba293ccf18ba701feb68fe1da44a02e2b0cd6cdfb5a7b7b1e30c5329a5480e889139f2c3d57e78d085428130bd5fba6c39ac90c97a41678ec50f057663cd35119448c863678ba938c6ca6ad8323a143b226fdcd5d91553fa58ee893d1746611de91ca942ea83bf93380e9d7e487ca2aa0cdcb3487e0101e81e043d99a00bac99de24c92d5faffffffffffff7d53bae104ec3be62488d50b3dfb52a2c3ce08e2947ae7d759d0289ceed60d9b3c0e81c2b8bc460c1b86c5f4051539e5920941cd35fd2339da4cfdb0a0ef7f5c0543d30eda426901c3d8eb8ba7cfd9786b910639ecb05a109971a43286080b7a4cf60b3b37ae13c989827dfac3fb986bbcad93e54cf3a101007d4bf76ee8011a4158fd38e9ee745fcd604d43c50927418aae448c514359e8ff334f36676ad1d9ba560e92aee510a77482977790d07a2cbe350d989871981613a0358d5f89f69ea461a26041435a5ac96de18831f8c0f9e94b8e251ffa5b5e76330612caa41a87fc909cb98424bac65432f0d0119d8a9bbb2a2e2581b47b83677e1148a18a39bdea3ce1f4baed7b9e89b7f7c73fe7657b5b7916c867035bb54bf198bc1c1253c5779032b03bb94668a40e6aa6b74ad323926e0cc5df7a3395a8841cfe3ae5755f2e519d0084aaf01bd2e13b5f9c1946d6edace116d6e855ea7c41bd10548281f8133aafc25901c48dbc20bc639246e502a1f61f25478c0fe6abf87c96d626d2ed044c9842794b7c7e598a865117a3c327309509d81e9073bdcddf4d94572112cc5cb781fc7a013488e4230084eb65388cf071ff3aff05b03d1828dc5c5d2352fe0afab444222a3a4d0660d39ae82640f9f35ba6c45e02d4104be5716fdf3fc0d99a3d8a79ba31f5c757b8f1ae25428fd6b4dc7c7926cc2351f71d3bc0f9253ab09570b7d1f2c04ac013287df6fd9992e1a0fabd8dfb394773b116444b8334e695e99efdbcc9ef64d1b946a1303d4b05a52539dda21141064e7411df079e26a021b8ab5d99ad92abaebb75b9a39edf7dbf0f5fe81b3ae3d03caba8ab5ea8b558dac429a88de50211cf7a73524cfa0ca72545c71c1d443d41d91e5de5bcaa6853803faf78e1de03d21c0231be709ceb5fb7800d8e66"}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}, 0x7862}], 0x1, 0x980f, 0x0)

3m18.299780312s ago: executing program 5 (id=5659):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f00000000c0)={0xf, 0x8, 0xfa00, {r2, 0x1}}, 0x10)

3m18.138124959s ago: executing program 5 (id=5661):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file2\x00', 0x8, &(0x7f0000000080)={[{@nodioread_nolock}, {@noload}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
syz_mount_image$fuse(0x0, &(0x7f0000002f40)='./bus\x00', 0x1020020, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
llistxattr(&(0x7f0000002300)='./file0\x00', 0x0, 0xfffffdf3)

3m17.171487844s ago: executing program 5 (id=5665):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000200304306000000000000109022400010000000009040000010300000009210000000122020009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\"\v'], 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00140d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3m16.347809134s ago: executing program 5 (id=5670):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x2)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec08000000006ff1f000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)

3m16.054803566s ago: executing program 36 (id=5670):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x2)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec08000000006ff1f000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)

2m35.155375777s ago: executing program 1 (id=6003):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x4b564d04, 0xec000000, 0x8001}]})

2m34.603448349s ago: executing program 1 (id=6007):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbf8, 0x20}, 0x6a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'pim6reg\x00', {0xff}, {}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x12, "d176", 0x1}}, @common=@unspec=@state={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x1}}}, {{@ipv6={@local, @empty, [0xffffffff], [], 'veth1_to_hsr\x00', 'dummy0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00', {0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)

2m34.280296504s ago: executing program 1 (id=6009):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0xe, 0x13e, 0x89, 0xffffffff, 0x2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x252, 0x0, &(0x7f0000000680)="c3ef7f670000ec6783b4241544b50000000000000000000000000033a42c9550f50ac311e0f0544b00aab05450dc23d925bde6a1b56f92241432fa00228f11b0cc67e2e658d909c57270d30b39d3050b381d0000000000000004e1932780b192d2d61359ae0fe90b9d2a6faff570879d2f1b517210627c69e56ed195980a9a880700d5f059a6b7bb7b6a9787136a408914de373597695c519462765ac26a88185098ad1245c1d4d5162ce2fea5c53a8a44e93948de54e526e931694b28cdbc247797e769ef43a9f6bd08ef5c0abb843cc87035a5b7000083add0ccba38d197307108bfdbfae41be13e5d862e02e9f2d2582ff8ac1633f06ec78ba44e55b01022e4571179474ab5fdc0434372f826013043d00700000000000000a398285fc817fcc5ff0f02ea32cfd39b6a35f62e75f5a18720b2c73e9146cd67f57e2826f63986c202521300f2d4de3a1aed06b4771d349920e5a7891bd7b0ce80fdcbced288defdce000000e5ff00000000f75ac937aa74824fc2d467e0cfc3ff42b92176967ffb5940c531cb0dfb88cb3218c79c622b233ff7a008adf59e6dc4f4f306dd87ff882fa663110d10b9360893de41007872ca49edb852b1892823276badf3eaba18117ab83f7e38c666252d78151229c61119ba29e621def514c7f8ce13db7c270c0de77d53b5e759de5619636fe24e472e82043acf5731ca68b3b46a5b96bb8dba2b2dfc4782ac75523fcadbb4147f4de6546f39e622375ae8c3e80e119f7246aa38607321e69d1191e4355fe6e2bad8b51f16e2534365637c3a9a1c92ed0d9aaa58c1d7cf718a1c126aa5c0088ef55dda5a", 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x10000008}, 0x50)
r0 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x1)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85)

2m34.008805507s ago: executing program 1 (id=6015):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x3}, @TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x68}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@gettaction={0xf0, 0x32, 0xe72c5f922f23cad9, 0x70bd2a, 0x25dfdbf7}, 0xf0}, 0x1, 0x0, 0x0, 0x8080}, 0x10000084)

2m33.683955576s ago: executing program 1 (id=6018):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

2m33.523385481s ago: executing program 1 (id=6022):
r0 = socket(0x2, 0x1, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0xc000)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
ioctl$NBD_DO_IT(r1, 0xab03)

2m18.436105558s ago: executing program 37 (id=6022):
r0 = socket(0x2, 0x1, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0xc000)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
ioctl$NBD_DO_IT(r1, 0xab03)

1m17.710591125s ago: executing program 8 (id=6640):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xa}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xc, 0x9}, {}, {0x7, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x5, 0xb}}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1ff50}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0x240068c4)

1m17.444120847s ago: executing program 8 (id=6644):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)="3900000013000b4700bb65e1c3e4ffff010000003d000000560000022500000019000a001000000007fd17e5ffff080004fe0000000000000a", 0x39}], 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'macsec0\x00', @random="010000201000"})

1m17.124905088s ago: executing program 8 (id=6647):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, r1, 0x1, 0x72bd29, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}]}]}]}, 0x2c}}, 0x20000000)

1m16.951679161s ago: executing program 8 (id=6649):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000100)={[{@utf8}, {@gid}, {}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@errors_remount}, {@namecase}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@errors_remount}]}, 0x1, 0x152b, &(0x7f0000000a00)="$eJzs3AmYjtXbAPD7Puc8Y0zS2yTLcM65H95kOSZJsiTJkiRJkmRLSJrkLwmJIVvSkIRkGZJlCMkyMWns+74kJEmTJCHZkvNdir/66r8vvuub+3ddzzXnfs9zn+c87/0+8yyzfNN5SI1GNas2ICL4l+AvX5IBIBYABgDANQAQAEDZ+LLxF/pzSkz+1zbC/r0eSrvSM2BXEtc/e+P6Z29c/+yN65+9cf2zN65/9sb1z964/oxlZ5umFbiWl+y78PP/7IzP//+PZJUa88WaUtd3AYj5e1O4/tkb1///reDvWYnrn71x/bOr2Cs9AfZ/AB//2UGOv9jD9c/euP6MZWdX+vnzf36Rf7UfItnhPfgr+88YY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjP0XnPaXKQC41L7S82KMMcYYY4wxxti/j89xpWfAGGOMMcYYY4yx/zwEARIUBBADOSAWckIcCAC4GnLDNRCBayEeroM8cD3khXyQHwpAAhSEQqDBgAWCEApDEYjCDVAUboRiUBxKQElwUAoS4SYoDTdDGbgFysKtUA5ug/JQASpCJbgdKsMdUAXuhKpwF1SD6lADasLdUAvugdpwL9SB+6Au3A/14AGoDw9CA3gIGsLD0AgegcbwKDSBptAMmkOLfyr/BegOL0IP6AnJ0At6w0vQB/pCP+gPA+BlGAivwCB4FVJgMAyB12AovA7D4A0YDiNgJLwJo+AtGA1jYCyMg1QYDxPgbZgI78AkmAxTYCqkwTSYDu/CDJgJs+A9mA3vwxyYC/NgPqTDB7AAFkIGfAiL4CPIhMWwBJbCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A474GPYCZ/ALtgNe/5cv38k/9Sv8j+FvdAFAQEFClSoMAZjMBZjMQ7jMBfmwtyYGyMYwXiMxzyYB/NiXsyP+TEBE7AQFkKDBgkJC2NhjGIUi2JRLIbFsASWQIcOEzERS+PNWAbLYFksi+WwHJbHClgBK2ElrIyVsQpWwapYFathNayBNfBuvBt7YW2sjXWwDtbFupceT2EDbIANsSE2wkbYGBtjE2yCzbAZtsAW2BJbYitshW2wDbbFttgO22ESJmF7bI8dsAN2xI7YCTthZ+yMXbArds16IQfgi/gi9sRqohf2xt7YB1Ny9MP+2B9fxoH4Cr6Cr2IKDsYh+Bq+hq/jMDyJw3EEjsSRWFm8haNxDJIYh6mYihNwAk7EiTgJJ+NknIppOA2n43ScgTNxJr6Hs/F9fB/n4lycj+mYjgtwIWZgBi7CU5iJi3EJLsVluByX4UpchStxDa7FNbge1+NG3IibcTNuxa24Hbfjx6gA8BPcjbsxBffiXtyH+3A/7scDeACzMAsP4kE8hIfwMB7GI3gEj+IxPI7H8ASewJN4Ck/jaTyLZ/EcPpfwVcOPi69OAXGBEkrEiBgRK2JFnIgTuUQukVvkFhEREfEiXuQReURekVfkF/lFgkgQhUQhYYQRJMIYABBRERVFRVFRTBQTJUQJ4YQTiSJRlBalRRlRRpQVt4py4jZRXlQQrV0lUUlUFm1cFXGnqCqqimqiuqghaoqaopaoJWqL2qKOqCPqirqinnhA1Be9sB8+JC5UppEYjI3FEGwimgp58QhoKYZhK9FatBFPiBE4HNuJli5JPC3ai9HYQfxJjMFnRScxDjuL50UX0VV0Ey+I7qKV6yF6iknYS/QWU7GP6Cv6if5iBlYX7+HsnDXEqyJFDBZDxGtiPr4uhok3xHAxQowUb4pR4i0xWowRY8U4kSrGiwnibTFRvCMmicliipgq0sQ0MV28K2aImWKWeE/MFu+LOWKumCfmi3TxgVggFooM8aFYJD4SmWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrvYIT4WO8UnYpfYLfaIT8Ve8ZnYJz4X+8UX4oD4UmSJr8RB8bU4JL4Rh8W34oj4ThwVx8Rx8b04IX4QJ8UpcVqcEWfFj+Kc+EmcF16ARCmklEoGMkbmkLEyp4yTV8lcMrj47l4r4+V1Mo+8XuaV+WR+WUAmyIKykNTSSCtJhrKwLCKj8gZZVN4oi8nisoQsKZ0sJRPlTbK0vFmWkbfIsvJWWU7eJsvLCrKirCRvl5XlHRIiv2yjmqwua8ia8m6ZDPfI2vJeWUfeJ+vK+2U9+YCsLx+UDeRDsqF8WDaSj8jG8lHZRDaVzWRz2UI+JlvKx2Ur2Vq2kU/ItvJJ2U4+JZPk07K99Bc/Is/KTvI52Vk+L7vIrrKb/Emel172kD0l9ALZW74k+8i+sp/sLwfIl+VA+YocJF+VKXKwHCJfk0Pl63KYfEMOlyPkSPmmHCXfkqPlGDlWjpOpcrycIN+WE+U7cpKcLKfIqTJNTpP9Lo40S8q/mf/2r/MvnHrlNDno561vlJvkZrlFbpXb5Ha5Q34sd8qdcpfcJffIPXKv3Cv3yX1yv9wvD8gDMktmyYPyoDwkD8nD8rA8Io/Io/KYPCO/lyfkD/KkPCVPyTPyrDwrz118D0ChEkoqpQIVo3KoWJVTxamrVC51tcqtrlERda2KV9epPOp6lVflU/lVAZWgCqpCSiujrCIVqsKqiIqqG/DiB0aVUCWVU6VUorrpH8lXRdWNqpgq/pv8S/NL/gvza6FaqJaqpWqlWqk2qo1qq9qqdqqdSlJJqr1qrzqoDqqj6qg6qU6qs+qsuqguqpvqprqr7qqH6qGSVbLqrV5SfVRf1U/1VwPUy2qgGqgGqUEqRaWoIWqIGqqGqmFqmBquhquRaqQapUap0Wq0GqvGqlSVqiaoCWqimqgmqUlqipqi0lSamq6mqxlqhpqlZqnZaraao+aoeWqeSlfpaoFaoDJUhlqkFqlMtVgtVkvVUrVcLVcr1Uq1Wq1Wa9VatV6tV5lqk9qktqgtapvapnaoHWqn2ql2qV1qj9qj9qq9ap/ap/ar/eqAOqCyVJY6qA6qQ+qQOqwOqyPqiDqqjqrj6rg6oU6ok+qkOq1Oq7PqrDqnzqnz6ryCQIAIRKACFcQEMUFsEBvEBXFBriBXkDvIHUSCSBAfxAd5guuDvEG+IH9QIEgICgaFAh2YwAbiYtGjwQ1B0eDGoFhQPCgRlAxcUCpIDG4KSgc3B2WCW4Kywa1BueC2oHxQIagYVApuDyoHdwRVgjuDqsFdQbWgelAjqBncHdQK7glqB/cGdYL7grrB/UG94IGgfvBg0CB4KGgYPBw0Ch4JGgePBk2CpkGzoHnQ4t86vvcn8z3ueuieOln30r31S7qP7qv76f56gH5ZD9Sv6EH6VZ2iB+sh+jU9VL+uh+k39HA9Qo/Ub+pR+i09Wo/RY/U4narH6wn6bT1Rv6Mn6cl6ip6q0/Q0PV2/q2fomXqWfk/P1u/rOXqunqfn63T9gV6gF+oM/aFepD/SmXqxXqKX6mV6uV6hV+pVerVeo9fqdXq93qA36k16s96it+pterveoT/WO/UnepferffoT/Ve/Znepz/X+/UX+oD+Umfpr/RB/bU+pL/Rh/W3+oj+Th/Vx/Rx/b0+oX/QJ/UpfVqf0Wf1j/qc/kmf1/7Cxf2F07tRRpkYE2NiTayJM3Eml8llcpvcJmIiJt7Emzwmj8lr8pr8Jr9JMAmmkClkLiBDprApbKImaoqaoqaYKWZKmBLGGWcSTaIpbUqbMqaMKWvKmnKmnClvypuKpqK53dxu7jB3mDvNneYuc5epbqqbmqamqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYZqaZaWFamJampWllWpk2po1pa9qadqadSTJJpr1pbzqYDqaj6Wg6mU6ms+lsupguppvpZrqb7qaH6WGSTbLpbXqbPqaP6Wf6mQFmgBloBppBZpBJMSlmiBlihpqhZpgZZoabEWbkhQtV85YZbcaYsWacSTWpZoKZYCaaiWaSmWSmmCkmzaSZ6Wa6mWFmmFlmlpltZps5Zo6ZZ+aZdJNuFpgFJsNkmEVmkck0mWaJWWKWmWVmhVlhVplVZo1ZY9bBOrPBbDCbzCazxWwx28w2s8PsMDvNTrPL7DJ7zB6z1+w1+8w+s9/sNwfMAZNlssxBc9AcMofMYXPYHDFHzFFz1Bw3x80Jc8KcNCfNaXPanDX5Lp4vvYm1OW2cvcrmslfb3PYa+7/j/LaATbAFbSGrbV6b7zexsdYWs8VtCVvSOlvKJtqbfheXtxVsRVvJ3m4r2ztsld/Ftew9tra919ax99ma9u7fxHXt/baefcTWRwSwTW1D29w2so/YxvZR28Q2tc1sc9vWPmnb2adskn3atrfP/C5eYBfaVXa1XWPX2l12tz1tz9hD9ht71v5oe9iedoB92Q60r9hB9lWbYgf/Lh5p37Sj7Ft2tB1jx9pxv4un2Kk2zU6z0+27doad+bs43X5gZ9sMO8fOtfPs/J/jC3PKsB/aRfYjm2kDWGKX2mV2uV1hV/55rkvtervBbrQ77Sd2i91qt9ntdselC2G72+6xn9q99jN70H5t99sv7AF72GbZr36OL+zfYfutPWK/s0ftMXvcfm9P2B/UpewL+/69/cmet94CIQFJUhRQDOWgWMpJcXQV5aKrKTddQxG6luLpOspD11Neykf5qQAlUEEqRJoMWSIKqTAVoSjdQJemV4JKkqNSlEg3UWm6mcrQLVSWbqVydBuVpwpUkSrR7VSZ7qAqdCdVpbuoGlWnGlST7qZadA/VpnupDt1Hdel+qkcPUH16kBrQQ9SQHqZG9Ag1pkepCTWlZtScWtBj1JIep1bUmtrQE9SWnqR29BQl0dPUnp6hDvQn6kjPUid6jjrT89SFulI3eoG604vUg3pSMvWi3vQS9aG+1I/60wB6mQbSKzSIXqUUGkxD6DUaSq/TMHqDhtMIGklv0ih6i0bTGBpL4yiVxtMEepsm0js0iSbTFJpKaTSNptO7NINm0ix6j2bT+zSH5tI8mk/p9AEtoIWUQR/SIvqIMmkxLaGltIyW0wpaSatoNa2htbSO1tMG2kibaDNtoa20jbbTDvqYdtIntIt20x76lPbSZ7SPPqf99AUdoC8pi76ig/Q1HaJv6DB963vSd3SUjtFx+p5O0A90kk7RaTpDZ+lHOkc/0XnyBCGGIpShCoMwJswRxoY5w7jwqjBXeHWYO7wmjITXhvHhdWGe8Powb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGwxvCouGNYbGweFgiLBm6sFSYGN4Ulg5vDsuEt4Rlw1vDcuFtYfmwQvjIfZXC28PK4R1hlfDOsGp4V1gtrB7WCGuGd4e1wnvC2uG9YZ3wvrBMeH9YL3wgrB8+GDYIHwobhg+HjcJHwsbho2GTsGnYLGwetggfC1uGj4etwtZhm/CJsG34ZNgufCpMCp8O24fP/Nx//8K/3J8c9gp7hy+FL4Xe3yvnRedH06MfRBdEF0Yzoh9GF0U/imZGF0eXRJdGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGva+ZAxw64aRTLnAxLoeLdTldnLvK5XJXu9zuGhdx17p4d53L4653eV0+l98VcAmuoCvktDPOOnKhK+yKuKi7wRV1N7pirrgr4Uo650q5RNfctXAtXEv3uGvlWrs27gn3hHvSPemeck+5p11794zr4P7kOrpnXSf3nHvOPe+6uK6um3vBdXfjc/9yTCa73q636+P6uH6unxvgBriBbqAb5Aa5FJfihrghbqgb6oa5YW64G+5GupFulBvlRrvRbqwb61JdqpvgJriJbqKb5Ca5KW6KS3Npbrqb7ma4Ga7yzF+2MsfNcfPcPJfu0t0Cd+GaMcMtcotcpst0S9wSt8wtcyvcCrfKrXJr3Bq3zq1zG9wGt8ltclvcFrfNbXM73A630+10u/w1vwzq9rp9bp/b7/a7A+5Ll+W+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZcaGR+ZEHk7MjHyTmRSZHJkSmRqJC0yLTI98m5kRmRmZFbkvcjsyPuROZG5kXmR+ZH0yAeRBZGFkYzIh5FFkY8imZHFkSWRpZFlkeUR7wtuCX1hX8RH/Q2+qL/RF/PFfQlf0jtfyif6m3xpf7Mv42/xZf2tvpy/zZf3FXxF/6hv4pv6Zr65b+Ef8y39476Vb+3b+Cd8W/+kb+ef8kn+ad/eP+M7+D/5jv5Z38k/5zv7530X39V38y/47v5F38P39Mm+l+/tX/J9fF/fz/f3A/zLfqB/xQ/yr/oUP9gP8a/5of51P8y/4Yf7EX5kzJt+1KVbZBjnU/14P8G/7Sf6d/wkP9lP8VN9mp/mp/t3/Qw/08/y7/nZ/n0/x8/18/x8n+4/8Av8Qp/hP/SL/Ec+0y++9FDSr/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3e/wH/ud/hO/y+/2e/ynfq//zO/zn/v9/gt/wH/ps/xX/qD/2h/y3/jD/lt/xH/nj/pj/rj/3p/wP/iT/pQ/7c/4s/5Hf87/5M/z36wxxhhjjP1dxl9uit/2/PI4v9cf5IhfrdwbAK7eWiDr1/0XrijX5f2l3VcktI0AwNM9Oz90aalWLTk5+eK6mRKCInMBLv0k6IIYuBwvhjbwJCRBayj9h/PvK7qepb8xfvRWgLhf5cTC5fjy+J8DYPIfjP/YEyMXlAtPx/+V8ecCFCtyOScnXI4XQ5ufn6+0hjJ/Yf75Wv6N+ef8IhWg1a9ycsHl+PL8E+FxeAaSfrMmY4wxxhhjjDH2i76iYsdL95+XfuPzj+7PE9TlnBxwOf5b9+eMMcYYY4wxxhi78p7t2u2px5KSWnf8xxtV/qmsv7vRGP5TI3PjDxveA1x6RQHAvzggwIWG/G/uxeb/yrZSLh46/7tr2RkfwP+NUv7zjbF/fuUKf2NijDHGGGOM/dtdvvr/7evqSk2IMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLhv4b/1fsSu8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9TwAAAP//HmP+kg==")
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x2014050, 0x0)

1m16.434177741s ago: executing program 8 (id=6655):
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
connect$inet6(r0, &(0x7f0000000400)={0xa, 0xfffd, 0x0, @empty, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)

1m15.962248695s ago: executing program 8 (id=6662):
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
io_setup(0x6, &(0x7f0000001380)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])

1m15.521099548s ago: executing program 38 (id=6662):
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
io_setup(0x6, &(0x7f0000001380)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])

32.316245965s ago: executing program 9 (id=6815):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
r0 = memfd_create(&(0x7f0000000280)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\x96\xa7f\x9ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\x15n\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z\t\x00\x00\x00\x00\x00\x00\x00\x9b\x01\xf9t\xbb\x1er\x04\xdb\xd3\xed\xfd\xbdnC\xec#]\xbf\xa2\xa2H\x86\x86[8\x05\xfe\xdc\x11\x04\xa1u\x81', 0x0)
fsetxattr(r0, &(0x7f0000000240)=@known='user.incfs.id\x00', 0x0, 0x0, 0x0)
fremovexattr(r0, &(0x7f00000000c0)=@known='user.incfs.id\x00')

31.585790791s ago: executing program 9 (id=6817):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000940), 0x10)
listen(r0, 0x0)
connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)

31.173786276s ago: executing program 9 (id=6818):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0300002e00090027bd70000000000004000000480311802e"], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000010)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0300002e00090027bd70000000000005"], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000010)

27.020255228s ago: executing program 9 (id=6835):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000006c0)='./file0\x00', 0x58e, &(0x7f00000007c0)={[{@nombcache}, {@lazytime}, {@block_validity}, {@block_validity}, {@nojournal_checksum}, {@quota}, {@jqfmt_vfsv0}]}, 0x1, 0x45c, &(0x7f0000000b80)="$eJzs289vFFUcAPDv7HaB8sOuiD9A1CoaG3+0tKBy8KLRxIMmJl7wWNtCkIUaWhMhRMEDHg2Jd+PRxL/Ak16MejLxqndDQgwXkdOa2Z1hf7Bb2rLtIPv5JNO+N/Om73375u2+mbcbwNAaT38kETsj4o+IGGtmOwuMN39dv3Z+7t9r5+eSqNff+ztplPvn2vm5vGh+3o4sM1Gq9K136ey5k7O12sKZLD+1fOqjqaWz5148cWr2+MLxhdMzR44cPjT9ysszL9168o21x3l/2tZ9ny7u3/vW+5ffmTt6+YNfvivn8XfFMSDjKx18pl4fcHXF2tWWTkYKbAhrko6BtLsqjfE/FuVodd5YvPl5oY0DNlQ90+fwhTpwD0ui6BYAxcjf6NP733zbvNlH8a6+1rwBSuO+nm3NIyNRyspUuu5vB2k8Io5euPF1usXGPIcAAOjwQzr/eaHX/K8UD7WVuy9bG6pmaym7I+KBiNgTEQ9GNMo+HBGPrLH+7kWSrP6ktQZVurL+6G4vnf+9mq1tdc7/8tlfVMtZblcj/kpy7ERt4WD2P5mIytY0P71CHT++8fuX/Y61z//SLa0/nwtm7bgysrXznPnZ5dk7ibnd1YsR+0Z6xZ/cXAlI+2JvROxb7R8td2ZPPPft/n5Fbx//CgawzlT/JuLZZv9fiK74c8nK65NT26K2cHAqvypu9etvl97tV/8dxT8Aaf9v73n934y/mrSv1y6tvY5Lf37R955mcl3Xf2vHluz3J7PLy2emI7Ykbzcb3b5/pnVuns/Lp/FPHOg9/ndH6z/xaESkF/FjEfF4RDyR9d2TEfFURBzoiqv9/vrn15/+sF/8d0P/z3f1f7WzSFf/txJbontPz0SUT/70fedfbCVX9/p3uJGayPas5vVvFe1a59UMAAAA/z+liNgZSWnyZnq0NDnZ/Az/ntheqi0uLT9/bPHj0/PN7whUo1LKn3SNtT0Pnc5u66sXm/mZPJ8dP5Q9N/6qPNrIT84t1uaLDh6G3I5bxn+pMf5Tf5WLbh2wsbYV3QCgSG3r6EmR7QA2n+9rw/Ay/mF49Rj/o0W0A9h8vd7/PyugHcDm6xr/lv1giLj/h+Fl/MPwah//PgAAQ2NpNG7/JfleiW2xnrMk7plElO6KZgwmkaxzFKw2sbPoANeeKPqVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDD+CwAA//9MX/Ao")
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x20000c, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)

25.302288072s ago: executing program 9 (id=6840):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x6)
read$dsp(r0, &(0x7f00000011c0)=""/4117, 0x200021d5)

21.654677331s ago: executing program 9 (id=6851):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xb, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000240), &(0x7f0000000280)=r0}, 0x20)

19.736940049s ago: executing program 39 (id=6851):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xb, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000240), &(0x7f0000000280)=r0}, 0x20)

10.502336067s ago: executing program 7 (id=6878):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x1, 0x0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r0, 0xe)

10.371953001s ago: executing program 6 (id=6879):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000000180)=@attr_pvtime_ipa={0x0, 0x1, 0x1, 0xf00})

9.67054124s ago: executing program 7 (id=6881):
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000001000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r2, r1, 0x25, 0x2, @void}, 0x10)

9.352298525s ago: executing program 6 (id=6883):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f00000000c0)=ANY=[@ANYBLOB="400e4900000034e36eb20f9a8629e250aab3efdc069a8fbf88530edb4138bfd8f9c5bf07b942b3e86a5921010d0c8d511c7c93daa2b1095d34ef451b3e66849353990095305c4bec358c"], 0x0, 0x0})

8.131847404s ago: executing program 7 (id=6886):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)="2e0000001000818803b62aa73772cc9f1ba1f848430000005e1446ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

6.868698293s ago: executing program 7 (id=6890):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21111, 0x8831}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000001}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x48}, 0x1, 0x0, 0x0, 0x48890}, 0x0)

6.341817824s ago: executing program 0 (id=6892):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x2000, 0x3, &(0x7f0000f97000/0x2000)=nil)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c)

5.873592591s ago: executing program 6 (id=6893):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x25, &(0x7f0000000200)={0x1, 0x0, 0x3, 0x1fd})
fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x5, 0x2})
fcntl$lock(r0, 0x24, &(0x7f00000000c0)={0x2, 0x0, 0x9, 0x8})

5.352329262s ago: executing program 0 (id=6896):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'vlan0\x00', <r2=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000780)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100d2f2d16eb32902ce2f0000000c00018008000100", @ANYRES32=r2], 0x20}}, 0x0)

5.217051211s ago: executing program 6 (id=6897):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvtap0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newqdisc={0x44, 0x28, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffdfc, {0x0, 0x0, 0x0, r1, {0xfff3}, {0x8, 0xfff1}, {0x2, 0x2}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x0, 0x7f9, 0xb6}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40098}, 0x10)

4.83924717s ago: executing program 2 (id=6898):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./bus\x00', 0x1010000, &(0x7f00000005c0)={[{@utf8no}, {@shortname_winnt}, {@uni_xlate}, {@uni_xlate}, {@uni_xlate}, {@shortname_winnt}, {@utf8no}, {@uni_xlate}, {@shortname_winnt}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'cp866'}}, {@fat=@codepage={'codepage', 0x3d, '949'}}, {@iocharset={'iocharset', 0x3d, 'cp855'}}, {@rodir}, {@utf8no}, {@shortname_lower}, {@shortname_mixed}]}, 0x1, 0x36e, &(0x7f0000000140)="$eJzs3UuIW1UYAOA/c/OYFrSzEwUhuhO0tN3pxhaZQnE2KsHHQgw0VUlGYQYH20XTcaG4FFzqyp2KLlyISxEUcS/urCBVcaHdFSweSe69yW2SmT6wI4PfB5OcOef85z/3QXIn3Jx54Xj0TzfizOXLl2J5uRb1448djyu1WIksShdiXnNBHQCwP1xJKf5Mudm25cUhtT2YFgBwG43f/1+MiHas5DVvfL1b/+TdHwD2veLv/wO79dnhc4CIV2/LlACA22zu8//7r2lujn/q5a/1yl0BAMB+9dSzzz1+Yi3iyXZ7OWL9ra3OVicembafOBMvxyB6cSQOxdWI/EJh9FAbP548tbZ6pN1uD+OXlehExFIR2MmvFE5k4/hWHI1DsVLEF1cbKaXs5Gdrq0fbYxFxYTjOH+u1rU4jDhb5fzwYvemFRznI+Cni1NrqsXYxQGe9jB9GbE9vVBhEr1EUy2FSKu9gXFs9f7Sc9DR+q9OK05O9sOMnIAAAAAAAAAAAAAAAAAAAAAAAcEsOtydWJuvnpNFzvlLO4cML2sfr4+TxxfpA2/n6QKmVIqU/Xn+o83YW16wPNLs+z5aFBAEAAAAAAAAAAAAAAAAAAGBi82wzuoNBb2Pz7Ll+tTDc2Dy7FBGjmle+/eSrAzHf5zqFep6iFTFJ0S7Snut3U1Z2TlnEfHg2Sl7WfPj5ZMbVPq3JViycRmvnpsHgjvt+fm9ac29Wjvz3tE8Wizcwq0zj0ZmR1+/Mp3QzO2pSOFatac1nv5hSqtS8WQ0///z8gFGLqN/8gTvXX4qd+6RR4ZtLL91d7v3ulyn3wIOHnr747ge/9buDUeYYH8HmxubV1O/Wys43kL0YLo0PQX5u/PBxRC3yPrXqmVDfbcDta2u62fe/P3PPO99dZycUeyxVm14bnc8znbN8cz6dHaeZF0bTnGk6MA1vFBsx6DUWnPzXK9zCMb3r/S8+SumnX284xdTS3MtG7d959QEAAAAAAAAAAAAAAAAAAKoq3xUvvnQ9zBsau0U9/MQeTQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9sT0//9XCtsXYqbmRgp/DRdEtXobmxHN/3ozAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/snAAD//+v/ZB0=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x51)
r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x112)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

3.169114795s ago: executing program 7 (id=6899):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)={0x58, r1, 0x101, 0x20000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x24, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "4ffd7cf928"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

3.045782952s ago: executing program 2 (id=6900):
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x5e24, @remote}, 0x10)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000040)=""/185, &(0x7f0000000140)=0xb9)

2.783349567s ago: executing program 0 (id=6901):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000010400000000fddbdf2500000000", @ANYRES32=r2, @ANYBLOB="00010000ac0000001c0012800b000100697036746e6c00000c00028006000f000308"], 0x3c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)

2.763747926s ago: executing program 6 (id=6902):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x1, 0x2c, 0x2, 0x0, @local}, 0x10)
recvmmsg(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/73, 0x49}], 0x1}, 0x10000}], 0x1, 0x2, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)

2.301857751s ago: executing program 7 (id=6903):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
migrate_pages(0x0, 0x4, &(0x7f0000000000)=0x200000007f, &(0x7f0000000300)=0x80000a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

2.040749711s ago: executing program 2 (id=6904):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000810"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

1.554727608s ago: executing program 2 (id=6905):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, r1, 0x3ef0193626faee95, 0x71bd2b, 0x25dfdffb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008090}, 0x0)

1.325775912s ago: executing program 0 (id=6906):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000600), 0x2640, 0x0)
ioctl$TIOCEXCL(r0, 0x540c)
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001300), 0x40000, 0x0)

712.516458ms ago: executing program 0 (id=6907):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x90, 0x0, 0x7ff, {0x5, 0x3, 0xdc, 0x9, 0x9, 0x6, {0x3, 0x638, 0xfffffffffffffbf8, 0x8, 0x3, 0x79, 0xfffffffe, 0x7, 0x101, 0x6000, 0x4, 0x0, 0x0, 0x7, 0x8}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c0053"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)

652.761021ms ago: executing program 2 (id=6908):
unshare(0x22020400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x29}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r0, r1, 0x4}, 0x10)

160.499429ms ago: executing program 6 (id=6909):
syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2)
r0 = socket$kcm(0x29, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000000)=@generic={0x2, 0x5, 0xa8c})

83.98102ms ago: executing program 2 (id=6910):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x492492492492846, 0x0)
pselect6(0x7e, &(0x7f0000000100)={0x0, 0x0, 0x1000000000000}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x3, 0x0, 0x5}, 0x0, 0x0)
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)

0s ago: executing program 0 (id=6911):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x3, 0x1, 0x0, 0x0, 0x6}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

kernel console output (not intermixed with test programs):

] netlink: 40 bytes leftover after parsing attributes in process `syz.8.5984'.
[  740.985575][T21934] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5984'.
[  741.521338][T21926] loop9: detected capacity change from 0 to 40427
[  741.562277][T21926] F2FS-fs (loop9): Invalid log blocks per segment (4278190089)
[  741.589499][T21926] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  741.602294][T21926] F2FS-fs (loop9): invalid crc value
[  741.778926][T21936] loop7: detected capacity change from 0 to 32768
[  741.839845][T21936] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  741.935311][T21926] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  741.963549][T21936] XFS (loop7): Ending clean mount
[  742.019230][T21936] XFS (loop7): Quotacheck needed: Please wait.
[  742.094979][T21926] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  742.122198][T21926] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  742.219336][T21936] XFS (loop7): Quotacheck: Done.
[  742.260006][T21926] F2FS-fs (loop9): Corrupted max_depth of 3: 255
[  742.304337][T21926] F2FS-fs (loop9): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  742.412258][T19733] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  742.500304][T21962] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5992'.
[  744.477807][T22006] loop9: detected capacity change from 0 to 512
[  744.517354][T22006] EXT4-fs: Ignoring removed nomblk_io_submit option
[  744.583807][T22006] EXT4-fs error (device loop9): ext4_orphan_get:1397: inode #11: comm syz.9.6005: iget: bad extended attribute block 3153
[  744.612942][T22006] loop9: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  744.613767][T22006] EXT4-fs error (device loop9): ext4_orphan_get:1402: comm syz.9.6005: couldn't read orphan inode 11 (err -117)
[  744.623056][    C0] EXT4-fs (loop9): error count since last fsck: 1
[  744.623082][    C0] EXT4-fs (loop9): initial error at time 2000000725: ext4_orphan_get:1397: inode 11
[  744.623114][    C0] EXT4-fs (loop9): last error at time 2000000725: ext4_orphan_get:1397: inode 11
[  744.656932][T22011] xt_CT: You must specify a L4 protocol and not use inversions on it
[  744.694000][T22006] loop9: lost filesystem error report for type 5 error -117
[  744.698259][T22006] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  744.931708][T22018] program syz.1.6009 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  744.953260][T22020] loop6: detected capacity change from 0 to 256
[  744.970678][T20993] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  745.014234][T22020] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1d73664b, utbl_chksum : 0xe619d30d)
[  745.235148][T22026] netlink: 136 bytes leftover after parsing attributes in process `syz.1.6015'.
[  746.561003][T22053] loop7: detected capacity change from 0 to 32768
[  746.692203][T22053] ERROR: (device loop7): diAllocBit: iag inconsistent
[  746.692203][T22053] 
[  746.757520][T22053] ERROR: (device loop7): remounting filesystem as read-only
[  746.777203][T22053] ialloc: diAlloc returned -5!
[  747.021843][T22084] loop8: detected capacity change from 0 to 2048
[  747.072590][T22084] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  747.136017][   T30] audit: type=1800 audit(2000000728.379:211): pid=22084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.6038" name="file1" dev="loop8" ino=1369 res=0 errno=0
[  747.319374][T22088] loop9: detected capacity change from 0 to 2048
[  747.415488][T22088] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  747.440875][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  747.450849][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  747.489482][   T30] audit: type=1800 audit(2000000728.739:212): pid=22088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.6041" name="file1" dev="loop9" ino=1367 res=0 errno=0
[  748.314852][T22111] loop7: detected capacity change from 0 to 2048
[  748.328729][T22111] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024)
[  748.350633][T22111] NILFS (loop7): mounting unchecked fs
[  748.390306][T22111] NILFS (loop7): recovery complete
[  748.411303][T22112] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  749.259208][T22133] loop9: detected capacity change from 0 to 128
[  749.281859][T22133] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[  749.304674][T22133] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  749.651849][T22142] loop7: detected capacity change from 0 to 1024
[  749.684146][T22142] hfsplus: b-tree write err: -5, ino 2
[  749.752735][  T135] hfsplus: b-tree write err: -5, ino 25
[  749.771417][  T135] hfsplus: b-tree write err: -5, ino 4
[  749.787603][  T135] hfsplus: b-tree write err: -5, ino 2
[  749.795013][  T135] hfsplus: b-tree write err: -5, ino 26
[  750.053498][T22154] loop6: detected capacity change from 0 to 64
[  750.506636][T22137] loop8: detected capacity change from 0 to 40427
[  750.532536][T22137] F2FS-fs (loop8): invalid crc value
[  750.846353][T22137] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  750.875140][T22172] dummy0: entered allmulticast mode
[  750.941381][T22137] F2FS-fs (loop8): Start checkpoint disabled!
[  750.956502][T22172] dummy0: left allmulticast mode
[  750.977709][T22137] F2FS-fs (loop8): f2fs_disable_checkpoint() finish, err:0
[  750.987656][T22137] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  751.206035][T22179] loop6: detected capacity change from 0 to 256
[  751.261695][T22179] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xdbae3f17, utbl_chksum : 0xe619d30d)
[  751.602241][T17060] kworker/u8:3: attempt to access beyond end of device
[  751.602241][T17060] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  751.636797][T17060] CPU: 0 UID: 0 PID: 17060 Comm: kworker/u8:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  751.636832][T17060] Tainted: [L]=SOFTLOCKUP
[  751.636840][T17060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  751.636853][T17060] Workqueue: writeback wb_workfn (flush-7:8)
[  751.636888][T17060] Call Trace:
[  751.636897][T17060]  <TASK>
[  751.636906][T17060]  dump_stack_lvl+0xe8/0x150
[  751.636939][T17060]  f2fs_stop_checkpoint+0x3c7/0x590
[  751.636978][T17060]  f2fs_write_end_io+0x12e5/0x17a0
[  751.637035][T17060]  __submit_merged_bio+0x256/0x6a0
[  751.637076][T17060]  __submit_merged_write_cond+0x3c9/0x4e0
[  751.637118][T17060]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  751.637177][T17060]  f2fs_write_data_pages+0x287e/0x34f0
[  751.637248][T17060]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  751.637364][T17060]  ? __lock_acquire+0x6b5/0x2cf0
[  751.637423][T17060]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  751.637471][T17060]  do_writepages+0x32e/0x550
[  751.637509][T17060]  ? reacquire_held_locks+0x104/0x190
[  751.637530][T17060]  ? writeback_sb_inodes+0x463/0x19d0
[  751.637566][T17060]  __writeback_single_inode+0x133/0x10e0
[  751.637596][T17060]  ? do_raw_spin_unlock+0xf5/0x210
[  751.637627][T17060]  writeback_sb_inodes+0x979/0x19d0
[  751.637653][T17060]  ? __lock_acquire+0x6b5/0x2cf0
[  751.637727][T17060]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  751.637753][T17060]  ? do_raw_spin_lock+0x12b/0x2f0
[  751.637829][T17060]  ? rcu_is_watching+0x15/0xb0
[  751.637863][T17060]  wb_writeback+0x445/0xb00
[  751.637896][T17060]  ? queue_io+0x291/0x470
[  751.637933][T17060]  ? __pfx_wb_writeback+0x10/0x10
[  751.637956][T17060]  ? do_raw_spin_lock+0x12b/0x2f0
[  751.638002][T17060]  wb_workfn+0x3f8/0xf10
[  751.638022][T17060]  ? __lock_acquire+0x6b5/0x2cf0
[  751.638049][T17060]  ? look_up_lock_class+0x57/0x110
[  751.638098][T17060]  ? __pfx_wb_workfn+0x10/0x10
[  751.638123][T17060]  ? do_raw_spin_lock+0x12b/0x2f0
[  751.638144][T17060]  ? lock_acquire+0x106/0x350
[  751.638174][T17060]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  751.638203][T17060]  ? process_scheduled_works+0xa70/0x1860
[  751.638235][T17060]  ? process_scheduled_works+0xa70/0x1860
[  751.638275][T17060]  ? process_scheduled_works+0xa70/0x1860
[  751.638303][T17060]  ? process_scheduled_works+0xa70/0x1860
[  751.638335][T17060]  process_scheduled_works+0xb5d/0x1860
[  751.638407][T17060]  ? __pfx_process_scheduled_works+0x10/0x10
[  751.638446][T17060]  ? assign_work+0x3d5/0x5e0
[  751.638485][T17060]  worker_thread+0xa53/0xfc0
[  751.638541][T17060]  kthread+0x388/0x470
[  751.638567][T17060]  ? __pfx_worker_thread+0x10/0x10
[  751.638595][T17060]  ? __pfx_kthread+0x10/0x10
[  751.638666][T17060]  ret_from_fork+0x514/0xb70
[  751.638710][T17060]  ? __pfx_ret_from_fork+0x10/0x10
[  751.638739][T17060]  ? __switch_to+0xc79/0x1410
[  751.638770][T17060]  ? __pfx_kthread+0x10/0x10
[  751.638797][T17060]  ret_from_fork_asm+0x1a/0x30
[  751.638842][T17060]  </TASK>
[  751.695899][T17060] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  751.845901][ T6027] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  752.258912][ T6027] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  752.282395][ T6027] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  752.303845][ T6027] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.337389][ T6027] usb 10-1: config 0 descriptor??
[  752.393557][T22184] loop7: detected capacity change from 0 to 40427
[  752.446682][T22184] F2FS-fs (loop7): Invalid SB checksum offset: 0
[  752.456060][T22184] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[  752.474733][T22184] F2FS-fs (loop7): invalid crc value
[  752.568959][ T6027] usbhid 10-1:0.0: can't add hid device: -71
[  752.596420][ T6027] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  752.627960][ T6027] usb 10-1: USB disconnect, device number 3
[  752.682271][T22184] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  752.757799][T22184] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0
[  752.783530][T22184] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  752.818790][T22202] program syz.8.6089 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  752.879295][T22184] syz.7.6082: attempt to access beyond end of device
[  752.879295][T22184] loop7: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  752.955401][T19733] syz-executor: attempt to access beyond end of device
[  752.955401][T19733] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  752.958210][T22204] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6090'.
[  752.992556][T19733] CPU: 1 UID: 0 PID: 19733 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  752.992593][T19733] Tainted: [L]=SOFTLOCKUP
[  752.992600][T19733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  752.992625][T19733] Call Trace:
[  752.992635][T19733]  <TASK>
[  752.992645][T19733]  dump_stack_lvl+0xe8/0x150
[  752.992684][T19733]  f2fs_stop_checkpoint+0x3c7/0x590
[  752.992724][T19733]  f2fs_write_end_io+0x12e5/0x17a0
[  752.992777][T19733]  __submit_merged_bio+0x256/0x6a0
[  752.992818][T19733]  __submit_merged_write_cond+0x3c9/0x4e0
[  752.992861][T19733]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  752.992922][T19733]  f2fs_write_data_pages+0x287e/0x34f0
[  752.992944][T19733]  ? __lock_acquire+0x6b5/0x2cf0
[  752.993017][T19733]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  752.993101][T19733]  ? __bfs+0x153/0x290
[  752.993118][T19733]  ? __pfx_hlock_conflict+0x10/0x10
[  752.993163][T19733]  ? lockdep_unlock+0x5d/0xd0
[  752.993188][T19733]  ? __lock_acquire+0x146e/0x2cf0
[  752.993253][T19733]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  752.993277][T19733]  do_writepages+0x32e/0x550
[  752.993319][T19733]  ? do_raw_spin_unlock+0xf5/0x210
[  752.993350][T19733]  filemap_fdatawrite+0x1e9/0x2f0
[  752.993382][T19733]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  752.993459][T19733]  ? preempt_schedule_common+0x82/0xd0
[  752.993486][T19733]  ? preempt_schedule_thunk+0x16/0x30
[  752.993522][T19733]  f2fs_sync_dirty_inodes+0x30e/0x830
[  752.993567][T19733]  f2fs_write_checkpoint+0x9df/0x26a0
[  752.993590][T19733]  ? __lock_acquire+0x6b5/0x2cf0
[  752.993667][T19733]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  752.993753][T19733]  kill_f2fs_super+0x314/0x730
[  752.993786][T19733]  ? __pfx_kill_f2fs_super+0x10/0x10
[  752.993824][T19733]  ? lockdep_hardirqs_on+0x7a/0x110
[  752.993869][T19733]  deactivate_locked_super+0xbc/0x130
[  752.993904][T19733]  cleanup_mnt+0x437/0x4d0
[  752.993925][T19733]  ? _raw_spin_unlock_irq+0x23/0x50
[  752.993956][T19733]  task_work_run+0x1d9/0x270
[  752.993987][T19733]  ? __pfx_task_work_run+0x10/0x10
[  752.994028][T19733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.994052][T19733]  exit_to_user_mode_loop+0xed/0x480
[  752.994079][T19733]  ? rcu_is_watching+0x15/0xb0
[  752.994102][T19733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.994125][T19733]  do_syscall_64+0x33e/0xf80
[  752.994152][T19733]  ? trace_irq_disable+0x3b/0x140
[  752.994178][T19733]  ? clear_bhb_loop+0x40/0x90
[  752.994206][T19733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.994227][T19733] RIP: 0033:0x7f2069b9da57
[  752.994248][T19733] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  752.994266][T19733] RSP: 002b:00007ffc21e94558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  752.994290][T19733] RAX: 0000000000000000 RBX: 00007f2069c32048 RCX: 00007f2069b9da57
[  752.994304][T19733] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc21e94610
[  752.994317][T19733] RBP: 00007ffc21e94610 R08: 00007ffc21e95610 R09: 00000000ffffffff
[  752.994332][T19733] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc21e956a0
[  752.994345][T19733] R13: 00007f2069c32048 R14: 00000000000b7cf2 R15: 00007ffc21e956e0
[  752.994385][T19733]  </TASK>
[  752.994675][T19733] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  753.175579][ T6027] usb 10-1: new full-speed USB device number 4 using dummy_hcd
[  753.507577][ T6027] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  753.521330][ T6027] usb 10-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.40
[  753.960821][T22214] loop8: detected capacity change from 0 to 32768
[  753.971000][ T6027] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.993241][T22214] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  754.001963][T22214] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  754.027741][ T6027] usb 10-1: config 0 descriptor??
[  754.045786][ T6027] input: USB Pegasus Device 0e20:0101 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/input/input36
[  754.130896][T22214] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  754.142626][ T6027] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  754.160679][ T6027] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  754.333695][T22218] loop6: detected capacity change from 0 to 8192
[  754.363246][    C0] usb 10-1: unknown answer from device
[  754.369162][    C0] input input36: Pen battery low
[  754.457469][ T6027] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 296ms
[  754.479208][ T6027] gfs2: fsid=syz:syz.0: jid=0: Done
[  754.486589][T22214] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  754.577634][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.585258][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.592798][ T5198] usb 10-1: control msg error: -71
[  754.599612][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.607491][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.615323][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.623950][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.631966][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.639933][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.650600][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.659830][ T6027] usb 10-1: USB disconnect, device number 4
[  754.666188][    C0] usb 10-1: pegasus_irq - nonzero urb status received: -71
[  754.666217][    C0] usb 10-1: pegasus_irq - usb_submit_urb failed with result -19
[  754.728209][ T5901] udevd[5901]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  754.933456][T22214] gfs2: fsid=syz:syz.0: found 1 quota changes
[  755.413431][T22241] team0: No ports can be present during mode change
[  755.610913][T22247] loop9: detected capacity change from 0 to 128
[  755.721746][T22250] loop6: detected capacity change from 0 to 128
[  756.294959][T22263] loop9: detected capacity change from 0 to 64
[  756.695027][T22279] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6122'.
[  756.914825][T22285] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6125'.
[  757.203002][T22292] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6128'.
[  757.251754][T22292] veth0_macvtap: left promiscuous mode
[  757.262215][T22296] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  757.675748][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  757.706855][T22277] loop8: detected capacity change from 0 to 32768
[  757.745084][T22277] XFS (loop8): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  757.813886][T22277] XFS (loop8): Ending clean mount
[  758.042513][T19956] XFS (loop8): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  758.799447][T22332] netlink: 16 bytes leftover after parsing attributes in process `syz.8.6141'.
[  759.410986][T22352] loop8: detected capacity change from 0 to 4096
[  759.482556][T22352] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  759.551228][T22362] loop9: detected capacity change from 0 to 256
[  759.559835][T22362] exfat: Deprecated parameter 'utf8'
[  759.591044][T22362] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  759.708867][T19956] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  760.133088][T22376] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6162'.
[  760.438910][T22388] netlink: 100 bytes leftover after parsing attributes in process `syz.9.6168'.
[  760.854123][T22402] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6174'.
[  760.891656][T22402] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6174'.
[  761.078178][ T5849] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  761.101416][ T5849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  761.112014][T22404] loop9: detected capacity change from 0 to 4096
[  761.121096][ T5849] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  761.135100][ T5849] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  761.143170][ T5849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  761.574121][T22417] loop8: detected capacity change from 0 to 256
[  761.603409][T22406] chnl_net:caif_netlink_parms(): no params data found
[  761.636795][T22417] exfat: Deprecated parameter 'namecase'
[  761.679832][T22417] exfat: Deprecated parameter 'namecase'
[  761.735195][T22417] exFAT-fs (loop8): failed to load upcase table (idx : 0x00000c00, chksum : 0x54b6a122, utbl_chksum : 0xe619d30d)
[  762.158944][T22406] bridge0: port 1(bridge_slave_0) entered blocking state
[  762.178920][T22406] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.186693][T22406] bridge_slave_0: entered allmulticast mode
[  762.195108][T22406] bridge_slave_0: entered promiscuous mode
[  762.221417][T22406] bridge0: port 2(bridge_slave_1) entered blocking state
[  762.251379][T22406] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.285764][T22406] bridge_slave_1: entered allmulticast mode
[  762.317766][T22406] bridge_slave_1: entered promiscuous mode
[  762.324828][T22407] loop7: detected capacity change from 0 to 32768
[  762.381076][T22407] ocfs2: Slot 0 on device (7,7) was already allocated to this node!
[  762.438354][T22406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  762.444590][T22407] JBD2: Ignoring recovery information on journal
[  762.451211][T22406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  762.499991][T22406] team0: Port device team_slave_0 added
[  762.510073][T22406] team0: Port device team_slave_1 added
[  762.553153][T22406] batman_adv: batadv0: Adding interface: batadv_slave_0
[  762.560777][T22406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  762.627082][T22407] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  762.645664][T22406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  762.725078][T22406] batman_adv: batadv0: Adding interface: batadv_slave_1
[  762.770773][T22406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  762.900486][T22406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  762.993914][T22444] loop9: detected capacity change from 0 to 2048
[  763.052077][T22444] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  763.173650][   T30] audit: type=1800 audit(2000000744.419:213): pid=22444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.6187" name="file1" dev="loop9" ino=1369 res=0 errno=0
[  763.214042][T22406] hsr_slave_0: entered promiscuous mode
[  763.253505][T22406] hsr_slave_1: entered promiscuous mode
[  763.277731][ T5849] Bluetooth: hci5: command tx timeout
[  763.296603][T22406] debugfs: 'hsr0' already exists in 'hsr'
[  763.315508][T22406] Cannot create hsr debugfs directory
[  763.684543][T22448] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6189'.
[  764.102745][T19733] ocfs2: Unmounting device (7,7) on (node local)
[  765.337287][T22492] loop9: detected capacity change from 0 to 128
[  765.366334][ T5849] Bluetooth: hci5: command tx timeout
[  765.395127][   T30] audit: type=1800 audit(2000000746.639:214): pid=22492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.6203" name="file2" dev="loop9" ino=1048851 res=0 errno=0
[  765.419293][T22492] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100)
[  765.505014][T22492] FAT-fs (loop9): Filesystem has been set read-only
[  765.543977][T22492] syz.9.6203: attempt to access beyond end of device
[  765.543977][T22492] loop9: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  765.679034][T22492] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100)
[  765.733837][T22492] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100)
[  765.919330][T22492] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100)
[  765.956768][T22492] syz.9.6203: attempt to access beyond end of device
[  765.956768][T22492] loop9: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  766.010041][T22492] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100)
[  766.049528][T22492] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000100)
[  766.117262][T22492] syz.9.6203: attempt to access beyond end of device
[  766.117262][T22492] loop9: rw=0, sector=2065, nr_sectors = 8 limit=128
[  767.312543][T22526] loop9: detected capacity change from 0 to 32768
[  767.378145][T22526] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  767.387011][T22526] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  767.446102][ T5849] Bluetooth: hci5: command tx timeout
[  767.604946][T22526] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  767.620631][T19822] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  767.646603][T19822] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  767.702562][T22541] loop8: detected capacity change from 0 to 512
[  767.873448][T22541] EXT4-fs error (device loop8): ext4_orphan_get:1397: inode #15: comm syz.8.6217: inode has both inline data and extents flags
[  767.955728][T22541] loop8: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  767.959044][T22541] EXT4-fs error (device loop8): ext4_orphan_get:1402: comm syz.8.6217: couldn't read orphan inode 15 (err -117)
[  767.969109][    C0] EXT4-fs (loop8): error count since last fsck: 1
[  767.969137][    C0] EXT4-fs (loop8): initial error at time 2000000749: ext4_orphan_get:1397: inode 15
[  767.969170][    C0] EXT4-fs (loop8): last error at time 2000000749: ext4_orphan_get:1397: inode 15
[  768.093295][T22541] loop8: lost filesystem error report for type 5 error -117
[  768.109031][T22541] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  768.117540][T19822] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 470ms
[  768.197530][T19822] gfs2: fsid=syz:syz.0: jid=0: Done
[  768.244228][T22526] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  768.584195][T19956] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  769.383973][T22406] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  769.448104][T22406] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  769.494033][T22406] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  769.523928][ T5849] Bluetooth: hci5: command tx timeout
[  769.597136][T22406] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  769.757769][T22585] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6229'.
[  769.860832][ T1694] block nbd1: Possible stuck request ffff888027570000: control (read@0,1024B). Runtime 210 seconds
[  769.872226][ T1694] block nbd1: Possible stuck request ffff8880275701c0: control (read@1024,1024B). Runtime 210 seconds
[  769.885590][ T1694] block nbd1: Possible stuck request ffff888027570380: control (read@2048,1024B). Runtime 210 seconds
[  769.897658][ T1694] block nbd1: Possible stuck request ffff888027570540: control (read@3072,1024B). Runtime 210 seconds
[  770.043064][T22594] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6231'.
[  770.093982][T22594] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6231'.
[  770.310948][T22406] 8021q: adding VLAN 0 to HW filter on device bond0
[  770.427897][T22406] 8021q: adding VLAN 0 to HW filter on device team0
[  770.439728][T22606] loop8: detected capacity change from 0 to 256
[  770.491585][  T135] bridge0: port 1(bridge_slave_0) entered blocking state
[  770.499245][  T135] bridge0: port 1(bridge_slave_0) entered forwarding state
[  770.616163][  T135] bridge0: port 2(bridge_slave_1) entered blocking state
[  770.623494][  T135] bridge0: port 2(bridge_slave_1) entered forwarding state
[  771.022445][T22619] netlink: 'syz.7.6237': attribute type 39 has an invalid length.
[  771.510085][T22406] 8021q: adding VLAN 0 to HW filter on device batadv0
[  771.609984][T22631] loop6: detected capacity change from 0 to 524288000
[  771.714392][T22406] veth0_vlan: entered promiscuous mode
[  771.755334][T22406] veth1_vlan: entered promiscuous mode
[  771.922422][T22406] veth0_macvtap: entered promiscuous mode
[  771.980155][T22406] veth1_macvtap: entered promiscuous mode
[  772.051123][T22638] vlan0: entered allmulticast mode
[  772.063384][T22638] veth0_to_bond: entered allmulticast mode
[  772.169424][T22406] batman_adv: batadv0: Interface activated: batadv_slave_0
[  772.251804][T22641] loop9: detected capacity change from 0 to 4096
[  772.332373][T22406] batman_adv: batadv0: Interface activated: batadv_slave_1
[  772.349752][T22649] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  772.522436][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  772.562567][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  772.670898][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  772.703587][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  773.578171][  T135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  773.611122][  T135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  773.681433][T22666] bridge0: port 3(veth0_to_bridge) entered blocking state
[  773.732923][T22666] bridge0: port 3(veth0_to_bridge) entered disabled state
[  773.746466][T22666] veth0_to_bridge: entered allmulticast mode
[  773.807382][T22666] veth0_to_bridge: entered promiscuous mode
[  773.870847][T22666] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  773.928681][T22666] bridge0: port 3(veth0_to_bridge) entered blocking state
[  773.940301][T22666] bridge0: port 3(veth0_to_bridge) entered forwarding state
[  774.161321][T22663] loop9: detected capacity change from 0 to 32768
[  774.185301][T22663] btrfs: Deprecated parameter 'usebackuproot'
[  774.201754][T22679] loop6: detected capacity change from 0 to 512
[  774.217304][T22663] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  774.229329][T17060] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  774.271899][T22663] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.6246 (22663)
[  774.279522][T17060] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  774.378178][T22663] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  774.422209][T22663] BTRFS info (device loop9): using crc32c checksum algorithm
[  774.500306][  T138] BTRFS warning (device loop9): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  774.621558][T22663] BTRFS error (device loop9): failed to load root extent
[  774.648775][T22663] BTRFS warning (device loop9): try to load backup roots slot 1
[  774.669804][  T138] BTRFS warning (device loop9): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  774.703636][T22663] BTRFS warning (device loop9): couldn't read tree root
[  774.755665][T22663] BTRFS warning (device loop9): try to load backup roots slot 2
[  774.783432][  T138] BTRFS error (device loop9): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  774.829575][T22663] BTRFS warning (device loop9): couldn't read tree root
[  774.847998][T22663] BTRFS warning (device loop9): try to load backup roots slot 3
[  774.992543][T22663] BTRFS info (device loop9): rebuilding free space tree
[  775.210096][T22663] BTRFS info (device loop9): checking UUID tree
[  775.229350][T22663] BTRFS info (device loop9): enabling ssd optimizations
[  775.254279][T22663] BTRFS info (device loop9): turning on async discard
[  775.278600][T22709] loop7: detected capacity change from 0 to 256
[  775.288661][T22663] BTRFS info (device loop9): enabling free space tree
[  775.311963][T22663] BTRFS info (device loop9): force clearing of disk cache
[  775.342230][T22663] BTRFS info (device loop9): trying to use backup root at mount time
[  775.346911][T22712] loop6: detected capacity change from 0 to 256
[  775.384676][T22663] BTRFS info (device loop9): use zlib compression, level 3
[  776.123728][T20993] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  776.367449][T22733] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  777.657554][T22726] loop6: detected capacity change from 0 to 40427
[  777.683885][T22718] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  777.743355][T22726] F2FS-fs (loop6): build fault injection rate: 771
[  777.771364][T22726] F2FS-fs (loop6): invalid crc value
[  778.187005][T22763] loop8: detected capacity change from 0 to 256
[  778.236289][T22726] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  778.368233][T22763] FAT-fs (loop8): Directory bread(block 64) failed
[  778.407351][T22763] FAT-fs (loop8): Directory bread(block 65) failed
[  778.437446][T22763] FAT-fs (loop8): Directory bread(block 66) failed
[  778.498659][T22763] FAT-fs (loop8): Directory bread(block 67) failed
[  778.512651][T22763] FAT-fs (loop8): Directory bread(block 68) failed
[  778.519624][T22726] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  778.528698][T22763] FAT-fs (loop8): Directory bread(block 69) failed
[  778.558327][T22763] FAT-fs (loop8): Directory bread(block 70) failed
[  778.583611][T22763] FAT-fs (loop8): Directory bread(block 71) failed
[  778.608224][T22763] FAT-fs (loop8): Directory bread(block 72) failed
[  778.628260][T22763] FAT-fs (loop8): Directory bread(block 73) failed
[  778.674968][T22726] syz.6.6257: attempt to access beyond end of device
[  778.674968][T22726] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  778.689319][T22718] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  778.782818][   T30] audit: type=1800 audit(2000000760.029:215): pid=22763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.6268" name=7B92 dev="loop8" ino=1048858 res=0 errno=0
[  778.852123][T15276] syz-executor: attempt to access beyond end of device
[  778.852123][T15276] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  778.936170][T15276] CPU: 0 UID: 0 PID: 15276 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  778.936207][T15276] Tainted: [L]=SOFTLOCKUP
[  778.936215][T15276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  778.936228][T15276] Call Trace:
[  778.936237][T15276]  <TASK>
[  778.936247][T15276]  dump_stack_lvl+0xe8/0x150
[  778.936287][T15276]  f2fs_stop_checkpoint+0x3c7/0x590
[  778.936328][T15276]  f2fs_write_end_io+0x12e5/0x17a0
[  778.936380][T15276]  __submit_merged_bio+0x256/0x6a0
[  778.936423][T15276]  __submit_merged_write_cond+0x3c9/0x4e0
[  778.936465][T15276]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  778.936527][T15276]  f2fs_write_data_pages+0x287e/0x34f0
[  778.936550][T15276]  ? __lock_acquire+0x6b5/0x2cf0
[  778.936633][T15276]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  778.936711][T15276]  ? unwind_next_frame+0xa6/0x2550
[  778.936732][T15276]  ? rcu_is_watching+0x15/0xb0
[  778.936751][T15276]  ? __kasan_check_byte+0x12/0x40
[  778.936773][T15276]  ? __bfs+0x153/0x290
[  778.936789][T15276]  ? __pfx_hlock_conflict+0x10/0x10
[  778.936834][T15276]  ? lockdep_unlock+0x5d/0xd0
[  778.936859][T15276]  ? __lock_acquire+0x146e/0x2cf0
[  778.936922][T15276]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  778.936946][T15276]  do_writepages+0x32e/0x550
[  778.936987][T15276]  ? do_raw_spin_unlock+0xf5/0x210
[  778.937024][T15276]  filemap_fdatawrite+0x1e9/0x2f0
[  778.937055][T15276]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  778.937140][T15276]  ? do_raw_spin_unlock+0xf5/0x210
[  778.937171][T15276]  f2fs_sync_dirty_inodes+0x30e/0x830
[  778.937216][T15276]  f2fs_write_checkpoint+0x9df/0x26a0
[  778.937283][T15276]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  778.937359][T15276]  ? kfree+0x1c5/0x640
[  778.937387][T15276]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  778.937447][T15276]  kill_f2fs_super+0x314/0x730
[  778.937480][T15276]  ? __pfx_kill_f2fs_super+0x10/0x10
[  778.937521][T15276]  ? lockdep_hardirqs_on+0x7a/0x110
[  778.937566][T15276]  deactivate_locked_super+0xbc/0x130
[  778.937600][T15276]  cleanup_mnt+0x437/0x4d0
[  778.937629][T15276]  ? _raw_spin_unlock_irq+0x23/0x50
[  778.937658][T15276]  task_work_run+0x1d9/0x270
[  778.937687][T15276]  ? __pfx_task_work_run+0x10/0x10
[  778.937720][T15276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.937743][T15276]  exit_to_user_mode_loop+0xed/0x480
[  778.937767][T15276]  ? rcu_is_watching+0x15/0xb0
[  778.937787][T15276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.937808][T15276]  do_syscall_64+0x33e/0xf80
[  778.937831][T15276]  ? trace_irq_disable+0x3b/0x140
[  778.937854][T15276]  ? clear_bhb_loop+0x40/0x90
[  778.937879][T15276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.937898][T15276] RIP: 0033:0x7f371159da57
[  778.937919][T15276] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  778.937937][T15276] RSP: 002b:00007ffe33ac8d38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  778.937959][T15276] RAX: 0000000000000000 RBX: 00007f3711632048 RCX: 00007f371159da57
[  778.937973][T15276] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe33ac8df0
[  778.937987][T15276] RBP: 00007ffe33ac8df0 R08: 00007ffe33ac9df0 R09: 00000000ffffffff
[  778.938001][T15276] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe33ac9e80
[  778.938014][T15276] R13: 00007f3711632048 R14: 00000000000be1ab R15: 00007ffe33ac9ec0
[  778.938053][T15276]  </TASK>
[  778.939384][T15276] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  779.051328][T22782] loop9: detected capacity change from 0 to 256
[  779.569577][T22718] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  780.052849][T22801] loop6: detected capacity change from 0 to 512
[  780.077399][T22801] EXT4-fs (loop6): Test dummy encryption mode enabled
[  780.116204][T22801] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended
[  780.154022][T22801] EXT4-fs (loop6): Errors on filesystem, clearing orphan list.
[  780.178630][T22718] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  780.193622][T22801] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  780.235896][ T5849] Bluetooth: hci0: command 0x2016 tx timeout
[  780.445200][T15276] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  780.830915][T22796] loop9: detected capacity change from 0 to 32768
[  780.990107][T22796] ocfs2: Slot 0 on device (7,9) was already allocated to this node!
[  781.090246][T22796] JBD2: Ignoring recovery information on journal
[  781.120690][ T1118] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  781.318426][T22796] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  781.350592][T22792] loop8: detected capacity change from 0 to 32768
[  781.429778][ T1118] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  781.451430][T22792] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  781.476395][T22834] syzkaller1: tun_chr_ioctl cmd 1074025677
[  781.484870][T22834] syzkaller1: linktype set to 0
[  781.540669][T22792] XFS (loop8): Ending clean mount
[  781.688126][T22792] XFS (loop8): Quotacheck needed: Please wait.
[  781.823559][   T36] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  781.968644][T22792] XFS (loop8): Quotacheck: Done.
[  782.002742][T20993] ocfs2: Unmounting device (7,9) on (node local)
[  782.112060][  T135] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  782.312263][T19956] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  782.851191][T22863] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6284'.
[  782.944005][T22867] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6284'.
[  784.329494][T22905] netlink: 96 bytes leftover after parsing attributes in process `syz.7.6301'.
[  785.236961][T22931] ªªªªªª: renamed from vlan0 (while UP)
[  785.338503][T22933] netlink: 190972 bytes leftover after parsing attributes in process `syz.6.6310'.
[  785.621792][T22941] loop8: detected capacity change from 0 to 1
[  785.650257][T22941] Dev loop8: unable to read RDB block 1
[  785.671116][T22941]  loop8: unable to read partition table
[  785.697792][T22941] loop8: partition table beyond EOD, truncated
[  785.736020][T22941] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– �) failed (rc=-5)
[  786.139741][T22956] program syz.8.6319 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  786.725950][T22977] block nbd3: server does not support multiple connections per device.
[  786.751236][T22977] block nbd3: shutting down sockets
[  787.292940][T22992] loop0: detected capacity change from 0 to 256
[  787.402053][T22992] FAT-fs (loop0): Directory bread(block 64) failed
[  787.416448][T22992] FAT-fs (loop0): Directory bread(block 65) failed
[  787.441594][T22992] FAT-fs (loop0): Directory bread(block 66) failed
[  787.473692][T22992] FAT-fs (loop0): Directory bread(block 67) failed
[  787.514553][T22992] FAT-fs (loop0): Directory bread(block 68) failed
[  787.539566][T22992] FAT-fs (loop0): Directory bread(block 69) failed
[  787.572719][T22992] FAT-fs (loop0): Directory bread(block 70) failed
[  787.595031][T22992] FAT-fs (loop0): Directory bread(block 71) failed
[  787.620160][T22992] FAT-fs (loop0): Directory bread(block 72) failed
[  787.646660][T22992] FAT-fs (loop0): Directory bread(block 73) failed
[  787.946333][T22973] loop6: detected capacity change from 0 to 40427
[  787.982561][T22973] F2FS-fs (loop6): invalid crc value
[  788.021168][T22981] loop8: detected capacity change from 0 to 32768
[  788.028671][T23004] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6333'.
[  788.112260][T22981] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  788.215659][T22981] XFS (loop8): Ending clean mount
[  788.431539][T22973] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  788.614932][T19956] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  788.622897][T22973] F2FS-fs (loop6): Start checkpoint disabled!
[  788.744362][T22973] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0
[  788.797089][T22973] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  789.117311][T23031] loop9: detected capacity change from 0 to 64
[  789.280197][ T3595] kworker/u8:12: attempt to access beyond end of device
[  789.280197][ T3595] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  789.327476][ T3595] CPU: 0 UID: 0 PID: 3595 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  789.327511][ T3595] Tainted: [L]=SOFTLOCKUP
[  789.327519][ T3595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  789.327532][ T3595] Workqueue: writeback wb_workfn (flush-7:6)
[  789.327567][ T3595] Call Trace:
[  789.327577][ T3595]  <TASK>
[  789.327587][ T3595]  dump_stack_lvl+0xe8/0x150
[  789.327623][ T3595]  f2fs_stop_checkpoint+0x3c7/0x590
[  789.327660][ T3595]  f2fs_write_end_io+0x12e5/0x17a0
[  789.327713][ T3595]  __submit_merged_bio+0x256/0x6a0
[  789.327752][ T3595]  __submit_merged_write_cond+0x3c9/0x4e0
[  789.327794][ T3595]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  789.327856][ T3595]  f2fs_write_data_pages+0x287e/0x34f0
[  789.327935][ T3595]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  789.327980][ T3595]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  789.328049][ T3595]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  789.328096][ T3595]  ? __lock_acquire+0x6b5/0x2cf0
[  789.328144][ T3595]  ? set_shrinker_bit+0x7c/0x350
[  789.328175][ T3595]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  789.328200][ T3595]  do_writepages+0x32e/0x550
[  789.328236][ T3595]  ? reacquire_held_locks+0x104/0x190
[  789.328257][ T3595]  ? writeback_sb_inodes+0x463/0x19d0
[  789.328292][ T3595]  __writeback_single_inode+0x133/0x10e0
[  789.328322][ T3595]  ? do_raw_spin_unlock+0xf5/0x210
[  789.328354][ T3595]  writeback_sb_inodes+0x979/0x19d0
[  789.328380][ T3595]  ? __lock_acquire+0x6b5/0x2cf0
[  789.328416][ T3595]  ? do_raw_spin_lock+0x12b/0x2f0
[  789.328464][ T3595]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  789.328489][ T3595]  ? do_raw_spin_lock+0x12b/0x2f0
[  789.328579][ T3595]  ? rcu_is_watching+0x15/0xb0
[  789.328613][ T3595]  wb_writeback+0x445/0xb00
[  789.328645][ T3595]  ? queue_io+0x291/0x470
[  789.328682][ T3595]  ? __pfx_wb_writeback+0x10/0x10
[  789.328706][ T3595]  ? do_raw_spin_lock+0x12b/0x2f0
[  789.328752][ T3595]  wb_workfn+0x3f8/0xf10
[  789.328772][ T3595]  ? __lock_acquire+0x6b5/0x2cf0
[  789.328799][ T3595]  ? look_up_lock_class+0x57/0x110
[  789.328851][ T3595]  ? __pfx_wb_workfn+0x10/0x10
[  789.328879][ T3595]  ? do_raw_spin_lock+0x12b/0x2f0
[  789.328909][ T3595]  ? lock_acquire+0x106/0x350
[  789.328940][ T3595]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  789.328969][ T3595]  ? process_scheduled_works+0xa70/0x1860
[  789.329001][ T3595]  ? process_scheduled_works+0xa70/0x1860
[  789.329042][ T3595]  ? process_scheduled_works+0xa70/0x1860
[  789.329071][ T3595]  ? process_scheduled_works+0xa70/0x1860
[  789.329104][ T3595]  process_scheduled_works+0xb5d/0x1860
[  789.329178][ T3595]  ? __pfx_process_scheduled_works+0x10/0x10
[  789.329218][ T3595]  ? assign_work+0x3d5/0x5e0
[  789.329256][ T3595]  worker_thread+0xa53/0xfc0
[  789.329311][ T3595]  kthread+0x388/0x470
[  789.329337][ T3595]  ? __pfx_worker_thread+0x10/0x10
[  789.329364][ T3595]  ? __pfx_kthread+0x10/0x10
[  789.329391][ T3595]  ret_from_fork+0x514/0xb70
[  789.329425][ T3595]  ? __pfx_ret_from_fork+0x10/0x10
[  789.329454][ T3595]  ? __switch_to+0xc79/0x1410
[  789.329485][ T3595]  ? __pfx_kthread+0x10/0x10
[  789.329511][ T3595]  ret_from_fork_asm+0x1a/0x30
[  789.329556][ T3595]  </TASK>
[  789.329868][ T3595] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  789.946919][T23037] tun0: tun_chr_ioctl cmd 1074812117
[  790.258462][T23028] loop7: detected capacity change from 0 to 32768
[  790.341190][T23028] (syz.7.6342,23028,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  790.418253][T23028] (syz.7.6342,23028,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  790.547211][T23028] JBD2: Ignoring recovery information on journal
[  790.639884][T23047] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6349'.
[  790.684117][T23028] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  791.188392][T23056] loop8: detected capacity change from 0 to 2048
[  791.426189][T23056] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  791.788654][ T1118] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  791.826381][ T1118] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  791.842935][ T1118] EXT4-fs (loop8): This should not happen!! Data will be lost
[  791.842935][ T1118] 
[  791.858240][ T1118] EXT4-fs (loop8): Total free blocks count 0
[  791.870698][ T1118] EXT4-fs (loop8): Free/Dirty block details
[  791.878947][ T1118] EXT4-fs (loop8): free_blocks=4096
[  791.884442][ T1118] EXT4-fs (loop8): dirty_blocks=16
[  791.914779][ T1118] EXT4-fs (loop8): Block reservation details
[  791.974167][ T1118] EXT4-fs (loop8): i_reserved_data_blocks=1
[  791.990092][ T1118] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  792.008645][T19956] EXT4-fs warning (device loop8): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  792.023104][T19733] ocfs2: Unmounting device (7,7) on (node local)
[  792.469995][T23060] loop6: detected capacity change from 0 to 131072
[  792.481600][T23060] F2FS-fs (loop6): Segment count (31) mismatch with total segments from devices (0)
[  792.491794][T23060] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  792.506701][T23060] F2FS-fs (loop6): invalid crc value
[  792.675232][T23060] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  792.701501][T23060] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  792.709726][T23060] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  792.761785][T23060] F2FS-fs (loop6): checksum invalid, nid = 7, ino_of_node = 7, 32dd6215 vs. 1de10dc4
[  793.245643][ T5941] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  793.450167][ T5941] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  793.495512][ T5941] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  793.543153][ T5941] usb 10-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  793.572115][ T5941] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.635031][ T5941] usb 10-1: config 0 descriptor??
[  794.083649][ T5941] playstation 0003:054C:0BA0.002C: unknown main item tag 0x0
[  794.103496][ T5941] playstation 0003:054C:0BA0.002C: unknown main item tag 0x0
[  794.132701][ T5941] playstation 0003:054C:0BA0.002C: unknown main item tag 0x0
[  794.150967][ T5941] playstation 0003:054C:0BA0.002C: unknown main item tag 0x0
[  794.169636][ T5941] playstation 0003:054C:0BA0.002C: unknown main item tag 0x0
[  794.178030][ T5941] playstation 0003:054C:0BA0.002C: unknown main item tag 0x0
[  794.188250][ T5941] playstation 0003:054C:0BA0.002C: unknown main item tag 0x0
[  794.223952][ T5941] playstation 0003:054C:0BA0.002C: hidraw0: USB HID v0.00 Device [HID 054c:0ba0] on usb-dummy_hcd.9-1/input0
[  794.330131][ T5941] playstation 0003:054C:0BA0.002C: Invalid reportID received, expected 18 got 179
[  794.375047][ T5941] playstation 0003:054C:0BA0.002C: Failed to retrieve DualShock4 pairing info: -22
[  794.406042][ T5941] playstation 0003:054C:0BA0.002C: Failed to get MAC address from DualShock4
[  794.429607][ T5941] playstation 0003:054C:0BA0.002C: Failed to create dualshock4.
[  794.433504][T23122] netlink: 'syz.0.6380': attribute type 10 has an invalid length.
[  794.453972][ T5941] playstation 0003:054C:0BA0.002C: probe with driver playstation failed with error -22
[  794.535789][T23123] netlink: 'syz.0.6380': attribute type 10 has an invalid length.
[  794.546221][T23122] team0: Port device dummy0 added
[  794.576262][ T5941] usb 10-1: USB disconnect, device number 5
[  794.670899][T23123] team0: Port device dummy0 removed
[  794.719206][T23123] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  795.010029][T23120] loop8: detected capacity change from 0 to 32768
[  795.033109][T23120] btrfs: Deprecated parameter 'usebackuproot'
[  795.061308][T23120] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  795.097384][T23120] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.6379 (23120)
[  795.142311][T23120] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  795.174882][T23120] BTRFS info (device loop8): using crc32c checksum algorithm
[  795.328988][  T138] BTRFS warning (device loop8): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  795.351409][T23120] BTRFS error (device loop8): failed to load root extent
[  795.375720][T23120] BTRFS warning (device loop8): try to load backup roots slot 1
[  795.409192][   T12] BTRFS warning (device loop8): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  795.458493][T23144] loop9: detected capacity change from 0 to 4096
[  795.522249][T23120] BTRFS warning (device loop8): couldn't read tree root
[  795.538712][T23120] BTRFS warning (device loop8): try to load backup roots slot 2
[  795.573855][  T138] BTRFS error (device loop8): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  795.626350][T23120] BTRFS warning (device loop8): couldn't read tree root
[  795.634267][T23150] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  795.661315][T23120] BTRFS warning (device loop8): try to load backup roots slot 3
[  795.764724][T23120] BTRFS info (device loop8): rebuilding free space tree
[  795.942707][T23156] loop7: detected capacity change from 0 to 256
[  795.983217][T23144] NILFS error (device loop9): nilfs_dotdot: directory #12 missing '.'
[  796.031487][T23120] BTRFS info (device loop8): checking UUID tree
[  796.059198][T23120] BTRFS info (device loop8): enabling ssd optimizations
[  796.082213][T23156] FAT-fs (loop7): Directory bread(block 64) failed
[  796.126034][T23120] BTRFS info (device loop8): turning on async discard
[  796.129160][T23159] loop6: detected capacity change from 0 to 128
[  796.146200][T23144] Remounting filesystem read-only
[  796.162295][T23156] FAT-fs (loop7): Directory bread(block 65) failed
[  796.198303][T23120] BTRFS info (device loop8): enabling free space tree
[  796.224033][T23156] FAT-fs (loop7): Directory bread(block 66) failed
[  796.238912][T23120] BTRFS info (device loop8): force clearing of disk cache
[  796.262530][T23120] BTRFS info (device loop8): trying to use backup root at mount time
[  796.280160][T23156] FAT-fs (loop7): Directory bread(block 67) failed
[  796.298693][T23120] BTRFS info (device loop8): use zlib compression, level 3
[  796.319372][T23156] FAT-fs (loop7): Directory bread(block 68) failed
[  796.338128][T23156] FAT-fs (loop7): Directory bread(block 69) failed
[  796.366063][T23156] FAT-fs (loop7): Directory bread(block 70) failed
[  796.391741][T23156] FAT-fs (loop7): Directory bread(block 71) failed
[  796.423103][T23156] FAT-fs (loop7): Directory bread(block 72) failed
[  796.451096][T23156] FAT-fs (loop7): Directory bread(block 73) failed
[  796.704581][T23133] loop0: detected capacity change from 0 to 40427
[  796.727933][T23133] F2FS-fs: heap/no_heap options were deprecated
[  796.764662][T23133] F2FS-fs (loop0): build fault injection rate: 690
[  796.807864][T23133] F2FS-fs (loop0): invalid crc value
[  796.844613][T19956] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  797.267077][T23133] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  797.368191][T23177] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6396'.
[  797.397486][T23177] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6396'.
[  797.474984][T23178] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6396'.
[  797.475572][T23133] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  797.528280][T23178] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6396'.
[  797.558120][T23178] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6396'.
[  797.603142][T23178] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6396'.
[  797.724942][T22406] syz-executor: attempt to access beyond end of device
[  797.724942][T22406] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  797.811585][T22406] CPU: 0 UID: 0 PID: 22406 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  797.811632][T22406] Tainted: [L]=SOFTLOCKUP
[  797.811640][T22406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  797.811652][T22406] Call Trace:
[  797.811661][T22406]  <TASK>
[  797.811669][T22406]  dump_stack_lvl+0xe8/0x150
[  797.811707][T22406]  f2fs_stop_checkpoint+0x3c7/0x590
[  797.811745][T22406]  f2fs_write_end_io+0x12e5/0x17a0
[  797.811796][T22406]  __submit_merged_bio+0x256/0x6a0
[  797.811835][T22406]  __submit_merged_write_cond+0x3c9/0x4e0
[  797.811874][T22406]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  797.811932][T22406]  f2fs_write_data_pages+0x287e/0x34f0
[  797.811953][T22406]  ? unwind_next_frame+0xa6/0x2550
[  797.812018][T22406]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  797.812038][T22406]  ? is_bpf_text_address+0x26/0x2b0
[  797.812079][T22406]  ? arch_stack_walk+0xfb/0x150
[  797.812138][T22406]  ? add_lock_to_list+0xc7/0x100
[  797.812163][T22406]  ? lockdep_unlock+0x5d/0xd0
[  797.812187][T22406]  ? __lock_acquire+0x146e/0x2cf0
[  797.812249][T22406]  ? do_raw_spin_lock+0x12b/0x2f0
[  797.812287][T22406]  ? do_raw_spin_unlock+0xf5/0x210
[  797.812313][T22406]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  797.812336][T22406]  do_writepages+0x32e/0x550
[  797.812374][T22406]  ? do_raw_spin_unlock+0xf5/0x210
[  797.812404][T22406]  filemap_fdatawrite+0x1e9/0x2f0
[  797.812434][T22406]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  797.812515][T22406]  ? do_raw_spin_unlock+0xf5/0x210
[  797.812545][T22406]  f2fs_sync_dirty_inodes+0x30e/0x830
[  797.812587][T22406]  f2fs_write_checkpoint+0x9df/0x26a0
[  797.812608][T22406]  ? __lock_acquire+0x6b5/0x2cf0
[  797.812684][T22406]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  797.812774][T22406]  kill_f2fs_super+0x314/0x730
[  797.812805][T22406]  ? __pfx_kill_f2fs_super+0x10/0x10
[  797.812843][T22406]  ? lockdep_hardirqs_on+0x7a/0x110
[  797.812887][T22406]  deactivate_locked_super+0xbc/0x130
[  797.812920][T22406]  cleanup_mnt+0x437/0x4d0
[  797.812940][T22406]  ? _raw_spin_unlock_irq+0x23/0x50
[  797.812974][T22406]  task_work_run+0x1d9/0x270
[  797.813003][T22406]  ? __pfx_task_work_run+0x10/0x10
[  797.813038][T22406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.813060][T22406]  exit_to_user_mode_loop+0xed/0x480
[  797.813086][T22406]  ? rcu_is_watching+0x15/0xb0
[  797.813108][T22406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.813129][T22406]  do_syscall_64+0x33e/0xf80
[  797.813154][T22406]  ? trace_irq_disable+0x3b/0x140
[  797.813178][T22406]  ? clear_bhb_loop+0x40/0x90
[  797.813204][T22406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.813224][T22406] RIP: 0033:0x7f444199da57
[  797.813245][T22406] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  797.813262][T22406] RSP: 002b:00007ffc414883e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  797.813284][T22406] RAX: 0000000000000000 RBX: 00007f4441a32048 RCX: 00007f444199da57
[  797.813298][T22406] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc414884a0
[  797.813310][T22406] RBP: 00007ffc414884a0 R08: 00007ffc414894a0 R09: 00000000ffffffff
[  797.813325][T22406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc41489530
[  797.813336][T22406] R13: 00007f4441a32048 R14: 00000000000c2b8a R15: 00007ffc41489570
[  797.813374][T22406]  </TASK>
[  798.151658][T22406] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  798.324107][T23189] loop7: detected capacity change from 0 to 1024
[  798.760265][T23171] loop9: detected capacity change from 0 to 40427
[  798.781371][T23171] F2FS-fs (loop9): invalid crc value
[  799.131220][T23171] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  799.274550][T23207] loop6: detected capacity change from 0 to 128
[  799.285204][T23171] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  799.415156][T23186] loop8: detected capacity change from 0 to 32768
[  799.464246][T23186] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  799.545889][T23220] netlink: 72 bytes leftover after parsing attributes in process `syz.6.6406'.
[  799.555177][T23220] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6406'.
[  799.568895][T23220] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6406'.
[  799.668153][T23186] XFS (loop8): Ending clean mount
[  799.764222][T23186] XFS (loop8): Quotacheck needed: Please wait.
[  799.916681][ T1694] block nbd1: Possible stuck request ffff888027570000: control (read@0,1024B). Runtime 240 seconds
[  799.927870][ T1694] block nbd1: Possible stuck request ffff8880275701c0: control (read@1024,1024B). Runtime 240 seconds
[  799.939047][ T1694] block nbd1: Possible stuck request ffff888027570380: control (read@2048,1024B). Runtime 240 seconds
[  799.950110][ T1694] block nbd1: Possible stuck request ffff888027570540: control (read@3072,1024B). Runtime 240 seconds
[  800.111461][T23186] XFS (loop8): Quotacheck: Done.
[  800.264686][T23230] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6413'.
[  800.428951][T19956] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  801.970968][T23241] loop7: detected capacity change from 0 to 32768
[  802.010961][T23268] loop6: detected capacity change from 0 to 8
[  802.472670][T23281] __nla_validate_parse: 1 callbacks suppressed
[  802.472688][T23281] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6436'.
[  802.702095][T23289] netlink: 'syz.8.6438': attribute type 29 has an invalid length.
[  802.741177][T23285] netlink: 'syz.8.6438': attribute type 29 has an invalid length.
[  802.790711][T23289] netlink: 'syz.8.6438': attribute type 29 has an invalid length.
[  803.479902][T23314] loop8: detected capacity change from 0 to 512
[  803.509552][T23314] EXT4-fs (loop8): 1 truncate cleaned up
[  803.573864][T23314] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  803.809191][T19956] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  804.239732][T23336] loop0: detected capacity change from 0 to 128
[  804.261816][T23336] adfs: Bad value for 'gid'
[  804.272418][T23336] adfs: Bad value for 'gid'
[  804.281394][T23338] loop9: detected capacity change from 0 to 64
[  804.318323][   T30] audit: type=1800 audit(2000000785.569:216): pid=23338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.6458" name="file1" dev="loop9" ino=5 res=0 errno=0
[  805.477946][T23381] binder: Binderfs stats mode cannot be changed during a remount
[  805.694893][T23387] loop9: detected capacity change from 0 to 7
[  805.734131][T23387] buffer_io_error: 14 callbacks suppressed
[  805.734151][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.768417][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.787047][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.798054][T23390] loop7: detected capacity change from 0 to 1024
[  805.810431][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.822282][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.831929][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.843459][T23390] EXT4-fs (loop7): stripe (9) is not aligned with cluster size (16), stripe is disabled
[  805.871042][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.885741][T23387] ldm_validate_partition_table(): Disk read failed.
[  805.911236][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.932126][T23390] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  805.933961][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.957119][T23387] Buffer I/O error on dev loop9, logical block 0, async page read
[  805.966542][T23387] Dev loop9: unable to read RDB block 0
[  805.972715][T23387]  loop9: unable to read partition table
[  805.983056][T23387] loop9: partition table beyond EOD, truncated
[  805.990283][T23387] loop_reread_partitions: partition scan of loop9 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  806.013679][ T5213] ldm_validate_partition_table(): Disk read failed.
[  806.052572][ T5213] Dev loop9: unable to read RDB block 0
[  806.061434][ T5213]  loop9: unable to read partition table
[  806.068265][ T5213] loop9: partition table beyond EOD, truncated
[  806.177310][T19733] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  806.323471][T23400] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6483'.
[  806.502240][T23406] loop6: detected capacity change from 0 to 128
[  806.537803][T23406] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  806.551986][T23406] ext4 filesystem being mounted at /561/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  806.743353][T15276] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  807.008003][T23396] loop9: detected capacity change from 0 to 32768
[  807.043053][T23416] loop6: detected capacity change from 0 to 24
[  807.075104][T23396] (syz.9.6480,23396,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  807.120496][T23396] (syz.9.6480,23396,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  807.241813][T23396] JBD2: Ignoring recovery information on journal
[  807.382102][T23419] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6490'.
[  807.480407][T23396] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  808.436769][T23423] loop6: detected capacity change from 0 to 32768
[  808.528546][T23423] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  808.846459][T23435] loop0: detected capacity change from 0 to 32768
[  808.892434][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  808.917504][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  809.083259][T20993] ocfs2: Unmounting device (7,9) on (node local)
[  809.644682][T15276] ocfs2: Unmounting device (7,6) on (node local)
[  810.163638][T23471] loop0: detected capacity change from 0 to 256
[  810.215149][T23471] exfat: Deprecated parameter 'namecase'
[  810.268481][T23471] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  810.790140][T23487] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(3)
[  810.798116][T23487] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  810.870301][T23487] vhci_hcd vhci_hcd.0: Device attached
[  810.956100][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  811.117272][ T5941] usb 49-1: new low-speed USB device number 2 using vhci_hcd
[  811.317451][T23501] netlink: 112 bytes leftover after parsing attributes in process `syz.7.6527'.
[  811.593951][T23491] loop0: detected capacity change from 0 to 32768
[  811.628953][T23491] XFS (loop0): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  811.702085][T23491] XFS (loop0): Ending clean mount
[  811.769078][   T30] audit: type=1800 audit(2000000793.019:217): pid=23491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6523" name="file1" dev="loop0" ino=4422 res=0 errno=0
[  811.778788][T23521] loop9: detected capacity change from 0 to 8192
[  811.819363][T23521] FAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  811.914919][T23521] netlink: 256 bytes leftover after parsing attributes in process `syz.9.6533'.
[  811.937850][T23521] netlink: 72 bytes leftover after parsing attributes in process `syz.9.6533'.
[  812.123435][T22406] XFS (loop0): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  812.252401][T23523] loop9: detected capacity change from 0 to 1024
[  812.377905][T17060] hfsplus: b-tree write err: -5, ino 25
[  812.391887][T17060] hfsplus: b-tree write err: -5, ino 4
[  812.419654][T17060] hfsplus: b-tree write err: -5, ino 2
[  812.972852][T23507] loop7: detected capacity change from 0 to 40427
[  812.982552][T23507] F2FS-fs (loop7): Image doesn't support compression
[  812.990489][T23507] F2FS-fs (loop7): build fault injection rate: 690
[  813.001073][T23507] F2FS-fs (loop7): build fault injection type: 0x4
[  813.065642][T23507] F2FS-fs (loop7): invalid crc value
[  813.101808][T23540] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6542'.
[  813.305161][T23507] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  813.392043][T23507] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  813.412824][   T30] audit: type=1800 audit(2000000794.659:218): pid=23507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.6530" name="file0" dev="loop7" ino=10 res=0 errno=0
[  813.489578][T23549] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  813.508587][T23551] input input37: cannot allocate more than FF_MAX_EFFECTS effects
[  813.525765][T19733] syz-executor: attempt to access beyond end of device
[  813.525765][T19733] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  813.597766][T19733] CPU: 0 UID: 0 PID: 19733 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  813.597809][T19733] Tainted: [L]=SOFTLOCKUP
[  813.597816][T19733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  813.597828][T19733] Call Trace:
[  813.597836][T19733]  <TASK>
[  813.597845][T19733]  dump_stack_lvl+0xe8/0x150
[  813.597882][T19733]  f2fs_stop_checkpoint+0x3c7/0x590
[  813.597966][T19733]  f2fs_write_end_io+0x12e5/0x17a0
[  813.598015][T19733]  __submit_merged_bio+0x256/0x6a0
[  813.598054][T19733]  __submit_merged_write_cond+0x3c9/0x4e0
[  813.598092][T19733]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  813.598143][T19733]  f2fs_write_data_pages+0x287e/0x34f0
[  813.598163][T19733]  ? unwind_next_frame+0xa6/0x2550
[  813.598219][T19733]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  813.598238][T19733]  ? is_bpf_text_address+0x26/0x2b0
[  813.598277][T19733]  ? arch_stack_walk+0xfb/0x150
[  813.598329][T19733]  ? add_lock_to_list+0xc7/0x100
[  813.598354][T19733]  ? lockdep_unlock+0x5d/0xd0
[  813.598378][T19733]  ? __lock_acquire+0x146e/0x2cf0
[  813.598439][T19733]  ? do_raw_spin_lock+0x12b/0x2f0
[  813.598477][T19733]  ? do_raw_spin_unlock+0xf5/0x210
[  813.598499][T19733]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  813.598520][T19733]  do_writepages+0x32e/0x550
[  813.598554][T19733]  ? do_raw_spin_unlock+0xf5/0x210
[  813.598581][T19733]  filemap_fdatawrite+0x1e9/0x2f0
[  813.598608][T19733]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  813.598672][T19733]  ? preempt_schedule_common+0x82/0xd0
[  813.598697][T19733]  ? preempt_schedule_thunk+0x16/0x30
[  813.598728][T19733]  f2fs_sync_dirty_inodes+0x30e/0x830
[  813.598764][T19733]  f2fs_write_checkpoint+0x9df/0x26a0
[  813.598823][T19733]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  813.598899][T19733]  ? kfree+0x1c5/0x640
[  813.598924][T19733]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  813.598958][T19733]  kill_f2fs_super+0x314/0x730
[  813.598986][T19733]  ? __pfx_kill_f2fs_super+0x10/0x10
[  813.599022][T19733]  ? lockdep_hardirqs_on+0x7a/0x110
[  813.599062][T19733]  deactivate_locked_super+0xbc/0x130
[  813.599095][T19733]  cleanup_mnt+0x437/0x4d0
[  813.599116][T19733]  ? _raw_spin_unlock_irq+0x23/0x50
[  813.599146][T19733]  task_work_run+0x1d9/0x270
[  813.599175][T19733]  ? __pfx_task_work_run+0x10/0x10
[  813.599210][T19733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.599233][T19733]  exit_to_user_mode_loop+0xed/0x480
[  813.599261][T19733]  ? rcu_is_watching+0x15/0xb0
[  813.599282][T19733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.599304][T19733]  do_syscall_64+0x33e/0xf80
[  813.599327][T19733]  ? trace_irq_disable+0x3b/0x140
[  813.599353][T19733]  ? clear_bhb_loop+0x40/0x90
[  813.599379][T19733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.599399][T19733] RIP: 0033:0x7f2069b9da57
[  813.599420][T19733] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  813.599437][T19733] RSP: 002b:00007ffc21e94558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  813.599460][T19733] RAX: 0000000000000000 RBX: 00007f2069c32048 RCX: 00007f2069b9da57
[  813.599475][T19733] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc21e94610
[  813.599488][T19733] RBP: 00007ffc21e94610 R08: 00007ffc21e95610 R09: 00000000ffffffff
[  813.599502][T19733] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc21e956a0
[  813.599515][T19733] R13: 00007f2069c32048 R14: 00000000000c692d R15: 00007ffc21e956e0
[  813.599551][T19733]  </TASK>
[  813.599597][T19733] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  813.930024][T23488] vhci_hcd: connection reset by peer
[  814.025691][  T135] vhci_hcd vhci_hcd.8: stop threads
[  814.044285][  T135] vhci_hcd vhci_hcd.8: release socket
[  814.074105][  T135] vhci_hcd vhci_hcd.8: disconnect device
[  814.105287][T23560] bond2: ARP target 9.0.0.0 is already present
[  814.111978][T23560] bond2: option arp_ip_target: invalid value (9)
[  814.124301][T23560] bond2 (unregistering): Released all slaves
[  814.155974][T19822] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  814.270305][T23565] loop8: detected capacity change from 0 to 64
[  814.288297][T23565] BFS-fs: bfs_fill_super(): loop8 is unclean, continuing
[  814.337028][T19822] usb 10-1: Using ep0 maxpacket: 32
[  814.351829][T19822] usb 10-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  814.439772][T19822] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.480458][T19822] usb 10-1: config 0 descriptor??
[  814.503853][T19822] gspca_main: sq930x-2.14.0 probing 041e:403c
[  815.345880][T19822] gspca_sq930x: reg_w 0105 bf00 failed -71
[  815.406951][T19822] sq930x 10-1:0.0: probe with driver sq930x failed with error -71
[  815.433533][T19822] usb 10-1: USB disconnect, device number 6
[  816.068650][T23609] loop6: detected capacity change from 0 to 256
[  816.112115][T23609] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  816.157726][T23609] exFAT-fs (loop6): valid_size(150994954) is greater than size(10)
[  816.170066][   T30] audit: type=1800 audit(2000000797.419:219): pid=23609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.6573" name="file1" dev="loop6" ino=1048897 res=0 errno=0
[  816.260530][ T5941] vhci_hcd vhci_hcd.8: vhci_device speed not set
[  817.340172][T23640] loop9: detected capacity change from 0 to 32768
[  817.364835][T23640] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  817.374165][T23640] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  817.461134][T23640] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  817.478175][T19822] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  817.488021][T19822] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  817.593472][T19822] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 105ms
[  817.603821][T19822] gfs2: fsid=syz:syz.0: jid=0: Done
[  817.611652][T23640] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  817.942443][T23640] gfs2: fsid=syz:syz.0: found 2 quota changes
[  818.818960][T23684] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6606'.
[  819.443226][T23706] loop9: detected capacity change from 0 to 256
[  819.484751][T23706] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d)
[  819.770664][T23712] netlink: 'syz.9.6621': attribute type 12 has an invalid length.
[  820.986826][T23746] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6634'.
[  821.025020][T23746] netlink: 20 bytes leftover after parsing attributes in process `syz.8.6634'.
[  821.431919][T23755] loop7: detected capacity change from 0 to 2048
[  821.471366][T17060] Bluetooth: hci6: Frame reassembly failed (-84)
[  821.472978][T23755] UDF-fs: error (device loop7): udf_read_tagged: tag checksum failed, block 1344: 0x15 != 0x00
[  821.490742][T23755] UDF-fs: warning (device loop7): udf_fill_super: No fileset found
[  821.710818][T23768] netlink: 'syz.8.6644': attribute type 10 has an invalid length.
[  822.064701][T23779] block nbd3: Unsupported socket: should be TCP or UNIX.
[  822.243643][T23784] loop8: detected capacity change from 0 to 256
[  822.251302][T23787] loop0: detected capacity change from 0 to 256
[  822.260504][T23784] exfat: Deprecated parameter 'utf8'
[  822.284906][T23784] exfat: Deprecated parameter 'namecase'
[  822.343442][T23784] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  822.371573][T23787] FAT-fs (loop0): Directory bread(block 64) failed
[  822.394698][T23787] FAT-fs (loop0): Directory bread(block 65) failed
[  822.411522][T23787] FAT-fs (loop0): Directory bread(block 66) failed
[  822.422415][T23787] FAT-fs (loop0): Directory bread(block 67) failed
[  822.431415][T23787] FAT-fs (loop0): Directory bread(block 68) failed
[  822.441791][T23787] FAT-fs (loop0): Directory bread(block 69) failed
[  822.450709][T23787] FAT-fs (loop0): Directory bread(block 70) failed
[  822.457591][T23787] FAT-fs (loop0): Directory bread(block 71) failed
[  822.500582][T23787] FAT-fs (loop0): Directory bread(block 72) failed
[  822.517667][T23787] FAT-fs (loop0): Directory bread(block 73) failed
[  823.347305][ T3595] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  823.517583][   T51] Bluetooth: hci6: command 0x1003 tx timeout
[  823.522647][ T5849] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  824.003156][ T3595] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.014291][T23818] loop6: detected capacity change from 0 to 64
[  824.047537][T23818] hfs: Bad value for 'umask'
[  824.092949][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  824.116570][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  824.128565][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  824.140033][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  824.148500][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  824.819796][ T3595] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  825.026428][ T3595] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  825.339278][T23847] ALSA: mixer_oss: invalid OSS volume 'ÝÝ'
[  825.599587][T23820] chnl_net:caif_netlink_parms(): no params data found
[  826.044589][T23867] loop7: detected capacity change from 0 to 128
[  826.323049][ T5849] Bluetooth: hci4: command 0x0406 tx timeout
[  826.323096][   T51] Bluetooth: hci3: command tx timeout
[  826.499640][T23820] bridge0: port 1(bridge_slave_0) entered blocking state
[  826.507895][T23820] bridge0: port 1(bridge_slave_0) entered disabled state
[  826.515278][T23820] bridge_slave_0: entered allmulticast mode
[  826.525999][T23820] bridge_slave_0: entered promiscuous mode
[  826.588761][T23820] bridge0: port 2(bridge_slave_1) entered blocking state
[  826.604355][T23820] bridge0: port 2(bridge_slave_1) entered disabled state
[  826.619521][T23820] bridge_slave_1: entered allmulticast mode
[  826.632864][T23820] bridge_slave_1: entered promiscuous mode
[  826.792739][T23820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  826.807918][T23820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  826.891753][T23820] team0: Port device team_slave_0 added
[  826.949875][T23820] team0: Port device team_slave_1 added
[  827.129477][T23871] loop0: detected capacity change from 0 to 32768
[  827.160253][T23871] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.6687 (23871)
[  827.254535][ T3595] bridge_slave_1: left allmulticast mode
[  827.264057][T23871] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  827.282714][ T3595] bridge_slave_1: left promiscuous mode
[  827.305724][ T3595] bridge0: port 2(bridge_slave_1) entered disabled state
[  827.313399][T23871] BTRFS info (device loop0): using sha256 checksum algorithm
[  827.340405][ T3595] bridge_slave_0: left allmulticast mode
[  827.361955][ T3595] bridge_slave_0: left promiscuous mode
[  827.374599][ T3595] bridge0: port 1(bridge_slave_0) entered disabled state
[  827.521895][T23871] BTRFS info (device loop0): enabling ssd optimizations
[  827.551767][T23871] BTRFS info (device loop0): turning on async discard
[  827.578039][T23871] BTRFS info (device loop0): enabling free space tree
[  828.091667][T22406] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  828.226281][T23887] loop9: detected capacity change from 0 to 32768
[  828.279026][T23925] loop6: detected capacity change from 0 to 64
[  828.408745][ T5854] Bluetooth: hci3: command tx timeout
[  828.410324][T23887] JBD2: Ignoring recovery information on journal
[  828.431473][T23887] jbd2_journal_bmap: journal block not found at offset 32 on loop9-75
[  828.542013][T23887] JBD2: bad block at offset 32
[  828.555121][   T30] audit: type=1800 audit(2000000809.789:220): pid=23925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.6699" name="file1" dev="loop6" ino=22 res=0 errno=0
[  828.642312][T23887] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  829.144200][ T3595] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  829.174442][T20993] ocfs2: Unmounting device (7,9) on (node local)
[  829.227872][ T3595] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  829.374231][ T3595] bond0 (unregistering): Released all slaves
[  829.459278][T23820] batman_adv: batadv0: Adding interface: batadv_slave_0
[  829.482398][T23820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  829.544210][T23820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  829.624711][T23820] batman_adv: batadv0: Adding interface: batadv_slave_1
[  829.651896][T23820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  829.714228][T23820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  830.003747][ T1694] block nbd1: Possible stuck request ffff888027570000: control (read@0,1024B). Runtime 270 seconds
[  830.014811][ T1694] block nbd1: Possible stuck request ffff8880275701c0: control (read@1024,1024B). Runtime 270 seconds
[  830.030438][ T1694] block nbd1: Possible stuck request ffff888027570380: control (read@2048,1024B). Runtime 270 seconds
[  830.041911][ T1694] block nbd1: Possible stuck request ffff888027570540: control (read@3072,1024B). Runtime 270 seconds
[  830.146007][T23820] hsr_slave_0: entered promiscuous mode
[  830.152894][T23820] hsr_slave_1: entered promiscuous mode
[  830.175002][T23820] debugfs: 'hsr0' already exists in 'hsr'
[  830.182120][T23820] Cannot create hsr debugfs directory
[  830.484170][ T5854] Bluetooth: hci3: command tx timeout
[  830.493123][T23960] loop6: detected capacity change from 0 to 2048
[  830.507082][ T3595] hsr_slave_0: left promiscuous mode
[  830.556013][ T3595] hsr_slave_1: left promiscuous mode
[  830.562284][T23960] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  830.607409][ T3595] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  830.629944][ T3595] batman_adv: batadv0: Removing interface: batadv_slave_0
[  830.669475][ T3595] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  830.704448][ T3595] batman_adv: batadv0: Removing interface: batadv_slave_1
[  830.822772][ T3595] veth0_macvtap: left promiscuous mode
[  830.867850][ T3595] veth1_vlan: left promiscuous mode
[  830.900198][ T3595] veth0_vlan: left promiscuous mode
[  831.149454][T15276] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  831.528932][T23986] loop7: detected capacity change from 0 to 256
[  831.689590][T23986] FAT-fs (loop7): Directory bread(block 64) failed
[  831.712947][T23986] FAT-fs (loop7): Directory bread(block 65) failed
[  831.751431][T23986] FAT-fs (loop7): Directory bread(block 66) failed
[  831.769808][T23986] FAT-fs (loop7): Directory bread(block 67) failed
[  831.789190][T23986] FAT-fs (loop7): Directory bread(block 68) failed
[  831.804009][T23986] FAT-fs (loop7): Directory bread(block 69) failed
[  831.845042][T23986] FAT-fs (loop7): Directory bread(block 70) failed
[  831.872648][T23986] FAT-fs (loop7): Directory bread(block 71) failed
[  831.888399][T23986] FAT-fs (loop7): Directory bread(block 72) failed
[  831.915161][T23986] FAT-fs (loop7): Directory bread(block 73) failed
[  832.031885][   T30] audit: type=1800 audit(2000000813.279:221): pid=23986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.6716" name="file1" dev="loop7" ino=1048924 res=0 errno=0
[  832.119905][T23986] syz.7.6716: attempt to access beyond end of device
[  832.119905][T23986] loop7: rw=0, sector=1192, nr_sectors = 4 limit=256
[  832.552761][ T3595] team0 (unregistering): Port device team_slave_1 removed
[  832.562020][ T5854] Bluetooth: hci3: command tx timeout
[  832.609333][ T3595] team0 (unregistering): Port device C removed
[  832.869945][T23996] loop6: detected capacity change from 0 to 32768
[  832.937021][T23996] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  833.022893][T23996] XFS (loop6): Ending clean mount
[  833.072307][T23996] XFS (loop6): Quotacheck needed: Please wait.
[  833.210727][T24014] loop9: detected capacity change from 0 to 128
[  833.251286][T24014] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  833.353057][T24014] ext4 filesystem being mounted at /218/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  833.527908][T23996] XFS (loop6): Quotacheck: Done.
[  833.651915][T20993] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  834.188695][T15276] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  834.975880][T24043] raw_sendmsg: syz.6.6727 forgot to set AF_INET. Fix it!
[  835.005711][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.018241][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.030701][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.043135][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.055612][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.068186][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.080636][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.093382][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.105889][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.118385][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  835.124735][T24023] loop0: detected capacity change from 0 to 32768
[  835.303492][T24028] loop9: detected capacity change from 0 to 40427
[  835.532829][T24023] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  835.544900][T24028] F2FS-fs (loop9): invalid crc value
[  835.773256][T24023] XFS (loop0): Ending clean mount
[  835.833036][T24054] loop6: detected capacity change from 0 to 1024
[  835.841424][T24023] XFS (loop0): Quotacheck needed: Please wait.
[  836.012532][T24054] hfsplus: b-tree write err: -5, ino 2
[  836.071300][T24054] hfsplus: bad catalog entry type
[  836.289879][  T138] hfsplus: b-tree write err: -5, ino 25
[  836.311618][  T138] hfsplus: b-tree write err: -5, ino 4
[  836.341473][  T138] hfsplus: b-tree write err: -5, ino 2
[  836.385833][  T138] hfsplus: b-tree write err: -5, ino 26
[  836.541311][T24028] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  836.821057][T24028] F2FS-fs (loop9): Start checkpoint disabled!
[  836.992592][T24023] XFS (loop0): Quotacheck: Done.
[  837.081227][T24028] F2FS-fs (loop9): f2fs_disable_checkpoint() finish, err:0
[  837.091252][T24028] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  837.417734][T22406] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  839.657020][T24072] loop7: detected capacity change from 0 to 2048
[  839.908723][T24072] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  840.015484][    C0] net_ratelimit: 14754 callbacks suppressed
[  840.015506][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.034129][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.046539][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.059527][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.072159][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.084544][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.097000][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.109826][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.122362][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  840.134932][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  841.111634][T19733] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  841.440473][T24097] loop0: detected capacity change from 0 to 512
[  841.531610][T24097] EXT4-fs: Ignoring removed nomblk_io_submit option
[  841.672722][T24097] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  841.719943][T24097] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002]
[  841.761144][T24097] EXT4-fs (loop0): orphan cleanup on readonly fs
[  841.852015][T24097] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0
[  841.891021][T24097] EXT4-fs warning (device loop0): ext4_enable_quotas:7261: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  841.956763][T24105] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  842.040887][T24097] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  842.113481][T24097] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.6740: bg 0: block 40: padding at end of block bitmap is not set
[  842.166537][T24097] loop0: lost filesystem error report for type 5 error -117
[  842.176721][    C1] EXT4-fs (loop0): error count since last fsck: 1
[  842.190801][    C1] EXT4-fs (loop0): initial error at time 2000000823: ext4_validate_block_bitmap:441
[  842.200371][    C1] EXT4-fs (loop0): last error at time 2000000823: ext4_validate_block_bitmap:441
[  842.216238][T24097] EXT4-fs (loop0): Remounting filesystem read-only
[  842.232605][T24097] EXT4-fs (loop0): 1 truncate cleaned up
[  842.254658][T24097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  842.441973][T24097] EXT4-fs (loop0): shut down requested (2)
[  842.773120][T22406] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  843.499802][T24120] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6746'.
[  844.820628][T24138] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6754'.
[  845.028228][    C0] net_ratelimit: 14435 callbacks suppressed
[  845.028253][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.046721][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.059128][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.071699][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.084038][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.096423][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.108827][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.121215][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.134901][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.147412][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  845.308084][T23820] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  845.451016][T23820] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  845.563366][T23820] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  845.644314][T23820] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  846.715000][T23820] 8021q: adding VLAN 0 to HW filter on device bond0
[  847.110224][T23820] 8021q: adding VLAN 0 to HW filter on device team0
[  847.222841][T17060] bridge0: port 1(bridge_slave_0) entered blocking state
[  847.230247][T17060] bridge0: port 1(bridge_slave_0) entered forwarding state
[  847.410444][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  847.417720][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  849.225038][T24160] loop0: detected capacity change from 0 to 40427
[  850.035463][    C0] net_ratelimit: 16339 callbacks suppressed
[  850.035488][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.054076][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.066499][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.078915][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.091583][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.104210][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.116732][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.129211][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.141660][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.154017][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  850.582362][T23820] 8021q: adding VLAN 0 to HW filter on device batadv0
[  851.291626][T23820] veth0_vlan: entered promiscuous mode
[  851.432616][T23820] veth1_vlan: entered promiscuous mode
[  851.809673][T23820] veth0_macvtap: entered promiscuous mode
[  854.701887][T24247] loop9: detected capacity change from 0 to 2048
[  854.731919][T24247] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842c128, mo2=0003]
[  854.770292][T24247] System zones: 0-7
[  854.785052][T24247] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  854.851784][T24247] EXT4-fs error (device loop9): ext4_find_extent:939: inode #2: comm syz.9.6782: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  854.921049][T24247] EXT4-fs (loop9): Remounting filesystem read-only
[  854.993001][T20993] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  855.045594][    C0] net_ratelimit: 16354 callbacks suppressed
[  855.045618][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.064049][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.076648][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.089127][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.101708][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.114114][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.126644][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.139027][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.151471][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  855.164260][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  856.732240][T24269] loop0: detected capacity change from 0 to 40427
[  856.740161][T24269] F2FS-fs: heap/no_heap options were deprecated
[  856.805646][T24269] F2FS-fs (loop0): build fault injection rate: 19
[  856.812180][T24269] F2FS-fs (loop0): build fault injection type: 0x77e8c
[  856.822104][T24269] F2FS-fs (loop0): invalid crc value
[  856.833587][T24269] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21c/0xd60
[  856.854048][T24269] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x18f/0xb00
[  856.871128][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  856.881529][    C1] loop0: lost file I/O error report for ino 2 type 0 pos 0xa04000 len 0x1000 error -5
[  856.984410][T24269] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  857.023824][T24269] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  857.041372][T24269] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of write_normal_summaries+0x120/0x3f0
[  857.113913][T24269] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x5e2/0x24f0
[  857.126808][T24269] F2FS-fs (loop0): invalid blkaddr: 513, type: 10, run fsck to fix.
[  857.147484][T24269] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x681/0x24f0
[  857.160538][T24269] F2FS-fs (loop0): invalid blkaddr: 1027, type: 10, run fsck to fix.
[  858.174273][T24284] netlink: 64 bytes leftover after parsing attributes in process `syz.0.6793'.
[  858.288769][T23820] veth1_macvtap: entered promiscuous mode
[  858.858402][T23820] batman_adv: batadv0: Interface activated: batadv_slave_0
[  858.890382][T24288] loop9: detected capacity change from 0 to 4096
[  858.985125][T23820] batman_adv: batadv0: Interface activated: batadv_slave_1
[  859.166115][T17060] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  859.241532][T24296] loop7: detected capacity change from 0 to 64
[  859.271070][ T1118] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  859.360704][ T1118] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  859.499569][ T1118] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  860.055475][    C0] net_ratelimit: 14879 callbacks suppressed
[  860.055497][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.074019][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.086547][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.099148][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.111613][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.124295][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.136921][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.149595][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.162296][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.174816][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  860.354739][ T1694] block nbd1: Possible stuck request ffff888027570000: control (read@0,1024B). Runtime 300 seconds
[  860.377595][ T1694] block nbd1: Possible stuck request ffff8880275701c0: control (read@1024,1024B). Runtime 300 seconds
[  860.401138][ T1694] block nbd1: Possible stuck request ffff888027570380: control (read@2048,1024B). Runtime 300 seconds
[  860.424200][ T1694] block nbd1: Possible stuck request ffff888027570540: control (read@3072,1024B). Runtime 300 seconds
[  860.672960][T24308] loop6: detected capacity change from 0 to 32768
[  860.778577][T24308] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.6800 (24308)
[  860.917250][T24308] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  860.928138][T24308] BTRFS info (device loop6): using sha256 checksum algorithm
[  861.280662][T24308] BTRFS info (device loop6): enabling ssd optimizations
[  861.288373][T24308] BTRFS info (device loop6): turning on async discard
[  861.295990][T24308] BTRFS info (device loop6): enabling free space tree
[  861.863743][T24308] BTRFS info (device loop6): balance: start -slimit=4294967287..1025
[  861.874369][T24308] BTRFS info (device loop6): balance: ended with status: 0
[  862.451913][T15276] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  863.382132][T24344] loop0: detected capacity change from 0 to 512
[  863.723722][T24344] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  863.889672][T24344] ext4 filesystem being mounted at /115/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  864.074873][T15381] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  864.142687][T15381] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  864.424217][T24344] EXT4-fs (loop0): shut down requested (1)
[  864.811548][T22406] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  865.065638][    C0] net_ratelimit: 14676 callbacks suppressed
[  865.065660][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.084091][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.096517][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.109057][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.121475][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.134165][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.146591][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.159102][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.172119][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.184820][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  865.772654][T24361] loop6: detected capacity change from 0 to 512
[  865.869529][T24361] EXT4-fs (loop6): couldn't mount as ext2 due to feature incompatibilities
[  866.417690][T24274] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  866.511900][T24274] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  866.871528][T24369] veth1_macvtap: left promiscuous mode
[  866.966021][T24369] macsec0: entered promiscuous mode
[  867.190997][T24372] veth1_macvtap: entered promiscuous mode
[  867.278550][   T30] audit: type=1326 audit(2000000848.509:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  867.284882][T24372] macsec0: left promiscuous mode
[  867.358887][   T30] audit: type=1326 audit(2000000848.509:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  867.541203][   T30] audit: type=1326 audit(2000000848.529:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  867.800576][   T30] audit: type=1326 audit(2000000848.529:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  867.962142][   T30] audit: type=1326 audit(2000000848.529:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  868.205996][   T30] audit: type=1326 audit(2000000848.529:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  868.456698][   T30] audit: type=1326 audit(2000000848.529:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  868.654026][   T30] audit: type=1326 audit(2000000848.569:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  868.878056][   T30] audit: type=1326 audit(2000000848.569:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  869.001517][   T30] audit: type=1326 audit(2000000848.569:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24375 comm="syz.9.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd79319c819 code=0x7ffc0000
[  870.075508][    C0] net_ratelimit: 14065 callbacks suppressed
[  870.075531][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.094367][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.107050][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.109792][T24415] loop2: detected capacity change from 0 to 164
[  870.119864][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.120213][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.151503][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.164046][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.176653][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.189308][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.201856][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.337898][    C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  870.338305][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  870.369374][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  872.427855][T24442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6834'.
[  872.458868][T24443] loop9: detected capacity change from 0 to 512
[  872.622645][T24443] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #16: comm syz.9.6835: invalid indirect mapped block 4294967295 (level 0)
[  872.678396][T24443] loop9: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  872.696016][T24443] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #16: comm syz.9.6835: invalid indirect mapped block 4294967295 (level 1)
[  872.705330][    C0] EXT4-fs (loop9): error count since last fsck: 1
[  872.705356][    C0] EXT4-fs (loop9): initial error at time 2000000853: ext4_free_branches:1023: inode 16
[  872.705427][    C0] EXT4-fs (loop9): last error at time 2000000853: ext4_free_branches:1023: inode 16
[  872.896135][T24443] loop9: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  872.901733][T24443] EXT4-fs (loop9): 1 orphan inode deleted
[  873.102905][T24443] EXT4-fs (loop9): 1 truncate cleaned up
[  873.186581][T24443] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  873.733983][T20993] EXT4-fs error (device loop9): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  875.085509][    C0] net_ratelimit: 15672 callbacks suppressed
[  875.085531][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.104134][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.116501][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.129024][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.141887][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.154408][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.167086][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.179636][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.192043][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.204626][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  875.757194][T24448] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  875.953566][T24472] kvm: apic: phys broadcast and lowest prio
[  877.094181][T22274] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  877.254593][    C1] sched: DL replenish lagged too much
[  880.095405][    C0] net_ratelimit: 16272 callbacks suppressed
[  880.095426][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.114179][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.126557][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.139019][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.151598][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.164360][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.176722][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.189092][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.201910][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.214300][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  880.394196][T17060] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  880.541323][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  880.575314][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  880.604209][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  880.644121][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  880.665329][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  881.973574][T24529] tipc: Started in network mode
[  882.028654][T24529] tipc: Node identity ac14140f, cluster identity 4711
[  882.085233][T24529] tipc: New replicast peer: 255.255.255.255
[  882.137305][T24529] tipc: Enabled bearer <udp:syz2>, priority 10
[  882.200471][T24530] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6861'.
[  882.294379][T24530] tipc: Disabling bearer <udp:syz2>
[  882.836090][   T51] Bluetooth: hci4: command tx timeout
[  883.057140][T17060] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  883.505246][T24545] loop7: detected capacity change from 0 to 512
[  883.650765][T24545] EXT4-fs: Ignoring removed bh option
[  883.742562][T24545] EXT4-fs (loop7): warning: mounting unchecked fs, running e2fsck is recommended
[  883.862812][T24545] EXT4-fs (loop7): 1 truncate cleaned up
[  883.932817][T24545] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  884.285268][T17060] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  884.328750][   T30] audit: type=1800 audit(2000000865.559:232): pid=24545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.6866" name="file1" dev="loop7" ino=13 res=0 errno=0
[  884.613191][T19733] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  884.878011][   T51] Bluetooth: hci4: command tx timeout
[  885.105576][    C0] net_ratelimit: 16128 callbacks suppressed
[  885.105599][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.124183][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.136964][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.150063][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.162759][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.175125][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.187522][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.199982][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.212452][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.224881][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  885.659971][T24567] loop7: detected capacity change from 0 to 512
[  885.744362][T24567] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #16: comm syz.7.6870: invalid indirect mapped block 4294967295 (level 0)
[  885.879112][T24567] loop7: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  885.885427][    C1] EXT4-fs (loop7): error count since last fsck: 1
[  885.901463][    C1] EXT4-fs (loop7): initial error at time 2000000867: ext4_free_branches:1023: inode 16
[  885.911280][    C1] EXT4-fs (loop7): last error at time 2000000867: ext4_free_branches:1023: inode 16
[  885.922584][T24567] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #16: comm syz.7.6870: invalid indirect mapped block 4294967295 (level 1)
[  885.984779][T17060] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  886.008430][T24567] loop7: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[  886.016688][T24567] EXT4-fs (loop7): 1 orphan inode deleted
[  886.128601][T24567] EXT4-fs (loop7): 1 truncate cleaned up
[  886.198803][T24567] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  886.392383][T24567] EXT4-fs (loop7): shut down requested (1)
[  886.957779][   T51] Bluetooth: hci4: command tx timeout
[  887.577334][T19733] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  887.721431][T24563] netlink: 132 bytes leftover after parsing attributes in process `syz.6.6869'.
[  888.598722][T24513] chnl_net:caif_netlink_parms(): no params data found
[  889.036220][   T51] Bluetooth: hci4: command tx timeout
[  890.115425][    C0] net_ratelimit: 15225 callbacks suppressed
[  890.115447][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.134208][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.146700][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.159239][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.171866][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.184652][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.197206][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.209648][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.222303][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.235026][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  890.784306][T24513] bridge0: port 1(bridge_slave_0) entered blocking state
[  890.857054][T24513] bridge0: port 1(bridge_slave_0) entered disabled state
[  890.913896][T24513] bridge_slave_0: entered allmulticast mode
[  890.984100][T24513] bridge_slave_0: entered promiscuous mode
[  891.007507][ T1694] block nbd1: Possible stuck request ffff888027570000: control (read@0,1024B). Runtime 330 seconds
[  891.031435][ T1694] block nbd1: Possible stuck request ffff8880275701c0: control (read@1024,1024B). Runtime 330 seconds
[  891.050799][T24513] bridge0: port 2(bridge_slave_1) entered blocking state
[  891.051004][T24513] bridge0: port 2(bridge_slave_1) entered disabled state
[  891.051239][T24513] bridge_slave_1: entered allmulticast mode
[  891.071618][T24513] bridge_slave_1: entered promiscuous mode
[  891.168555][ T1694] block nbd1: Possible stuck request ffff888027570380: control (read@2048,1024B). Runtime 330 seconds
[  891.203480][ T1694] block nbd1: Possible stuck request ffff888027570540: control (read@3072,1024B). Runtime 330 seconds
[  891.281524][T24635] netlink: 'syz.7.6886': attribute type 10 has an invalid length.
[  891.824951][T24635] netdevsim netdevsim7 netdevsim0: entered promiscuous mode
[  891.912753][T24637] netlink: 'syz.2.6887': attribute type 12 has an invalid length.
[  892.424858][T24513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  892.541253][T24513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  892.584175][T17060] bridge_slave_1: left allmulticast mode
[  892.611120][T17060] bridge_slave_1: left promiscuous mode
[  892.652341][T17060] bridge0: port 2(bridge_slave_1) entered disabled state
[  892.711291][T17060] bridge_slave_0: left allmulticast mode
[  892.744143][T17060] bridge_slave_0: left promiscuous mode
[  892.786605][T17060] bridge0: port 1(bridge_slave_0) entered disabled state
[  894.552728][T24678] loop2: detected capacity change from 0 to 256
[  894.796733][T24678] FAT-fs (loop2): Directory bread(block 64) failed
[  894.900165][T24678] FAT-fs (loop2): Directory bread(block 65) failed
[  894.940466][T24678] FAT-fs (loop2): Directory bread(block 66) failed
[  894.967232][T24678] FAT-fs (loop2): Directory bread(block 67) failed
[  895.004401][T24678] FAT-fs (loop2): Directory bread(block 68) failed
[  895.049942][T24678] FAT-fs (loop2): Directory bread(block 69) failed
[  895.086806][T24678] FAT-fs (loop2): Directory bread(block 70) failed
[  895.115798][T24678] FAT-fs (loop2): Directory bread(block 71) failed
[  895.125624][    C0] net_ratelimit: 14540 callbacks suppressed
[  895.125645][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.125993][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.126402][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.126758][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.127180][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.127711][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.128199][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.128579][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.129042][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.129435][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  895.458500][T24678] FAT-fs (loop2): Directory bread(block 72) failed
[  895.477381][T24678] FAT-fs (loop2): Directory bread(block 73) failed
[  895.568815][T17060] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  895.613962][T17060] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  895.658719][T17060] bond0 (unregistering): Released all slaves
[  895.748636][T24648] erspan0: entered promiscuous mode
[  896.068077][T24513] team0: Port device team_slave_0 added
[  896.222164][T24513] team0: Port device team_slave_1 added
[  896.752099][T24513] batman_adv: batadv0: Adding interface: batadv_slave_0
[  896.838777][T24513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  897.005123][T24513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  897.191188][T24513] batman_adv: batadv0: Adding interface: batadv_slave_1
[  897.253898][T24513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  897.486938][T24513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  898.690781][T24719] netlink: 'syz.0.6907': attribute type 83 has an invalid length.
[  898.852436][T24513] hsr_slave_0: entered promiscuous mode
[  898.900950][T24513] hsr_slave_1: entered promiscuous mode
[  898.949125][T24513] debugfs: 'hsr0' already exists in 'hsr'
[  898.997186][T24513] Cannot create hsr debugfs directory
[  899.116777][   T31] INFO: task syz.1.6022:22044 blocked for more than 143 seconds.
[  899.171560][   T31]       Tainted: G             L      syzkaller #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  899.259067][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  899.341465][   T31] task:syz.1.6022      state:D stack:28120 pid:22044 tgid:22042 ppid:5846   task_flags:0x400040 flags:0x00080002
[  899.491159][   T31] Call Trace:
[  899.544736][   T31]  <TASK>
[  899.588651][   T31]  __schedule+0x165c/0x5520
[  899.658188][   T31]  ? __pfx___schedule+0x10/0x10
[  899.721577][   T31]  ? schedule+0x90/0x360
[  899.766090][   T31]  schedule+0x164/0x360
[  899.791973][   T31]  schedule_preempt_disabled+0x13/0x30
[  899.849413][   T31]  __mutex_lock+0x856/0x1420
[  899.898697][   T31]  ? __mutex_lock+0x5fc/0x1420
[  899.949824][   T31]  ? bdev_open+0xe0/0xd30
[  899.969351][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  899.991965][   T31]  ? disk_block_events+0xab/0x120
[  900.019100][   T31]  ? bdev_open+0xaf/0xd30
[  900.044434][   T31]  bdev_open+0xe0/0xd30
[  900.064618][   T31]  blkdev_open+0x470/0x610
[  900.084710][   T31]  ? __pfx_blkdev_open+0x10/0x10
[  900.110359][   T31]  do_dentry_open+0x785/0x14e0
[  900.123988][   T31]  vfs_open+0x3b/0x340
[  900.135420][    C0] net_ratelimit: 14538 callbacks suppressed
[  900.135441][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.138898][   T31]  ? path_openat+0x2df0/0x3860
[  900.141820][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.170778][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.183393][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.195837][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.200735][   T31]  path_openat+0x2e08/0x3860
[  900.208219][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.208565][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.208871][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.209268][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.262349][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  900.265587][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  900.309800][   T31]  ? stack_depot_save_flags+0x33/0x810
[  900.327614][   T31]  ? __pfx_path_openat+0x10/0x10
[  900.336192][   T31]  ? __x64_sys_openat+0x138/0x170
[  900.353758][   T31]  ? __lock_acquire+0x6b5/0x2cf0
[  900.360252][   T31]  do_file_open+0x23e/0x4a0
[  900.371698][   T31]  ? __pfx_do_file_open+0x10/0x10
[  900.387371][   T31]  ? _raw_spin_unlock+0x28/0x50
[  900.411067][   T31]  ? alloc_fd+0x64b/0x6c0
[  900.425077][   T31]  do_sys_openat2+0x113/0x200
[  900.439046][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  900.460763][   T31]  ? exc_page_fault+0x6a/0xc0
[  900.474452][   T31]  ? do_user_addr_fault+0xc6f/0x1340
[  900.487843][   T31]  __x64_sys_openat+0x138/0x170
[  900.506118][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  900.527120][   T31]  do_syscall_64+0x15f/0xf80
[  900.537172][   T31]  ? trace_irq_disable+0x3b/0x140
[  900.548162][   T31]  ? clear_bhb_loop+0x40/0x90
[  900.565599][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  900.572121][   T31] RIP: 0033:0x7f83f675d04e
[  900.586050][   T31] RSP: 002b:00007f83f7635b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  900.607399][   T31] RAX: ffffffffffffffda RBX: 00007f83f76366c0 RCX: 00007f83f675d04e
[  900.629213][   T31] RDX: 000000000000c000 RSI: 00007f83f7635c00 RDI: ffffffffffffff9c
[  900.653855][   T31] RBP: 00007f83f7635c00 R08: 0000000000000000 R09: 0000000000000000
[  900.674739][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  900.689379][   T31] R13: 00007f83f6a16038 R14: 00007f83f6a15fa0 R15: 00007ffdd1bef1a8
[  900.699941][   T31]  </TASK>
[  900.849642][   T31] 
[  900.849642][   T31] Showing all locks held in the system:
[  900.869674][   T31] 3 locks held by kworker/u8:0/12:
[  900.878918][   T31]  #0: ffff8880b873ae60 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150
[  900.928858][   T31]  #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[  900.984262][   T31]  #2: ffff8880b8726118 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[  901.033829][   T31] 1 lock held by khungtaskd/31:
[  901.096813][   T31]  #0: ffffffff8e75d0a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  901.143493][   T31] 3 locks held by kworker/u8:8/1118:
[  901.170155][   T31]  #0: ffff88801bbf9940 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  901.234166][   T31]  #1: ffffc900054bfc40 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  901.335431][   T31]  #2: ffffffff8fbd9580 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_dfs_channels_update_work+0xd6/0x660
[  901.416373][   T31] 3 locks held by kworker/u8:11/3511:
[  901.430409][   T31]  #0: ffff88813fe54140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  901.512375][   T31]  #1: ffffc9000d69fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  901.591243][   T31]  #2: ffffffff8fbd9580 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  901.659094][   T31] 2 locks held by getty/5597:
[  901.728795][   T31]  #0: ffff8880369600a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  901.772411][   T31]  #1: ffffc9000322b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13a0
[  901.838982][   T31] 1 lock held by udevd/6438:
[  901.863059][   T31]  #0: ffff88802753b350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  901.937567][   T31] 3 locks held by kworker/0:2/15562:
[  901.962257][   T31]  #0: ffff88813fe13140 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  902.019337][   T31]  #1: ffffc90003357c40 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  902.066800][   T31]  #2: ffffffff8e7633a8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770
[  902.137807][   T31] 6 locks held by kworker/u8:3/17060:
[  902.179765][   T31]  #0: ffff88801bae6140 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[  902.241974][   T31]  #1: ffffc900069e7c40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[  902.287897][   T31]  #2: ffffffff8fbcac88 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800
[  902.314698][   T31]  #3: ffffffff8fbd9580 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0
[  902.370762][   T31]  #4: ffff88805ef80780 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x132/0x6c0
[  902.442053][   T31]  #5: ffffffff8e7633a8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[  902.458915][   T31] 1 lock held by syz.1.6022/22044:
[  902.464606][   T31]  #0: ffff88802753b350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  902.474876][   T31] 4 locks held by syz-executor/22406:
[  902.481309][   T31]  #0: ffff888076280ea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0
[  902.502420][   T31]  #1: ffff8880762800b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0
[  902.514975][   T31]  #2: ffffffff8fd65aa0 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260
[  902.527304][   T31]  #3: ffff8880780a1af8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x92/0x570
[  902.537552][   T31] 1 lock held by syz-executor/24513:
[  902.543569][   T31]  #0: ffffffff8fbd9580 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0
[  902.554513][   T31] 1 lock held by syz.7.6903/24704:
[  902.569763][   T31]  #0: ffffffff8fbd9580 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  902.584976][   T31] 2 locks held by syz.6.6909/24725:
[  902.591188][   T31]  #0: ffffffff8fbba6e0 (br_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x4fa/0x7f0
[  902.604529][   T31]  #1: ffffffff8fbd9580 (rtnl_mutex){+.+.}-{4:4}, at: br_ioctl_stub+0x1a8/0xd60
[  902.620087][   T31] 3 locks held by syz.2.6910/24729:
[  902.626239][   T31]  #0: ffff888058878ea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0
[  902.655992][   T31]  #1: ffff8880588780b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0
[  902.674223][   T31]  #2: ffffffff8fd65aa0 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260
[  902.708954][   T31] 1 lock held by sed/24747:
[  902.716209][   T31] 
[  902.723302][   T31] =============================================
[  902.723302][   T31] 
[  902.752536][   T31] NMI backtrace for cpu 1
[  902.752563][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  902.752591][   T31] Tainted: [L]=SOFTLOCKUP
[  902.752598][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  902.752611][   T31] Call Trace:
[  902.752620][   T31]  <TASK>
[  902.752629][   T31]  dump_stack_lvl+0xe8/0x150
[  902.752666][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[  902.752688][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  902.752720][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  902.752744][   T31]  sys_info+0x135/0x170
[  902.752763][   T31]  watchdog+0xfd3/0x1030
[  902.752796][   T31]  ? watchdog+0x1c9/0x1030
[  902.752827][   T31]  kthread+0x388/0x470
[  902.752850][   T31]  ? __pfx_watchdog+0x10/0x10
[  902.752872][   T31]  ? __pfx_kthread+0x10/0x10
[  902.752897][   T31]  ret_from_fork+0x514/0xb70
[  902.752929][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  902.752958][   T31]  ? __switch_to+0xc79/0x1410
[  902.752987][   T31]  ? __pfx_kthread+0x10/0x10
[  902.753012][   T31]  ret_from_fork_asm+0x1a/0x30
[  902.753050][   T31]  </TASK>
[  902.753058][   T31] Sending NMI from CPU 1 to CPUs 0:
[  902.885825][    C0] NMI backtrace for cpu 0
[  902.885845][    C0] CPU: 0 UID: 0 PID: 5202 Comm: klogd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  902.885868][    C0] Tainted: [L]=SOFTLOCKUP
[  902.885874][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  902.885884][    C0] RIP: 0010:stack_depot_save_flags+0xb3/0x810
[  902.885909][    C0] Code: c1 41 c1 c1 08 44 29 c5 41 31 e9 41 01 f8 44 29 cf 44 89 c9 c1 c1 10 31 f9 45 01 c1 89 c8 c1 c0 13 41 29 c8 44 31 c0 44 01 c9 <41> 29 c1 89 c5 c1 c5 04 44 31 cd 01 c8 83 c6 fd 48 83 c2 0c 83 fe
[  902.885923][    C0] RSP: 0018:ffffc900000076f8 EFLAGS: 00000292
[  902.885939][    C0] RAX: 0000000083cc5b52 RBX: 0000000000000000 RCX: 00000000be95dfe5
[  902.885951][    C0] RDX: ffffc9000000775c RSI: 0000000000000027 RDI: 000000008577cdf2
[  902.885963][    C0] RBP: 00000000b03b5fd8 R08: 000000000c850c86 R09: 00000000939b4dfc
[  902.885974][    C0] R10: 0000000000000015 R11: ffffffff81b16530 R12: ffff88802612f140
[  902.885985][    C0] R13: 0000000000000000 R14: ffffc90000007750 R15: ffffc90000007750
[  902.885997][    C0] FS:  00007f2e69fb4c80(0000) GS:ffff88812543c000(0000) knlGS:0000000000000000
[  902.886011][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  902.886022][    C0] CR2: 000055deccc0f950 CR3: 0000000071986000 CR4: 00000000003526f0
[  902.886039][    C0] Call Trace:
[  902.886047][    C0]  <IRQ>
[  902.886058][    C0]  kasan_save_track+0x4f/0x80
[  902.886074][    C0]  ? kasan_save_track+0x3e/0x80
[  902.886089][    C0]  ? kasan_save_free_info+0x46/0x50
[  902.886109][    C0]  ? __kasan_slab_free+0x5c/0x80
[  902.886124][    C0]  ? kmem_cache_free+0x182/0x650
[  902.886139][    C0]  ? ip_rcv_finish_core+0x100a/0x1c00
[  902.886154][    C0]  ? ip_rcv_finish+0x14c/0x2a0
[  902.886174][    C0]  ? NF_HOOK+0x336/0x3c0
[  902.886194][    C0]  ? process_backlog+0xaa3/0x1950
[  902.886210][    C0]  ? __napi_poll+0xae/0x340
[  902.886224][    C0]  ? net_rx_action+0x627/0xf70
[  902.886239][    C0]  ? handle_softirqs+0x22a/0x840
[  902.886260][    C0]  ? do_softirq+0x76/0xd0
[  902.886280][    C0]  ? __local_bh_enable_ip+0xf8/0x130
[  902.886299][    C0]  ? __alloc_skb+0x1aa/0x7d0
[  902.886315][    C0]  ? alloc_skb_with_frags+0xc8/0x760
[  902.886332][    C0]  ? sock_alloc_send_pskb+0x878/0x990
[  902.886351][    C0]  ? unix_dgram_sendmsg+0x460/0x18e0
[  902.886372][    C0]  ? __sys_sendto+0x672/0x710
[  902.886388][    C0]  ? __x64_sys_sendto+0xde/0x100
[  902.886403][    C0]  ? do_syscall_64+0x15f/0xf80
[  902.886423][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  902.886456][    C0]  ? ip_rcv_finish_core+0x100a/0x1c00
[  902.886471][    C0]  kasan_save_free_info+0x46/0x50
[  902.886491][    C0]  __kasan_slab_free+0x5c/0x80
[  902.886507][    C0]  kmem_cache_free+0x182/0x650
[  902.886526][    C0]  ip_rcv_finish_core+0x100a/0x1c00
[  902.886546][    C0]  ip_rcv_finish+0x14c/0x2a0
[  902.886569][    C0]  NF_HOOK+0x336/0x3c0
[  902.886591][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  902.886612][    C0]  ? NF_HOOK+0x9e/0x3c0
[  902.886632][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  902.886654][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  902.886678][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  902.886698][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  902.886718][    C0]  ? process_backlog+0x3eb/0x1950
[  902.886742][    C0]  process_backlog+0xaa3/0x1950
[  902.886767][    C0]  __napi_poll+0xae/0x340
[  902.886782][    C0]  ? skb_defer_free_flush+0x233/0x260
[  902.886799][    C0]  net_rx_action+0x627/0xf70
[  902.886822][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  902.886844][    C0]  ? do_raw_spin_unlock+0xf5/0x210
[  902.886866][    C0]  ? try_to_wake_up+0x7f2/0x1380
[  902.886889][    C0]  handle_softirqs+0x22a/0x840
[  902.886911][    C0]  ? do_softirq+0x76/0xd0
[  902.886934][    C0]  ? __alloc_skb+0x186/0x7d0
[  902.886949][    C0]  ? __alloc_skb+0x186/0x7d0
[  902.886966][    C0]  do_softirq+0x76/0xd0
[  902.886986][    C0]  </IRQ>
[  902.886991][    C0]  <TASK>
[  902.886997][    C0]  __local_bh_enable_ip+0xf8/0x130
[  902.887018][    C0]  __alloc_skb+0x1aa/0x7d0
[  902.887037][    C0]  alloc_skb_with_frags+0xc8/0x760
[  902.887054][    C0]  ? kasan_save_track+0x3e/0x80
[  902.887068][    C0]  ? __kasan_slab_free+0x5c/0x80
[  902.887083][    C0]  ? kfree+0x1c5/0x640
[  902.887102][    C0]  ? syslog_print+0x57c/0x610
[  902.887117][    C0]  ? do_syslog+0x583/0x7d0
[  902.887131][    C0]  ? __x64_sys_syslog+0x7c/0x90
[  902.887148][    C0]  ? do_syscall_64+0x15f/0xf80
[  902.887168][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  902.887189][    C0]  sock_alloc_send_pskb+0x878/0x990
[  902.887223][    C0]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  902.887254][    C0]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  902.887276][    C0]  unix_dgram_sendmsg+0x460/0x18e0
[  902.887303][    C0]  ? kfree+0x1c5/0x640
[  902.887324][    C0]  ? syslog_print+0x57c/0x610
[  902.887341][    C0]  ? syslog_print+0x57c/0x610
[  902.887358][    C0]  ? __pfx_syslog_print+0x10/0x10
[  902.887375][    C0]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  902.887395][    C0]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  902.887419][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  902.887440][    C0]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  902.887462][    C0]  __sys_sendto+0x672/0x710
[  902.887481][    C0]  ? __pfx___sys_sendto+0x10/0x10
[  902.887503][    C0]  ? seqcount_lockdep_reader_access+0xd4/0x100
[  902.887531][    C0]  ? rcu_is_watching+0x15/0xb0
[  902.887550][    C0]  __x64_sys_sendto+0xde/0x100
[  902.887568][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  902.887584][    C0]  do_syscall_64+0x15f/0xf80
[  902.887604][    C0]  ? clear_bhb_loop+0x40/0x90
[  902.887623][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  902.887639][    C0] RIP: 0033:0x7f2e6a104407
[  902.887654][    C0] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  902.887666][    C0] RSP: 002b:00007ffdae126aa0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  902.887682][    C0] RAX: ffffffffffffffda RBX: 00007f2e69fb4c80 RCX: 00007f2e6a104407
[  902.887693][    C0] RDX: 0000000000000049 RSI: 00007ffdae126be0 RDI: 0000000000000003
[  902.887704][    C0] RBP: 00007ffdae127010 R08: 0000000000000000 R09: 0000000000000000
[  902.887714][    C0] R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffdae127028
[  902.887732][    C0] R13: 00007ffdae126be0 R14: 000000000000002e R15: 00007ffdae126be0
[  902.887752][    C0]  </TASK>
[  903.910347][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  903.917272][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  903.927999][   T31] Tainted: [L]=SOFTLOCKUP
[  903.932537][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  903.942624][   T31] Call Trace:
[  903.945929][   T31]  <TASK>
[  903.948882][   T31]  vpanic+0x56c/0xa60
[  903.953007][   T31]  ? __pfx___schedule+0x10/0x10
[  903.957887][   T31]  ? __pfx_vpanic+0x10/0x10
[  903.962602][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f4/0x300
[  903.968809][   T31]  panic+0xc5/0xd0
[  903.972655][   T31]  ? __pfx_panic+0x10/0x10
[  903.977201][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  903.982618][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  903.988976][   T31]  watchdog+0x102c/0x1030
[  903.993346][   T31]  ? watchdog+0x1c9/0x1030
[  903.997889][   T31]  kthread+0x388/0x470
[  904.002074][   T31]  ? __pfx_watchdog+0x10/0x10
[  904.006863][   T31]  ? __pfx_kthread+0x10/0x10
[  904.011597][   T31]  ret_from_fork+0x514/0xb70
[  904.016453][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  904.021786][   T31]  ? __switch_to+0xc79/0x1410
[  904.026517][   T31]  ? __pfx_kthread+0x10/0x10
[  904.031225][   T31]  ret_from_fork_asm+0x1a/0x30
[  904.036037][   T31]  </TASK>
[  904.039630][   T31] Kernel Offset: disabled
[  904.044052][   T31] Rebooting in 86400 seconds..