last executing test programs:

16.205978966s ago: executing program 0 (id=589):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005201201", 0x2e}], 0x1}, 0x0)

14.079073431s ago: executing program 0 (id=594):
syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="63727566742c6d61703d6e6f726d616c2c73657373696f6e3d3078303030303030303030303030303031362c636865636b3d72656c617865642c00da9c02cf387b84b8da3110c57871aeacd25b6e0adf2b58f19125f24368a9aa7c25211440d1fe426d3e94175022c4f7afa24904b183ec46c4efcf5daf3d78dba636236d10"], 0x1, 0x519, &(0x7f00000013c0)="$eJzs3VFP2+YawPHHFAQnR6qOzjmqKgTtW7pJVKKpk7RUUa885014W8eObKeCqwqVUKGGriqbNLjrTbdJ24fo7T7EtC9U7W7aHZPthIZCEgY0Yej/i9r3jf3Y72MT+ZEhtgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjlVmy7YIln/Oaq6s+thEF9wPzu+u4cagaMK2Il/2RmRq5nk67//+Psa8l/CzKXvZuTmaSZkb1/X/vPo/9NTnSXH5DQSOzs7r1cb7dbb8adyJjUtG+iwNSdmlYmClT5XyKyUo1U1Xg6WotiXVduqJ04CNWie0cVyuWS0vm1oOnXKo6nuxMf3i3a9rJ6nG9oJ4wC/97jfOSuGM8zfi2NSWYnMQ+TD+ITE6tYO3WlNrfardKwJJOgwkmCisOCinaxWCgUi4XlB+UHD2178sgE+xNyJGL8H1qM1zkfwYHTm+jUf/HEiC9NWRV17MuVioQSSL3P/I5u/f/ynh44bm/971b56x9nz0pa/29k7270q/99chnda0d2ZU9eyrq0pS0teTP2jEb7qokWX4xEEoiRujjpFNWZoqQsy7IstjyTFalKJEqqYsQTLZGsSSSx6PQT5UooWhyJJZBQlCyKK3dESUH2p8tSEiVa8rImgTTFl5pUxEnXsilb6X4vDcjxIKhwkqDigCDqP87u/A/iwCntd+s/AAAAAAC4tKz0t+/J+f+UzItMWVI1nrbHnRYAAAAAADhH6V/+55JmKunNi8X5PwAAAAAAl42VXmNniUhObma97pVQ/BIAAAAAAIBLIv37/42kySW9m2Jx/g8AAAAAwGXzQ7977P+WTrUsiRrT1q+/SxhOWW8bq19Y204yw9m+ki135dM1xtVZ62pnJWmzPNl55+o5q3P3y4ObYH7oNJvD7vVvnUMC8pPcymJubWTtRndONkquajyddwPvUUEc5+pErFfjb19tfSfp5v/o169asrnVbuWff93eSHN5m6zl7XbnBopH7qM4IJdvZD6LmT9+i6fSCzE64+ayce3e7Z/IFp/4G2O+k4UsZiGXtbnD2z+TjFnI99v6LItpETnTlr+T21nM7cXbWXNMFsUhWbSKvfv/VPviBFmUhmVROmMWADAum0OqkHW08J/iKDea6v5OFrOYxdn0wDo5e8wR3R52RLfPWNd/OfIMpH41Nhn354NxC+m475MF3vcdN/KKlsy8/mN/f/u1XNvZ3bu7tb3+ovWi9apYLC3b9237QVGm0s3oNNQeAMAxhj9jZ2iEdX/IWfV/D75SkJfnIn/u72/IUnq1QfqNg2PXmuv5GsLSkLPWXM8TXpaGnNXleh70cvLY0gh+EgAAjM7CkDp8kvq/NOS8+3AtH3x23FvLAQDA56HDD1Yu/t4KQ9N4ViiXC068olUYuE9UaCo1rYwf69BdcfyaVo0wiAM38JLOU1PRkYqajUYQxqoahKoRRGY1ffK76jz6PdJ1x4+NGzU87URauYEfO26sKiZyVaP5lWeiFR2mC0cN7ZqqcZ3YBL6Kgmbo6rxSkdY9gaai/dhUTdL1VSM0dSdcU08Dr1nXqqIjNzSNOMhW2B3L+NUgrKerzY97ZwMAcEHs7O69XG+3W28+Y2fc2wgAAA6jSgMAAAAAAAAAAAAAAAAAAAAAcPGN4vq/f15n+mKkMe7OxMVIo6fTven0RcnnEnfGfGAC8Nn9FQAA//9YMFYH")
timer_create(0x3, 0x0, &(0x7f00000000c0)=<r0=>0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r1, &(0x7f0000003900)={0x2020}, 0x2020)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="98000000000000000000000000000000e80003000000000085100000fcffffff250000001000000007000000faffffff95"], &(0x7f0000000140)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x68}, 0x94)
timer_settime(0x0, 0x1, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_gettime(r0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file1\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x1, 0x14fe, &(0x7f00000020c0)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$vim2m(0x0, 0x5fb, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00'}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="440000001000050400"/20, @ANYRES32=r4, @ANYBLOB="0200000000004200240012800b00010065727370616e000014000280050016000000000006000e00d53c"], 0x44}}, 0x20000010)
socket$kcm(0xa, 0x5, 0x0)
rt_sigtimedwait(&(0x7f0000000100)={[0x666]}, &(0x7f0000000140), 0x0, 0x8)
timer_gettime(r0, &(0x7f00000001c0))

12.15858361s ago: executing program 0 (id=601):
syz_usb_connect(0x3, 0x99, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0x1, 0x58, 0xdb, 0x20, 0x547, 0x7303, 0x7ddf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x10, 0x40, 0x0, [{{0x9, 0x4, 0xe4, 0x8, 0x0, 0x88, 0x1b, 0x76, 0xfc}}]}}]}}, 0x0)

9.70285123s ago: executing program 0 (id=609):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="070000000000000000000200000014000180060001000200000008000300ac1414aa"], 0x28}, 0x1, 0x0, 0x0, 0x1fff}, 0x0)

8.411538596s ago: executing program 0 (id=612):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$bcachefs(&(0x7f0000000100), &(0x7f0000000500)='./file0\x00', 0x8000, &(0x7f0000000480)=ANY=[@ANYRESHEX], 0x1, 0x5a2a, &(0x7f00000010c0)="$eJzs3X+QXFW9IPBzu3syk5n8mAR4RJDJEMh7PHiaCb8K5dUz7+17+gp4VCxe+QgbhUAmGE1CKj8EAkpwwSUFWGhhKeofaCG7SLSoglUiJfJjE1bRLKtLbSG1uov+4RaypASylOUyr2b6np6e233n9vT05Ad8PpXM7XP69Pece+7p231O35kOAAAAvCPsu3XrwYtP+IeffHb4jZv+8Qcbbw595bH8nligP91ed7hayKHUXVk0ts2Oi7+44du/Hbzq7378UO+33ty79uR1v/z7Y6567BMX7Lnna0++PveRt14qihvH0+nj6eSVJISeHx740uf2Pnv8aF4yb/RnaWcIC5KFTy5IMiGG/hhCWJsmFmXufPiNs9aNbm++vXtC/vxMOeP9nW30OI8OrB0Hrz0j/OpvV93ys8Xf/U7X7pd3jhdJeurGUwjzrqh/fFcIYXb6f1QcbXE8xkG7MoTQW/e48wradUqL7V+Wkz4x3c5Kt30FceL9SzLpUqZcNh11Zba9BfVNV1472i1XZE4mnT0ZTVdeO2P+gnT7/XR7+hTjl9N9KCehlIRKrfkbkvExEuqOWxKSsWPZU0uXasc2pPufSSeZdCmTLndl9mus3nSglZNkYv7rc6vpTH48HVfS/JPrz9VNXJKT/65025M+Ud+M6ZC9UdXXcKO2X2Niuw5M0pZDoVR3DmqWXzvw6cHoS/P6koUNjxlpIt63d9UdS8urn9rXn9OO5KEkjZ+0FX/HTxfM+diDu7ZnX9dr8a8opfFLbcX/9YX7X71s1ze/mhv/rhi/3Fb8Mx/vfeXCp29dkts/B2L/VNqKv+alZ+5cfOyVu3Pbf2+M39NW/BV79nfPPfj4E7ntH4r9M7ut+C+e/8HfPPD8oy/nxg8xfm9b8Vfv2fz57oGDp+XGfyL2T1974+e13ee+MDDwu8G8+M/F+HPbin//znvef9/82y/IPb4rY//0txX/olMfu2XOwUdPyjt3Jvd26pUT4J3pmPQ91m1put155nTVzRe+Mlipvuebk/6f28mKMm8+R+uZ18n4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBCOO6M//Kh//2R/lcqabo7vfFiqbqN+bNCSGaHELZuW7Nl2/pNVw9+4prtWzat2TC4Ztvg8KZtW64fPPuvBrcMb96w5vrRe4fec1b1cQtDUt0mJzXU3T0yMlLqn5gX6/s3p+7+1dLz/s/vQxg67hcDldz2L7tn433HNvmZkawY+cDG7Rf/4pxvpPvVn7arv0m7RkZGRkJOu/7vpX+674sHfntaCEN/Nlm7nnnxb340oUFjGeNxUqXuUG1Qd9LbtB21Vqftif1VWbd+w/DQ5P07+vhyzn782xte/uO6677wp2r/9uTuR4v9O3vFyIbSl1dd9P+/fGM1o6hdh+u4F/V33IvYvth/PWl/z0v3a17OflVy9uvWnz3x/A9P2PX6zjBUeW1xY91F+9WVDoCu5F0t1Rtr6E0WTMjvScvHIx4ft2zbxs3Ltl6/4z3rN665evjq4U3vW3728nOHzjn3nGVje76sw/sf6//zFvf/0Iyn+Z/a+f34s7XxNLFds6bcH6PtKu6P+hblPf96L/nc3e+75+mLqxlF4zyWrp1P0m3v6HFeHurGW2NfNduvouMTQhhs1g+vvn5BOP5/rL+l6DxUf2Tqf2YkK0aeXfKHb5z39UV/Xc04JOf5+ga1eZ6vtXq8PWP91ZMej5EjtH+7Qzndr76m7Vr+7NNdd+z7/adr7Zs1K1y3Ztu2LcurP+ekLZ2TnNi0XdncuF+Lx36WQ9otoTZMm4zXUV2h2r7s+TMWz/ZqX3pfX7Kw6X5lxfv2rrpjaXn1U/vyejp5qFrj7DC3uk3enVNyQ+aB5VqDm9V/pD7/isbHwIe+/shHHvne2Q3j48zqz6L9SnL267vP33/3t77w77/Xuf360N/s7//D//z40mrGEX9eKVcbUmt12p6k/rxyZghFz7/Fofl+5D7/Ss33p+j5l61nvHzzeIOZdF8ot/V8PfPx3lcufPrWJbnP1wOTPV/rd/bGCY8rFzxfj5Txk31+JZWJ7Zi559eEgZKsGPnxbcfsfPKmlSdUM4peL2ulm43rs1qYf+Ts148ue2HgmsF/9987d9749l89fPkv16z4TDWj/eMe29KZ496T9m9PTv/WWh3nnfX9+96rrtmwtppf1M+H7/1vui2Y/8RTydbrd3xyzYYNw1u2trZfrb6exnqyvdzu62k8uy0s2K9Sw37N3I1W+qvV51ts/9q2+2vi860vJG29Luz46YI5H3tw1/b+hkelFV1RSuOX2or/6wv3v3rZrm9+NTf+XTF+pa34a1565s7Fx165Ozf+vUkav6et+Cv27O+ee/DxJ3LjD8X2z24r/ovnf/A3Dzz/6Mu58UOM39de/7+2+9wXBgZ+lxv/uSStZ/Q9UggPv3HWumo6CV3p8y22o2tCu0I2nWTSpUy6XJ8uxVWEtIJykkzMj+XS/JPr2tLMv+Tkx3dhPYuq2zdjOmRvTJ5/pCnVnfub5Re9TwUAeLuLn//H96Dx8//h9I1S/koDjJvuPGxRTtw4Dxtfz5n4GeuiNH58fFwHHHhvGBrd3jxYfaM/1c8R4vMhu84Z6zntlIkxCtc5R8bqb1jnLFp/X5JJx3ZV18srdfPQVOO8phJaWH9vrGfy9ffM7hd/njV4W0OzBuvWrbLHrytdMWt2vUOmvZXRCHnjI7suFq/nGJgXVo7V1+L4yF5HE49D9jqaWM8JmRNnu9fR5I2P/sZ+mNCuOD5iuUnGx1iTiz+PbDx+YZL+HT9+zaNlj98UjnfPaPmOfj77Vu3u2uezHVg3bHpKm3zd8MuF8VtfN5zZz8OsS+bET59gR/q6YcyP+1FpcT3xIzn5nVpPjKeL2K4Dk7TlULCeCLxdxfl/fI0Ynf+PvgH/f5lyRfOU7LvGGC/3OqFy8/YUzTsar9Prbet1fPWezZ/vHjh4Wu77nCdavU5v84RUb8F1P0X9uDSTLuzHnAWaovletp6ifs9el9EX5rbV7/fvvOf9982//YLcfl9ZfSEt7ve7q5v70n4s6PeZvp7z6L/OwHyhafyj5DqGovWzwzYfSS98mqn5yD/n5E91PtLbcKO2X2OO3PnI+AvphPlI16FtFwBw9Ijz/9rnZ+n8/3/FAun7iKJ56+mZdIyXO2/NeX+SN2/9p3R7XaZ8X/obFVN933zRqY/dMufgoyflzlvubXUe+h8npPoL56HTmzfnziNWduZ68dx5RG2eNb15Ym77a/PE6c3Tcz6mrZunT28ends/tXn0xHWAu/e3Fj+uA8T42Y8TxtcBOjjPfWu80KGb5xas12Uqi8lW1+sOyzx63sT9nJF5dPrrszM1j74kJ3+q8+i+hhu1/Rpz5M6jJ+abRwMAb1dx/h/fxsX5/9OZctP9nD13XtCh9+3ZvwdSi//cjMwrx+N36PPf3HlHhz7/LZ63zvS8fqbXJY72z39nel2of+wPeM7UOtlh+3z5SJkXp5WaFwMAcCSL8//ZaTp//j+9+UnD/K2r+hZyfH5y9M3P68uZn+fEf9vMz3vHduToXf+a2etkDsX8f6QufcTN/2M6TY6Y/wMAcASK8//4a4/x7//95zSd/bv1R+M8Pfgc/Z00Tz/Kr1Pp8DpbjF9/HcBRvg5wRF8HENOh7sbs8fLWAQAAOBy6xmZKjb9n/9F0m/09+7zfy78sp3yrKunb4yu3bRkevnz75rVrtg1fvumatcNbL792y/pt24Y3VctNd96YO29J541doZL2R/Ny2Xnb/PTvIczP+XsI2fIx7IljNxr/HkK22tkFf0dg/Pi10N66P56dPX6lnPbmjY+84503Pv4lp3xUO/5XffzMy9dtvXz9pvXb1ic7G8qNzlp7p/C9mUn6f0rfl5r50aA09e/vjIdneu0oNbSjK+2PvO9nTzLtWJC2ZEHe9x/ktPsn/+2Lnzp15E8PhDB0XPnd0+q/ZMXIf7p0+J+27fvF5tH2lyZtf61k2q6i7yvNlo/7U9lwzdZtZ6y7Zvum7DdKtieuZ5Rq6Rlaz0if/uUW1ydW5+RP9ff3yw03jkwtr08AADBB/Pw/vp+Nnx9+IX0DFfNbn6dP7/Pj3Hn6UGvz9Oz3khXN07Pl4/62Ok/vaTpP/6/3xz0umqdn68+bR5cmKd9snp43786L/8855aeq9XHSxnUecfr54K7tuePkitbGSfb7DIrGSbb8VMdJMs31nGz9ReOkWflm4yTvuOfF/3BO+TxF46FSGw/Tuy4ndzzc1dp4+MtMumg8ZMtPdTyUpjkesvUXjYdm5ZuNh7zjmxf/4pzyrZo4PkYHxti4GL782mu2fLKu3Ex//0VovCSjlfbNGn/szH7/R7ta79+Zve5r+u0PYcVYTl77Z/a6sum3v6j/p3Bd2bzQcF1Zbvufm95KWOvtn9nvd8loUrzZauAhXK9NzwRF158VreOuysmf6jrurIYbRybruHD4xPl//Lgnzv9vT7ed/hjo6P+eNN9j1jR+h77HrOh9zDvu9Tz7kbvXcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC3he7KorHtvlu3Hrz4hH/4yWeH37jpH3+w8ea/uOHbvx286u9+/FDvt97cu/bkdb/8+2OueuwTF+y552tPvj73kbdeKgzcP/azcnqa7AkheSUJoeeHB770ub3PHj+al4QQykn/zhAWJAufXJBkIgz9MYSwttbOiXc+/MZZ60a3N9/ePSF/fiZIdr9CXzm2p76dIVxXuEccheJx3nHw2jPCr/521S0/W/zd73TtfnnneJGkp248hTDvivrHd4UQZqf/R8XRtig+ON2uDCH01j3uvIJ2ndJi+5flpE9Mt7PSbV9BnHj/kky6lCmXTUddmW1vQX3TldeOdssVmZNJZ09G05XXzpi/IN1+P92ePsX45fg/CaUkVGrN35CMj5FQd9ySkIwdy55aulQ7tiHd/0w6yaRLmXS5K7NfY/WmA62cJBPzY7lMfjwdV9L8k+vP1U1ckpP/rnTbkz5R34zpkL1R1ddwo7ZfY2K7DkzSltR/KC7SvlLdOahZfu3ApwejL83rSxY2PGakiXjf3lV3LC2vfmpff047koeSNH7SVvwdP10w52MP7tq+KC/+FaU0fqmt+L++cP+rl+365ldz498V45fbin/m472vXPj0rUty++dA7J9KW/HXvPTMnYuPvXJ3bvvvjfF72oq/Ys/+7rkHH38it/1DsX9mtxX/xfM/+JsHnn/05dz4IcbvbSv+6j2bP989cPC03PhPxP7pa2/8vLb73BcGBn43mBf/uRh/blvx7995z/vvm3/7BYtyXhiSlbF/+tuKf9Gpj90y5+CjJ+WdO5N7O/XKCfDOdEz6Huu2NN3uPHO66uYLXxmsVN/zzRn7X+5kNQ1G65lXvVmZ0YoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhb+fmNZ3/00g98eFUlCSHJKTPSRLyvPGvFisE26l3z0jN3Lj72yt31eYvaiAMAAAAUi/PwUi2nJywK1yazw4lNy8c1ghNjKpmYn11DiHGyawTtxik1iVNqI065Q+2pdChOV4fizOpQnO4OxekpiNMTWosze5I4ldER0GJ7eidtT+tx+joUZ06H4swNIdk5vizXdpx5HWrP/A7F6Z80TuvjcEGH4izsUJxjOhTn2A7FOa5Dcf6sQ3GO71Cc7JryVMfh3LTkCXlxxm6UC+NUknLtjmbr6cen9Zw0zXr6CuqZW/R63GI9s1us55TM40pTrKenxXr+vIV6kib7W0u3WM9fTnN/SgX1xHF7XbZ9sZ6YanH8X9+hODs6FOeGDsW5sUNxPt2hOJ/pUJybphkHoFVx/j8+3+sP3ZW/Dr3pGSe7ChDnu4vHfja+3uWdkGK8d2fyZxXFy07UM/EWT7V92QWETLwlmfyuCfEqtfnIJPF66uMtzdw52f6ev6J52+rjnZ7J754k3oQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD4Oc3nv3RSz/w4VUhCaP/mhppIt5XnrVixWAb9e5ddcfS8uqn9tXndVfaCAQAAAAUivPwrlpOT+iuLA/dyawJ5XrSdYCeNF3ur24H5oWVo9tksDSW7k0WTPq4Svq4Zds2bl629fod71m/cc3Vw1cPb3rf8rOXnzt0zrnnLFu3fsPwUPVnCN0F8UIIY8sPW6/f8ck1GzYMb9lazcy2f1H6uEVpOkkfN/DeMDS6vTlt/8KC+koN9XXoxq7QcFfx0QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH9l195C5DrrAIB/Z2Z2ZrptzEhv09BshzQtUasmcSuplu4BwUJzIUtBZqtrCTbB4qYJbVJiHduAbU1QhJZAiOTBSCy2Fl96sUXshUCkRgNuDNIWzYM+KK1W0pIHSR3ZnTlz25nOOpTc/P0ezjnz//7f9z/fWVj4nxkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAza7oyOlkeG5+YuY565FS7SMbS2TguDVD3Ky9u/UFu5NSy1lguM8BCAAAAQF9JHz7UiORDLh9COlw1+2lJaBkIzb4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4/zNdGZ0sj41PXByFEPXIqXaRjKWzcVwaoO6Jd5/+7OsjI39rjRUHWAcAAADoL+nDU41IPhTDtWEoumqm829Ek3cDizrm1/KaknUWzzOv891Br7xr55l3/TzzPtYnb139vCMAAADA+S/p/zONSCHkMgvm9MNJ/9+vr0/yrunIS9fP8/+tQHbemQAAAMAHS/r/XCNSDLlMsdGvz7ffX9KRl8zv9719Mv+6HvP7fZ+/tn72PT0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnD+mK6OT5bHxiXQUQtQjp9pFMpbOxnFpgLorXxr+x+pDjyxpjeUyPdMXDlACAAAAqEv68GbrnQ+5zHAYChfP9v0jt+5/9kvPPj8aQqi1+dls2LFh27Z7V9aOSd6KI4eGvn/47W/PyVtRO561DQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+a6croZHlsfOKiKISoR061i2QsnY3j0gB13/z8F//y5PEX3mqNFQdYBwAAAOgv6cObvX8+FEM2ZMMVs59ae/0ZqY75vd4ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABeO+775wDc2TE1tvNfF2bmopkM4B27DhYv2i7P9nwkAAPiwXROiUP0fXbn+bN81AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwLpiujE6Wx8Yn8lEIUY+cahfJWDobx6UB6sYvHs0tOPXSK62x4gDrAAAAAP0lfXiz98+HYhgKQ+Hy2U/d3gnM9v+FM3iTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDllujI6WR4bn1gQhRD1yKl2kYyls3FcGqDuEzv3fe7gwu/d1hrLZQZYCAAAAOgr6cOzjUg+5DIfD7lwdf3zVPuEKF0/d38v0Jy3tW3a8LznVdrmpec9b1fHzjL13dTm5ZP1CrVzY16pOS9Vn1dqmVcMjfKlxrzZh7WnrdqCPvc598kDAADAmZP0/7lGpBBymVxL///TtvyCPhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6GG6MjpZHhufiKIQoh451S6SsXQ2jksD1H3gtx+95Ks/2729NVYcYB0AAACgv6QPb/b++VAMi8NHwuLZvj8U2vOTvH+WTx98/F9/XRbC8iuOjWQ6l/1RcvHrN295ufMQQqo9OxXCwnq9qEe93/z+8fuXVk8/GcLyy9NXz6kXPrhe+5Jx9bnyxrXbDh/b2ufhAAAAwAUi6f+HGpFCyGXu6dn/J513n/6/YbYBX3j/zl9cVj/WO/KOGalCvV6qR70vLH36z9et+vvbM/3/3HqfbFx9et/mg5e1FaxFOkRxdWzz9nXHbjyQSnZdq5/uqJ88ly9/661/b9rx2Ola/XzI1+OLOm6lVm3usaN8iKtTqb0Ta97fW2mvn+mx/0d+98rxXy3a/d5M/XevGW7Uvz50q1/beaZn/XBRXB2+/dE9N+07tK69fgih1K3+O+/dFq78490Pd+5/uGPh1iffeux8AHH1yJKTB1btL97cXj/qqJ88/58ff2LPTx777vNJ/eS3Isuu7VP/P8kPVlId9V/bdenOVx9av6i9fqrH/l++4/WRLaXv/KFz/3e1rZrp+RTm7v+pG565840N8YOdQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABeW6croZHlsfCIVhRD1yKl2kYyls3FcGqDuidVH37lj949/2BorDrAOAAAA0F/Shzd7/3wohmzIhuHZvv+58sa12w4f2xoKtdGofs5Mbblv2yc2bdl+z11n6c4BAACA+TqxOprt/zONSCHkMkvDUL3/H9u8fd2xGw+kkv4/NXOOQgib7p7auDw08l7bdenOVx9av6jxniCE2Z8F5GfyPtPMu/WWo4WTf/r6dV3zVjbzjiw5eWDV/uLNSV5ozVsRGu8nnrrhmTvf2BA/2Li/1rxPfW3LVP31RLLu8O2P7rlp36F1qeQ9Rv08XF83yZtK7Z1Y8/7eSqoQcjPj6Xpevr7v/vID/00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Hw1XRmdLI+NT4R0CFGPnGqreiAZS2fjuDRA3TVLf/nwJadeWNway2UGWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+C87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2K+/EKnKPg7gzzOz++7szq7u6gttRetqRWEXSkFE3VRUhEYIXRkSluZFFAQRhV20hkZiRTdB1o1EBdUWgkFukmixRv+kmy4qKLAuApEWahfpomJmnjPOHuc0OmtB9fnA8OzznHO+53fO88yZPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCP0tczWm+P7Hho7vYLbv7kiXtnH7/1vQe2XfbYGz+Mb7rx470Dr56c3rx8y9c3Ld104L41U7tfOvzL0Du/HesY/GijWZm6lRDiiRhC5f2Z55+c/vS82lgMIZTj8EQII3HJ4ZGYS1j9awhhc7PO+Rv3zV61pdZu29U3b3xxLiR/XaFazuppGJ5fL/8ulbTOts49ckX49ob12z9f9vZbvZPHJ07tEmv7lNN6CmHRxtbje0MI/elTk6220ezg1K4LIQy0HHdNh7ouPsP6VxX0L0zt/1Jb7ZCTbV+R65dy++X7md5cO9DhfAtVVEe3+3UymOvnH0YL1axzVfvxkdS+m9qVZ5lfzj4xlGLoaZZ/fzy1RkLLvMUQ63NZafZLzbkN6fpz/Zjrl3L9cm/uuurnTQutHOP88Wy/3Hj2OO5J48tbn9Vt3FEwfn5qK+mLejLrh/wfDdXT/mheV11W18yf1PJ3KLU8g9qNNyc+TUY1jVXjktOO+b2NbNv0+qcvLW/44MhwQR1xb0z5sav8rZ+NDN715s6HR4vyN5ZSfqmr/O/WHv3pzp0vv1iY/1yWX+4q/8qDAyfWfrhjReH9mcnuT88Z5cfUz7bdfeyjZ5b9/57JdnNdz9+T5Ve6qv/6qaN9Q3MHDxXWvzq7P/1d5X9z3S3fv/7l/uOF+SHLH+gqf8PUg8/2jc1dXph/qPFVqNZXaBfr5+fJq78aG/txvCj/i+z+D7XJjx3zX5vYfe0ri3etKVyf67L7M5zy+8+q/tsuObB9cG7/RUXPzrjnXP1yAvw3LU3/Yz2V+p3eM/fNltq+Zy5Uy/vCC+M9jV+gwfQZOpcnyqmdZ9FfmA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAHO3BAAgAAACDo/+t2BAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBTAQAA//9Y6S31")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r0, 0x0)
ftruncate(r0, 0xc17a)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40000009845ebf61cb0000000000000a5000000001ed6e69500000000000000fced9adf385df0bc9ceebfbf415796a7bdeb0836b99624dd3291a257440504a20cda0eae88113cddb8c71b6561d8555ec4e6da00000007000000003e18cdf9ea1eb4be58d7e19411d968205a35a0c44d7b8847820125d30548608e5d05ce62b6e18ea6418ee6a2e9e53ea33b5af0d76cabd2cbdc3598d6ecfe10df888ea22c282a222ea7f5e834c358144939f702e401b819d6bbfdf7683fc2b27da4d85d83fae1e1442265335dfdd7b1ec9e13929cd5e35d7a31cb594e427105f28d70dd80cbabab4c692f554e5a657719b34dd516351f73523e40a8bd4bd23590c5807360a0cb113befe7f0b3834d4729570100b08d"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000000201005)

6.193472792s ago: executing program 0 (id=617):
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="80aa008a16d59ff0efbf6fc3ce0e4026cb4444994c1c84b642484e4876e06fcb49be6452cf2f773aa1132c5cd66fee3159700537dbb816b61abe2ddb3f2a3dad52d4d36458decc723149bec5446356eea3c31f04f8dffaa2b968b14abd07bbf7211b406dae23025ee2a858e5c82d009a7dd3d683b1f934775557a480126bc7eb", 0x80, 0x0)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={0x0, r1}, 0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000a40)={r2, r2, r2}, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0xc008, &(0x7f00000002c0)=ANY=[], 0x41, 0x302, &(0x7f0000000e40)="$eJzs3M9rE1sUwPGTNG3SlDZZPB68J9KLbnQztHEvBGlBDCi1EX+AMG0mGjImIRMqEbFx5dZ/w9BlN1LQ+gd0486VG3HTjeCmoDWSzKSdaSehxjZpyfcD5Z7ee09nJndSzoTMbN99/SSftbSsXpFgRElQpCa7IvFm5FieFJGABKTVjNmdEbupyeWJ75/OKxFJplJzC0rNJxevJJRSU9Pvnj5fu7BZmbizPrURlq34w+1viS9b/279t/1r8XHOUjlLFYoVpaul4ueKvmQaKpOz8ppSt0xDtwyVK1hG2R4vVpzNSqlUVXohMxktlQ3LUnqhqvJGVVWKqlKuKv2RnisoTdPUZFSGx850qyn9aV66vrCgJ3vc6HKPeTh2m11Hy+X2m+dDwzuSrp/cPgEAgNOqXf+H3fX/jrf+Dzht0F3/O2pSa9b/t+/dv3GE+n9jrEP9XzxU/zvXF+IZz5rFUikg1P+9iBzuStdHeq//cUaUx0Xqa7L/jn75YG2mFVD/AwAAAAAAAAAAAAAAAAAAAABwFuw0GrFGoxFrtkGx4+ZP2LlhpP37oPcTJ8O9/vZah5qrzvoPCdeNexER89VKeiVtt/Z4Mis5McWQGYnJz9b54LDj+eupuYBqict7c9XJX11Jj3jzZyUmcf/8WTtfefNHJerOT0hM/vHPT/jmj8mli658TWLycVmKYkqmdV7v57+YVerazdSB/HHJ+NwxBwAAAADAWaSpPb7X75rWadzOP8rnAzO+1+ch+T802GMHAAAAAGBYWNVned00jbIdBETE27MXvHEyfIa8wVdnYrc5xxqMHjyKYwjetoJAp7/c/mZAfw7QJ2g/k7nr5HFnkmfI+Xhmtf/7/NfB9EC2Hmqe9K6eaMfJUyN+L3i3IOw8lbnZs9s4MOfq+rkfg3vB+/YvCAAAAECf7Bf9g94TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGVz8eJzboYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOi98BAAD//+iUEh8=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fstatfs(r3, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006840)={0x2020, 0x0, 0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x6, {0x5, 0x0, 0x4, 0xfffffffffffffffc, 0x0, 0x0, {0x0, 0x2000000000, 0x0, 0x2, 0x0, 0x0, 0x4, 0x4, 0x4, 0x2000, 0x7, r5, r6, 0xf0ee, 0xffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
mount$nfs(&(0x7f0000000200)='\x00', &(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000280), 0x100000, &(0x7f00000002c0)=ANY=[@ANYBLOB="2f6465762f66757365002c2c7b2d5d5c02000000000000007a30002c002c7076667332002c66756e633d43524544535f434845434b2c61707072616973655f747970653d696d617369672c66736d616769633d3078303030303030303030303030303030362c636f6e746578753d756e636f6e66696e65645f752c666f776e65723d", @ANYRESDEC=r5, @ANYBLOB=',\x00'])
r7 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$get_persistent(0x16, r5, r7)
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, &(0x7f0000000140)=""/67, 0x43, 0x0)
r8 = socket$inet(0x2, 0x2, 0x94e3)
r9 = socket$netlink(0x10, 0x3, 0x0)
writev(r9, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
writev(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r8, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

5.730669688s ago: executing program 1 (id=619):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061114c0020000000850000009900000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x94)

5.135737384s ago: executing program 2 (id=622):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) (async)
r2 = signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0)
r3 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2}) (async)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000240)={0x0, @aes256, 0x0, @desc2}) (async, rerun: 32)
io_uring_enter(r3, 0x2def, 0x9566, 0x0, 0x0, 0x0) (async, rerun: 32)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) (async)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) (async)
setsockopt$sock_int(r1, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) (async)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='cmdline\x00')
read$FUSE(r7, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@local, 0x3ff, 0x2, 0x0, 0xd, 0x3, 0x1e}, 0x20) (async)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e22, 0xe5, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xfffffdff}, 0x1c) (async, rerun: 64)
listen(r1, 0x0) (async, rerun: 64)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000104000000200000000000000000", @ANYRESOCT=r2, @ANYRES8=r2], 0x44}}, 0x0)

5.042441355s ago: executing program 1 (id=623):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001", @ANYRES16=r0], 0x7c}, 0x1, 0x0, 0x0, 0x24040050}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x404c040}, 0x0)
socket$inet6(0xa, 0x5, 0x5)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000180), 0xfefc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000c, 0x10012, r3, 0x0)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000000040)={0x3, 0x4}, 0x2)
r5 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r5, 0x800442d4, &(0x7f0000000380)=0x4)
getsockopt$bt_rfcomm_RFCOMM_LM(r4, 0x12, 0x3, 0x0, &(0x7f0000000400))
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="af0000000000000000fc00"/20], 0x78}}, 0x0)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mount$tmpfs(0x0, &(0x7f0000000140)='./cgroup\x00', &(0x7f0000000180), 0x0, &(0x7f0000000440)={[{@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x30]}}]})
sendmsg$SMC_PNETID_FLUSH(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000740)={0xa0, r6, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_bond\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'pimreg0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0xa0}, 0x1, 0x0, 0x0, 0x1}, 0x4000004)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a3200000000f70007404884b24b02a8a7758a688958ed60ecfd057e10926ba77e5596b13e43cd4488e4aa68af5f7236ec205b6e4cac2a0d86c336bf07dbe861f4f57bcef92dcf818d532d4475b5daa4dadc1690f228e860bba5a0b5d9bde86862e8f7fc08f0debd4974c6fae7d737a0007ec948ac4d8714ebff6b25648fb910e0d6d07f023cf5fa4051627b9c5b69e265538f9ba683bf172a5ff815afa543c12e550a1bcc9287080c7c12cc89d216c56febb0b06134672ea6b0077c846396169475f271319988f49ec94f2996e5d0e1cb151fb223e556f10fb681d068e055eb34e5f8fc7a524ffe5f4632a6c74ad0fe0b1542497d76a5a4416c47805e001c0005"], 0x1ec}}, 0x0)

4.283112662s ago: executing program 2 (id=624):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="2e00000011008b88040f80ec59acbc0413a1f8480f00c3005e2900421803001825000a001400000002800000121f", 0x2e}], 0x1}, 0x4000)

4.121245744s ago: executing program 3 (id=625):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000a0000000020000000001000320003010000000000000000000010002b00000000000000000000200000fc020000000000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0)

3.612732433s ago: executing program 1 (id=627):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0x114}], 0x1}, 0x0)
syz_mount_image$squashfs(&(0x7f00000002c0), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYRES64=0x0, @ANYRES64, @ANYBLOB="88e2e648f70ad5763a343daf39cab3defb775f0676e8010000000000000015dc40799b832d5db4fea2b9894d580000000012e959ef6d35f305144c1452069473802c4df7db59920ba4dd1e8c77bf67c36b2e4e5eee8dc00f81923ca96c9f6d3abda7166fbcead960aee4f4a132d01f373ebd52d7e5610ff6e55180d1dd609fabc9a27c57623b2c11427b1c9e5845b18375004721e60307c9", @ANYRES8=0x0, @ANYBLOB="46403d5b0cd8d68d426a04b4787195ff7424a82544a22122bc0b10c80fba4c6d01267249f7c3a8ab208fa40142d5c00129ab0566d8b7a6e002744040a9323940df302191d4504c3caa6c07685f08ddb695d817be317e3fd0452ce21ae9730000000000", @ANYBLOB="cd099bf46634ae0ef20ed2ba2228c7861d77eb8e89debf07a0ac26cdadf7a684dc0ee6f5048a6a3e2e299d207a30c3fe1e73696eaac25bca2d9a44025207a0e36ed20b09f1d1d8752bbb15faa46ca426761546b6172b48665c3907", @ANYRESHEX, @ANYBLOB="565ce6f5189acfa3316f89263710cde4cf935dd8aefd7044f7dcd5a74eea89"], 0x6, 0x18f, &(0x7f0000000840)="$eJzsVb1OKkEU/mYZdrk3t6CmveTCLZTdRYlvIJWVDyCBFYmLPyyJQkhcKx6FxKew8B0sTGywoNACSxMzZn5YZmsSgma+BL7vnDk/c6Y4exJdRg6Az/moiTwECP7giRBQACUifQeO5Hdbck3ZMyrZU/47xS+Ko8HwtBGGQU8IeyHCFQRTrRPPyhU3X7CbtTftbcrsRvwcwRjFGpsuzf1bC29ilz3OR00ujgAwxhj3teSP6DEZAA9aTIECBeRIBiyJoWJbAiUAlX73ohINhludbqMdtIMz36/W3B3X3fUrx50wcOU/0VpYcpGB838AfLH90s6zAJ7Vgv2NNIh2NXVO9Fy+f2exDCj/TedaWq5eQ9a9T2qoRQv+FIf4hxyAq5ho3qKoRiFGq4MgowyPaveUPXPiYLt5HrbGICCLtAloUsObIpsYvm5U9+LFFceKi4rriieKp4odkv4mUVHhVVnleDm0bQHXjX6/5wG2VD4Pkyof6w/Hu37Y6eGKDgwMDAwMDAwMvgm+AgAA//+a42GE")
llistxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000040)={0x4, 0x0, 0x3, 0xa, 0x100, 0x0})

3.53766736s ago: executing program 2 (id=628):
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="0409"], 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000000, 0x12, r0, 0x3aec5000)
madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)

3.462726891s ago: executing program 3 (id=629):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000280), &(0x7f0000000000)=""/3, 0x2}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={r2, &(0x7f0000000780)}, 0x20)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7001fbdbdf250100000008000100020000002c000480050003000100000010000300020000000500030002000000050003000000000005000300010000000800020002"], 0x50}}, 0x0)

3.262275426s ago: executing program 4 (id=630):
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1802000003000000000000000000000085000000d3000000850000008a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)

2.862076087s ago: executing program 1 (id=631):
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)=""/166, &(0x7f00000000c0)=0xa6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x8c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x79f}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x88}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1dd}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x2}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x5}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xcb}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x13}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x40}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}], @NL80211_ATTR_DURATION={0x8}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40}, 0x20000800)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1e2e81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48}) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newrule={0x44, 0x20, 0x1, 0x0, 0x0, {0xa, 0x14, 0x40, 0x0, 0x0, 0x0, 0x0, 0x7}, [@FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x44}}, 0x40000) (async)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "e4a18560d99f00", 0x800000}) (async)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
get_mempolicy(0x0, &(0x7f0000000140), 0x8001, &(0x7f0000ffa000/0x3000)=nil, 0x2)

2.814575805s ago: executing program 2 (id=632):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001050ed58f3000000000000000000000a30000000060a0b04000000000000000002000000180004"], 0x58}}, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001f000504000000000000000004"], 0x114}], 0x1}, 0x0)

2.729993772s ago: executing program 3 (id=633):
r0 = socket$inet(0x2, 0x3, 0x4)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newqdisc={0x58, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x3, 0x0, 0x0, 0x0, 0x10}}, {0x4}}]}]}, 0x58}, 0x1, 0x0, 0x300000000000000, 0x8800}, 0x20020000)

2.727208735s ago: executing program 4 (id=634):
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[], 0x14}}, 0x440d0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x0, &(0x7f00000004c0)}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
close(0x3)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7001fbdbdf250100000008000100020000002c000480050003000100000005000300020000002000030002000000050003000000000005000300010000000800020002"], 0x50}}, 0x0)

2.223788907s ago: executing program 3 (id=635):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c00000010000304000000000000001200000000", @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)

2.204325749s ago: executing program 2 (id=636):
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

2.118691324s ago: executing program 1 (id=637):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001", @ANYRES16=r0], 0x7c}, 0x1, 0x0, 0x0, 0x24040050}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x404c040}, 0x0)
socket$inet6(0xa, 0x5, 0x5)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000180), 0xfefc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000c, 0x10012, r3, 0x0)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000000040)={0x3, 0x4}, 0x2)
r5 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r5, 0x800442d4, &(0x7f0000000380)=0x4)
getsockopt$bt_rfcomm_RFCOMM_LM(r4, 0x12, 0x3, 0x0, &(0x7f0000000400))
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="af0000000000000000fc00"/20], 0x78}}, 0x0)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mount$tmpfs(0x0, &(0x7f0000000140)='./cgroup\x00', &(0x7f0000000180), 0x0, &(0x7f0000000440)={[{@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x30]}}]})
sendmsg$SMC_PNETID_FLUSH(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000740)={0xa0, r6, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_bond\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'pimreg0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'pim6reg0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0xa0}, 0x1, 0x0, 0x0, 0x1}, 0x4000004)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a3200000000f70007404884b24b02a8a7758a688958ed60ecfd057e10926ba77e5596b13e43cd4488e4aa68af5f7236ec205b6e4cac2a0d86c336bf07dbe861f4f57bcef92dcf818d532d4475b5daa4dadc1690f228e860bba5a0b5d9bde86862e8f7fc08f0debd4974c6fae7d737a0007ec948ac4d8714ebff6b25648fb910e0d6d07f023cf5fa4051627b9c5b69e265538f9ba683bf172a5ff815afa543c12e550a1bcc9287080c7c12cc89d216c56febb0b06134672ea6b0077c846396169475f271319988f49ec94f2996e5d0e1cb151fb223e556f10fb681d068e055eb34e5f8fc7a524ffe5f4632a6c74ad0fe0b1542497d76a5a4416c47805e001c0005"], 0x1ec}}, 0x0)

1.999437242s ago: executing program 4 (id=638):
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2)
ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000000500)={0x4, "d7fc5c445ce45e26f0d4d92168c6e63927c9e2a3e3929762794d1c771d715037", 0x2}) (async, rerun: 64)
ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x0) (rerun: 64)

1.406255456s ago: executing program 4 (id=639):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe800000ffffff0700000000000000aa00000000", @ANYRES8], 0x0)

1.058343785s ago: executing program 3 (id=640):
r0 = syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="747970653d4fc1f9cb2c636f6465706167653d69736f383835392d362c696f636861727365743d63703835372c71756965742c706172743d3078303030303030303030303030303030352c00", @ANYBLOB="0235c05919d0b76bc00fbb4e2b156b691bfe5630e9a05cd02f1bd55c1dbe693847e18c9b1fbe335aaf23b7663a5748398d9f08e78f7b5c90701ed424f087625306d8a7593ba27d5812f2c840845637c7347e00f5cae4214a5efd3e3544785ca9a20a5c00c07270827c25583739ea4cd65a6541489d627a851524858389e378bb077354e3e0b54e71a85318a66b75b9cb"], 0x11, 0x2b6, &(0x7f0000000200)="$eJzs3U9rE0EYx/HfbNI22lK3tiJ4rBb0Ilov4iUieRGeRG0iFENFrfjnVMWTiN69+xZ8EV4U34CePPkC6mllZifZJLvZTUOTber3Aw2b7D47z2T/zDyBsgLw37rV+Pn52m/7Z6SKKtK7G1IgqSZVJZ3R2dqznd3t3Xarmbejiouwf0ZxpElts7XTygq1cS7CC+27qpZ6P8NkRFF081fZSaB07urPEEgL/up062tTzyzf6zHj9g45j1lj9rWvF1ouOw8AQLn8+B/4cX7Jz9+DQNrww/6RHP/HtV92AhMX5a7tGf9dlRUZe3xPuVVJvedKOLs+6FSJo7Q8N/B+XvGZ1TfBNEVVpcslOPFgu926vPWo3Qz0RnWvZ7M199qMT92OgmzXM2rTHCP03WTPKBddH+ZsHzbj/J9L6st/dcwWx2a+mu/mjgn1Sc3u/K8aGXuY3JEKB45UnP+V4Xt0vQztVvK3jXq9HvRtsuIaOedb8Ap6WcuuSNQ5o1bU/wNBWJSnizo9EBX37mpB1Gpm1Gbn3ZCotb4o25vu2Ty8vUkzH8xts64/+qJGz/w/sPltKPfKTK4asxEPBe4bj/szn91c1e0zTI0c6cul+y0uDEv9b/49DQfwXvd1XctPX756WGm3W0/swr2MhcdL3U/m3kqZ25S8oL3kkwVFTmrjzqA0zcQuHeoO7f2jcGN7lR2Jg3KsFxrfpnsilbFQ8v0JU5Ec9LIzQUnsvMvE9V9Sr1TjyZ59CTPn6SP+EOD3GNk5dreCS2KjeEYu6eSBKrjF4RVcuuZK1Yyu5jp/Uboweouhz/OYMA390F1+/wcAAAAAAAAAAAAAAAAAAJg10/h3grL7CAAAAAAAAAAAAAAAAAAAAADArOs+/1ed5/9qtOf/Dj6K5TCf//txRzz/F5i8fwEAAP//FZd8vg==")
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="800000000b0601020000000000000000030000000900020073797a300000000005000100070000004c0008800c00078007001a00242e0000100007800c0018400000000000000009100007800c001b4000000000000000100c00078008000a400000ffff100007800c00028008000140ac1414aa0c000780"], 0x80}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f0000000940)={{r1}, "cc31a01a42663fbf6960a059f80dcee4819eb02d4e80e131fbe1aa9e4ddb36e256a885efcbff5c21bd364ec802d941af367e0acb6b281113a5443a2ded7a97a29c1e9cb893e176441beda81cdd2b9cdbfe4e95a6a23fd6be10d7c2ce0224ab463117b90829016e94ce014596c653e4fceba296407b252cc2976b1f1b903cf295f50893e9b3cb0c7a529273597a774de2eeb2810523d8521bd63c4c90e76b1d550bd7ce10ddd01ff534a28c20b5aa7069730131e7a48e8e4334ad6a6fd1f96196e723c2311540d497824e7fa0ddbc32bcbfa823dfd673e6527f1ad90c8ecbff5b3cc29c8c6b9c8ab6aa1a704efcec5d58d5fcc15da85927141ef855c881712e4b05c1154d04c86aec0e3938b7d2093422d95c70d8877250ea7d98dbab4e1888ba56cd6064a392bb28a6f5f053ac10dffcff9141df9f7294e5c97eb35df279caad0d6a094a393a45d6997d29ed0b6110400038e73cac77fb7723448ca0ff424b9ef5821c916b6f02b793dbaf6ca5e3dde04c159b339a123dab1b369b0cd7a90457a22d2b205e81d3b0fad279c16712e0c32e86a0d7bdd8ced74bcd2fef09e9c919cbffefb34801d0b739cfff1810557e5717eb32320fe614f6c46ae6b4a0693a729e345b4bb75bfa4e52effb96843c637d943d53abd2721003b358ab9c5e46f47a9d4c43429d09cd957536801463d6058dfa45aa2c08c82dfad47f3e60d65e3f64307c55fcff26b23906e738d91eb83963ca06b7df322613c9ea4d6f7d2f2fb2d62c355d304bf8f5cd10d5d014959aefe31f9715fec71d18d04d2b78793725cbe77053742195ede33c39e2251fd3ac452d62da08af7fba110d8340e6c63860d9dc72a05229a2ec3665d8c49e84aecd26cd3da5af6a124da1fd983d79fc47dbc53388d1056733f633fae269ff9ee518583ad6acf99749709479f53400663cfeb57de1ca3e33b9331deac5f3ea0c1aa6c4c86860a692f31fc0e18efb9e023cbc9baf6fd0f35c337e7ae3f80901ad07846525143575d670e31e91ba720b8cd277d2588628270777dfed629626b12514ac28e22c1f51671bf025a3d2c2c7687f812b1164c95588fd27bd619d619ff40b46c8b3666264fa8b8e6ae6e771560ad3804f20868c38cd1f07bd96176aed4c3962eb727f501433a3314b74e7e9e25ee095f52ba5bc24819a51d4c2eabd7a7566947da1e331b01d7bbc0101358eaaa69002f84bef77280d77eaa62046bbf8b8d06c82b239e279da9cf3d6b4feb36fed9d36887d9a9d0a52fccd7547f28890260d26d7c4c5c9b1a4d9c7dbfd7995c7f118afc665a5dff733d18e472ef71e210cc84c3fb5b6c806ebabb4aa412f5194e94f6644ba4a84f21102f5d653bc3e6843e5199ce7c40a048d6e702a95199415d8560bdc08534055d457449418643333729fb33a00df26ffe4df45b63830c515bb0fdec5f4e21cd39a69eba75e73d1dad7bdfdd943fc97fb656e111e81cb84163f5d45b967e8c1ad1b5685dcbdd6e207db4636fde45eda370b3f300a70eec3064c932ddc89bec392b23d71c7c1aa68fd4634e622f07050e92c49c74ca942291d51d4a6f9ae1e382eb0442ef608e96d67c95fca66c251a6565a338ab4916db63827e88243afe89613c4d391c0e68acec805888d1aa815b09bd270149ec2736b02c84bd80e481839eb4691bc0415df9fb49a9e5ddc2940ae8f77eee29bca6fdde55a6ca129b15609f2a9d7e2198305cdd642b675338160f9ee045ea3f36f90363baf1fab4c24b9ca713884a26b0cff1832fbf1ae46b2b44dd79e44ecbd8a4d6599707154311bcb1e5ab817fc307b2b1ad23061d4a62d5588afc7b929cd365a11d3169459ac4814f0f32ee4e8f4178bcd311dc4c26bcd9d5d981eff7417962fe16fda52198f840d85e1afea2c93a197a0e81bf8bc1009a9102aaea26215998371d07dc760f787bac6d8e6530728e90be11d28989d595f118232b93eae14dd7940783b49afeaed4e89747561f120ccfb5b02718ad3f5c2fffdcab7f51e05a8d06c2ca89a7eb8c0653931362444d7887fede1695cc87af179c857670393be39a38a45459c96a8cba068bb06629503e2866796b5c7ef546294cfe38e9dae96183675ba74793ff3ce1e6a4cead2d4eae6f8215c48d6f77011ee6a6f4a005f9fe4a2c60a4babb714ec92ac80a82d8b1bb5a96f7161bcb109e7e3d109056dc23d5fcdbf042197a58ef0b14799b1bd8f7d8a74c255b92f31407152197e629f0e7e0eaba1a58829a1cabf0ef231f062948d7cca63540e8d8d196faa0c6ac1f5a164c467ad5bf8fabdb0f3257caa949a49c1886a5d498e7aa0a4f41eb52c47f87289f46e21217a6e51044121be9d883f1b6cebc0801bbe71479349c78694b3a66c610f8f02a7969f665db48592af0728bddfaf10ceb2618ebc6e29104e667bfd70ed19b19d3eb50f56779829a8799c95fa9ba7a70a53a5100258f972f6c2ee9116267198be8f7e380a9e3df8a793b61f5e9520e6fe7a430193e7087eba3dbcff70965d52fae9a821e43f884bdab0010704757f835760a8a888e0549a21236f8bc8568a928fcadd03e5625ff0d67be0e78745432da402bb97cb26eeea9f4bf854b1ff0dc0b07275647c56f93bc45202040a1a7d27de9c963670537f0ce69176dc201edbe164d3c662bea8e58d04c582be251d90df39ddbccca0ea067bd44363bd677f1c9a3e74dee727e9b9e412e4102fed8914c19f3fe63cd91fa19fb9dd9cfd56b29bcc2f5a6ed801cba1cea9357fdf390df9af781da053b06f06c4b040516a3e566221e14c7ac1864329f0e935ba82265af8fbcfc6d75268b5881b5c61b74ba9d715e81f459d54faefa683e66c23dfb2e221cc9b3019522ecd9d3ac25e89d52406658c13a714c1ba534c42aff06101d7f8164b336446719cd5b851a341b494c63e1809c99cfd3e505481bd552885048eabdcf1294491cd5747f72fd464188e7d9f7bb8e8187bfa8a994559368a1dcc3f97f72f1df8486cd48e4463ab0f5262a4eebc433129474e4b5de62c8d8ebf02f7d5c74b52c690776ca68cb6960a3344fc85ea4fe35b75625a919b4d158601f33af1f4dff0f8a40f28983bd26374841eaefc34b56727688707992d94d1a93f318bd27cff213de8fbf27076ad396b2b2044fd75a60a70185d04a395836f45da9b2cc7c1c06a6fc61b667a62de1d302d2c0c1ac81a1c49342857aad747b9e5a1d3b794989503deb7e4e843b72d189a139041c271237432d080b0e25330eaca8746b4d417343f7435d130e3649ba82beed2eff1aab48ae9739de835ff61ca3fd6ae306ee6235d6facff964ac7787f44ba9c2aff439b81a87d9b6b94409ec28b8377239e867a322b1a0ee293170096f2898e639de9f219c61a2dab5cd91f14ac1657d7237213a4d9d1d02fa0f7074ffd1a87588268561530c975dacc97623277f1bb893fb38f519ef24089497b3b990ddbb2f248b2a451655c206521d3002465798e392b231252fe5ed9db87a613264786604f66b3e0d2e7a0a6a4d7fe7b73bb29503ed4dcae84c73db9480a1e6ac7d202421b486100354957ed041f5f75c32d5f1bb521dc685902860e48f94a902456e3f7855361c7f072b6b9b08912606298794c9d3b71e941148580f0b7a604703b35c59c17f5f880b936bb1459d44dd063ae152ce8ec797a613cdc5371505cc2828a808645560569fac4a7ef3dceaee5a3246c7e4bccdecc9afaac6909cf03fd4c60a87e892a992147ecd4622ed6c7f1f8f4608679e81d566037b60364ad7d60c841dc95ef2d3cb0a1182224b15d4d30d501a9323574919ba6fd21bdd1fb6cc64b066f5a05f79ba7cd987dd9cea2b1c5b7da1a49e978d09d9ad231aeaa857e0f77c81d7df56f543c9a4daa36c1b334a2e5497e3517b206a6625e0d4d308d9485a7ff25d62924c00af92a974ae45734f0c8c63d330f2752f8d9587f8640f2c2e9474c0e17ead7448fc2898da8768d1b3a64876eca01528305d86ea82927374ccc8db9be4a12e17c5a59728923853a15494bd7618c5ed8606847d59c367737f17dfe8fba30f50209c3af8a93872ab80942635541141edb5ae320dfaceba66ae648f833652ef06f41109c1baa8ebc39b9cd8492157c95be6a0e57181cb8c6ca7ff2e0cae352312e7306cafd1feb02c578bd3677714b7b128aab5da1af6deb29dd92ea722ba976d0f539194269b6fd70bef74ac2290de17f2ac7c2db7b11f1ce38a44e453db833dc9296b7c77e8e88c99a2b25ce9f41f009132e0d6a7d4a2ec90331bd6da2019e6dc73670d838dae493c00c7762896589b8765efd3ab3e0c61ff142cb7ab886e6b479b855fabea15940172863d685393afd2942ee9b65154e8ab463c0c5d6d57ee2256aa67f127f28a3ab07f5def79226c166439712ba9342f002e84c8df2aaee5e0da9bf35d9bb95ecfb1edd1945db0c5d5b0b49bdd28cd1badd60255bda9576e6cbcd9ad99036fe07cd7ec244d1a1a0dab055961d0b6135c0aaf503492f2c718d3f2444132d768c139ae2a0f5f7cb3eaba8d442a650903c5f88fa47b6fdb7a1817c846f0590ec3b990e81b657f07775559d9034c5ab7285006d0a58f240b3387aa071b4963eaae8b9c03098afccb7a15132f2cd6ecae23c0629626c02648f6e2cb9b547308f2ea87bf9d93266a0d7752f096e3491960ad650590b12e7bd8e5d256043f77a13818377e4a81de6c4a2ffb751138a87a96826d84f8ef181537ba88f39c49098d226c8822d99ad3ffbed87848888c9b4cc430dbc2952071bb520b6e7cb606d2f5d9eeb77e0caae89c102d24057e6013ebb19ae58d6436beb3030b251ed1e95d765491aedf441e79326dbe7f9eba43b4303b86e4ad35b38808ee4821c340ac72041909c4b09f6cc65d68d04d1f586f9e149a4ad7d9198725b25ecce476f575fd62e7a4946a1ec4f89cb1b92fb659c641cf0375722e206b51c86e1e7b66639abdf5367ac3ecef29d6d6ed671a288f889d14e047467aca0fb7c01fde51457fcefed5acda8b4c360d9dd4de0a2f9d81756f69e7b57850ee34b5e0f16a86b6923b09d48937a9548a3ce3cf49e0d87ed221f728c0550bc1c33ed5a9ff77f914e09da08153232c004745d91c24384bcbe472e0de200efcbb3ea074f40995b4ebbf960028eb0d6cdc9a0b590813fd92d45c89a211023bddcbaac456710a8b64bf9ace1bfe01559c5813919f1256b2ddb94dbb9faedb4d3ce50b506bd68a4bd0c6492234ec22b5b1952c93a2f12b5a5e960cc1d82b384819e335584bf0fc4ec117ab5bcd29ddf90a99c6eb2b736324a2a53b8153163003526a6c7482a1e41015ec80076f453ef3f24a1a44b86bd26bb980cfc57b64089285733d13ccc9adf63b1c7cd0bb647da170e4a4d95f24840a98ee99aa3407d962c31af0b17d794ef621e7d481ce7e3da156607c43a3cd5856b45fb9de85b0fcd94e89fa0960fef2c19aef8a1b85d1c74be11ecb4e3b9124048b1831c77a4eb52385c237077c12031703e720578be3b8a7ce9a4e551a727b6c965bcef8bf60c650130d9db87731ede6539703d43aea2939aa284d793090a0f5f085f84348a2806eea85372ba6c6ccefa679f24738c21b5360068fef502abef2946942d46f092d0e8846c59e5ef50c99c7149cefb7a209ffb6169e2df45c2e20544f87cf377ec4b3766ec075ae3e7e9833848e9907b7a7ded2a688d5a6e06063bed0204437aacc139137fd924da6b4042f0a2d41c9847ddd4324e0036125a9fb15938c0ae555af558a8a7bca8badf168818"})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, r2}, 0x38)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYRES64=r1], 0x528}}, 0x400c004)

725.764ms ago: executing program 1 (id=641):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000004000000e27f000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000134c2651638af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000e80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x0, 0x5d, &(0x7f0000001800)=ANY=[@ANYBLOB="1201000093007a402104070051b80102030109024b00010000000009040000000202ff00052406000105240000000d240f0100000000000000000006241a0000000524010000052406000005240900000d240f"], 0x0)

664.05208ms ago: executing program 4 (id=642):
syz_io_uring_setup(0x94c, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x11fffffc}, 0x0, 0x0)
syz_clone(0x2a809000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 5)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

546.401735ms ago: executing program 2 (id=643):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000008c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x1, 0x2d2, &(0x7f0000000180)="$eJzs3U1rE1scx/HfmUnT9La3nXutFMSFVIuupK0I4qYgxdfgRlGbFIqhRa3gE1hci3vdF8EX4ItwJYJrXbnSfXcjZzKTnGlmJulDMil+P1A9yZyH/5mZzJx/oB0B+GvdWP2+e+Wn/TGSL1/Sdcmzm86pIum05mpPNrc3tpuNelFHvlRT9GOkqKXpqrO22chqattFLWKBfVXRlPseBiMMw/BH2UGgTLX4fz9royeNx59O3618ku340k7ZQZTM7GlPTzVddhwAgHKZ1v3di+/zU/H63fOkhfi2797/v/1bcrxHc1F7ZYdQMuf+H2VZobHHdyba1Mn3ohTObveSLPGg49jFY1WtMyu1wDTprLI7WYxi8SbWN5qNy2tbzbqn11qJOdVmJa2oHuessR7RzmcMl1ZV/70lPrycW9/31mQ0hzE7h+Wc+E9lDXrYvd0P89l8MXdMoPeqt9d/lbCzR4L2kbo51ol/Ma+7rYe3o1atWjmz/C8a5Ex6xxbO0s/LSBTvqdBX+guCIB1nNbNVVftatWa3ZItX3+WNZY9SRqvl5OVMdqtZ2+qj06pzNufN7Hj8Lthm3ppbZl6/9Emrzvrfs3t7Qd2fzOxOoprxmZHMJzM3rEQ1A/etnbOZfXrFc0J/3PM09wMkvdF9XdP042fPH9xrNhuPuguV/E3HULAxDKbn0Su8qI5EGJ1CchKMSjyHK9hr7HBP2naheuRdV9OBKnfP1C0kl84+Okwu0j0HHczVCaOlc9Dz67waZkAYNnvxMK38z8lXFqOEwP4TFKzTw17LNqfHpYzcYLxd8R+nJxN/P5+fAU3mZ3BFOdeuU+/8JemC87pHzhXof2micK4niVnVV93l+38AAAAAAAAAAAAAAAAAAICTZhi/reEMx1/0AQAAAAAAAAAAAAAAAAAAAADgEPKf/1vTAJ//m/o9gCM8/7fgAScAevkTAAD//+W+dzQ=")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x3, 0x6, 0x183, 0x0, 0x0, {0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x0)
socket$packet(0x11, 0x2, 0x300) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (async)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) (async)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) (async)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) (async)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000008c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x1, 0x2d2, &(0x7f0000000180)="$eJzs3U1rE1scx/HfmUnT9La3nXutFMSFVIuupK0I4qYgxdfgRlGbFIqhRa3gE1hci3vdF8EX4ItwJYJrXbnSfXcjZzKTnGlmJulDMil+P1A9yZyH/5mZzJx/oB0B+GvdWP2+e+Wn/TGSL1/Sdcmzm86pIum05mpPNrc3tpuNelFHvlRT9GOkqKXpqrO22chqattFLWKBfVXRlPseBiMMw/BH2UGgTLX4fz9royeNx59O3618ku340k7ZQZTM7GlPTzVddhwAgHKZ1v3di+/zU/H63fOkhfi2797/v/1bcrxHc1F7ZYdQMuf+H2VZobHHdyba1Mn3ohTObveSLPGg49jFY1WtMyu1wDTprLI7WYxi8SbWN5qNy2tbzbqn11qJOdVmJa2oHuessR7RzmcMl1ZV/70lPrycW9/31mQ0hzE7h+Wc+E9lDXrYvd0P89l8MXdMoPeqt9d/lbCzR4L2kbo51ol/Ma+7rYe3o1atWjmz/C8a5Ex6xxbO0s/LSBTvqdBX+guCIB1nNbNVVftatWa3ZItX3+WNZY9SRqvl5OVMdqtZ2+qj06pzNufN7Hj8Lthm3ppbZl6/9Emrzvrfs3t7Qd2fzOxOoprxmZHMJzM3rEQ1A/etnbOZfXrFc0J/3PM09wMkvdF9XdP042fPH9xrNhuPuguV/E3HULAxDKbn0Su8qI5EGJ1CchKMSjyHK9hr7HBP2naheuRdV9OBKnfP1C0kl84+Okwu0j0HHczVCaOlc9Dz67waZkAYNnvxMK38z8lXFqOEwP4TFKzTw17LNqfHpYzcYLxd8R+nJxN/P5+fAU3mZ3BFOdeuU+/8JemC87pHzhXof2micK4niVnVV93l+38AAAAAAAAAAAAAAAAAAICTZhi/reEMx1/0AQAAAAAAAAAAAAAAAAAAAADgEPKf/1vTAJ//m/o9gCM8/7fgAScAevkTAAD//+W+dzQ=") (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) (async)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x3, 0x6, 0x183, 0x0, 0x0, {0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x0) (async)

198.585746ms ago: executing program 3 (id=644):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x13, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000030020000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

0s ago: executing program 4 (id=645):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000080)=0x1ff, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000fc0)=[{{&(0x7f0000000240)={0xa, 0x4e20, 0x1, @local, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="240000f7ffff7f002900000032000000ff050000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="0000000018"], 0x40, 0x7ffffff7}}], 0x1, 0x4880)

kernel console output (not intermixed with test programs):

 10
[  282.002647][ T1871] usb 5-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  282.045674][ T1871] usb 5-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  282.157779][   T24] usb usb2-port1: attempt power cycle
[  282.166076][ T1871] usb 5-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[  282.176284][ T1871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.185908][ T1871] usb 5-1: Product: syz
[  282.190715][ T1871] usb 5-1: Manufacturer: syz
[  282.195535][ T1871] usb 5-1: SerialNumber: syz
[  282.217597][ T1871] usb 5-1: config 0 descriptor??
[  282.275847][ T1871] symbolserial 5-1:0.175: symbol converter detected
[  282.304712][ T5894] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  282.466545][ T1871] usb 5-1: symbol converter now attached to ttyUSB0
[  282.482626][ T6274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.493715][ T6274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.583262][ T5894] usb 1-1: config 0 has an invalid interface number: 83 but max is 0
[  282.592395][ T5894] usb 1-1: config 0 has no interface number 0
[  282.598974][ T5894] usb 1-1: config 0 interface 83 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  282.609340][ T5894] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  282.621348][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.668921][ T1871] usb 5-1: USB disconnect, device number 2
[  282.697339][   T24] usb 2-1: new low-speed USB device number 10 using dummy_hcd
[  282.699857][   T11] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  282.766128][ T1871] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[  282.767158][   T24] usb 2-1: device descriptor read/8, error -71
[  282.778145][ T1871] symbolserial 5-1:0.175: device disconnected
[  282.874265][ T5894] usb 1-1: config 0 descriptor??
[  282.922067][ T5894] ttusbir 1-1:0.83: cannot find expected altsetting
[  283.060906][   T11] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  283.070790][   T11] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.077136][   T24] usb 2-1: new low-speed USB device number 11 using dummy_hcd
[  283.079430][   T11] usb 3-1: Product: syz
[  283.091421][   T11] usb 3-1: Manufacturer: syz
[  283.096932][   T11] usb 3-1: SerialNumber: syz
[  283.198399][   T24] usb 2-1: device descriptor read/8, error -71
[  283.226669][   T11] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  283.331202][   T24] usb usb2-port1: unable to enumerate USB device
[  283.512514][ T5864] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  283.989430][ T6287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.999812][ T6287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.399541][ T6280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.410014][ T6280] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.496305][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.4.84'.
[  284.588658][ T5864] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  284.601330][ T5864] ath9k_htc: Failed to initialize the device
[  284.864322][ T5864] usb 3-1: ath9k_htc: USB layer deinitialized
[  285.119415][ T6280] loop2: detected capacity change from 0 to 1024
[  285.161249][   T24] usb 1-1: USB disconnect, device number 3
[  285.398568][   T11] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  285.621071][   T11] usb 4-1: Using ep0 maxpacket: 32
[  285.660465][   T11] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  285.672289][   T11] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  285.683213][   T11] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  285.692943][   T11] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.832485][   T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  285.897862][   T11] usb 4-1: config 0 descriptor??
[  286.048596][   T24] usb 1-1: Using ep0 maxpacket: 32
[  286.111035][   T24] usb 1-1: config 0 has an invalid interface number: 77 but max is 0
[  286.119785][   T24] usb 1-1: config 0 has no interface number 0
[  286.133419][ T6291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  286.146141][ T6291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.258404][   T24] usb 1-1: New USB device found, idVendor=0763, idProduct=5002, bcdDevice=ef.ed
[  286.268864][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.278426][   T24] usb 1-1: Product: syz
[  286.282970][   T24] usb 1-1: Manufacturer: syz
[  286.287944][   T24] usb 1-1: SerialNumber: syz
[  286.323078][   T24] usb 1-1: config 0 descriptor??
[  286.381889][ T6301] loop3: detected capacity change from 0 to 8
[  286.512538][ T6301] SQUASHFS error: lzo decompression failed, data probably corrupt
[  286.520939][ T6301] SQUASHFS error: Failed to read block 0x91: -5
[  286.527795][ T6301] SQUASHFS error: Unable to read metadata cache entry [8f]
[  286.535369][ T6301] SQUASHFS error: Unable to read inode 0x11f
[  286.588022][ T6295] netlink: 642 bytes leftover after parsing attributes in process `syz.0.87'.
[  286.614176][   T24] usb 3-1: USB disconnect, device number 3
[  286.651568][   T58] hfsplus: b-tree write err: -5, ino 4
[  286.674459][   T11] usbhid 4-1:0.0: can't add hid device: -32
[  286.681336][   T11] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[  286.726505][ T6301] loop3: detected capacity change from 0 to 8
[  286.806271][ T6301] SQUASHFS error: lzo decompression failed, data probably corrupt
[  286.815128][ T6301] SQUASHFS error: Failed to read block 0x91: -5
[  286.821931][ T6301] SQUASHFS error: Unable to read metadata cache entry [8f]
[  286.829554][ T6301] SQUASHFS error: Unable to read inode 0x11f
[  286.944206][   T11] usb 1-1: USB disconnect, device number 4
[  286.977802][ T6301] loop3: detected capacity change from 0 to 8
[  287.069220][ T6301] SQUASHFS error: lzo decompression failed, data probably corrupt
[  287.077718][ T6301] SQUASHFS error: Failed to read block 0x91: -5
[  287.084183][ T6301] SQUASHFS error: Unable to read metadata cache entry [8f]
[  287.092132][ T6301] SQUASHFS error: Unable to read inode 0x11f
[  287.243417][ T6301] loop3: detected capacity change from 0 to 8
[  287.302817][ T6312] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  287.319997][    C0] vkms_vblank_simulate: vblank timer overrun
[  287.339184][ T6301] SQUASHFS error: lzo decompression failed, data probably corrupt
[  287.347701][ T6301] SQUASHFS error: Failed to read block 0x91: -5
[  287.354258][ T6301] SQUASHFS error: Unable to read metadata cache entry [8f]
[  287.370234][ T6301] SQUASHFS error: Unable to read inode 0x11f
[  287.434114][ T6301] loop3: detected capacity change from 0 to 8
[  287.610033][ T6301] SQUASHFS error: lzo decompression failed, data probably corrupt
[  287.618532][ T6301] SQUASHFS error: Failed to read block 0x91: -5
[  287.625155][ T6301] SQUASHFS error: Unable to read metadata cache entry [8f]
[  287.635617][ T6301] SQUASHFS error: Unable to read inode 0x11f
[  287.695485][ T6301] loop3: detected capacity change from 0 to 8
[  287.815252][ T6301] SQUASHFS error: lzo decompression failed, data probably corrupt
[  287.824204][ T6301] SQUASHFS error: Failed to read block 0x91: -5
[  287.834975][ T6301] SQUASHFS error: Unable to read metadata cache entry [8f]
[  287.847129][ T6301] SQUASHFS error: Unable to read inode 0x11f
[  288.432218][   T11] usb 4-1: USB disconnect, device number 3
[  288.623123][ T6324] netlink: 'syz.2.94': attribute type 39 has an invalid length.
[  288.653258][ T6324] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.806517][ T6324] bridge_slave_0 (unregistering): left allmulticast mode
[  288.814742][ T6324] bridge_slave_0 (unregistering): left promiscuous mode
[  288.822377][ T6324] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.333242][ T5894] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  289.680631][ T5894] usb 4-1: config 0 has an invalid interface number: 113 but max is 0
[  289.689760][ T5894] usb 4-1: config 0 has an invalid descriptor of length 70, skipping remainder of the config
[  289.700652][ T5894] usb 4-1: config 0 has no interface number 0
[  289.707111][ T5894] usb 4-1: config 0 interface 113 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  289.726375][ T5894] usb 4-1: config 0 interface 113 has no altsetting 0
[  289.857416][ T6329] loop0: detected capacity change from 0 to 40427
[  289.882008][ T6329] F2FS-fs (loop0): build fault injection rate: 14
[  289.889142][ T6329] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  289.912428][ T6329] F2FS-fs (loop0): invalid crc value
[  289.977713][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of bio_endio+0xe24/0xf80
[  290.006221][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of bio_endio+0xe24/0xf80
[  290.087685][ T5894] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  290.098658][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.107378][ T5894] usb 4-1: Product: syz
[  290.111750][ T5894] usb 4-1: Manufacturer: syz
[  290.116908][ T5894] usb 4-1: SerialNumber: syz
[  290.342204][ T5894] usb 4-1: config 0 descriptor??
[  290.370333][ T6329] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  290.380009][ T6329] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50
[  290.400367][ T6329] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  290.493119][   T11] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  290.515371][ T6341] F2FS-fs (loop0): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x79e/0x19b0
[  290.612036][ T5894] pn533_usb 4-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint
[  290.710919][   T11] usb 2-1: too many configurations: 53, using maximum allowed: 8
[  290.720702][ T5894] usb 4-1: USB disconnect, device number 4
[  290.752785][   T11] usb 2-1: unable to read config index 0 descriptor/start: -61
[  290.761329][   T11] usb 2-1: can't read configurations, error -61
[  290.997807][   T11] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  291.212913][    C1] F2FS-fs (loop0): inject write IO error in f2fs_write_end_io of bio_endio+0xe24/0xf80
[  291.223329][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  291.223505][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.223605][    C1] Call Trace:
[  291.223664][    C1]  <TASK>
[  291.223724][    C1]  __dump_stack+0x26/0x30
[  291.223936][    C1]  dump_stack_lvl+0x1df/0x270
[  291.224144][    C1]  dump_stack+0x1e/0x25
[  291.224325][    C1]  f2fs_handle_critical_error+0xa6f/0xc20
[  291.224581][    C1]  f2fs_stop_checkpoint+0x65/0x80
[  291.224818][    C1]  f2fs_write_end_io+0x101c/0x1bc0
[  291.225099][    C1]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  291.225320][    C1]  bio_endio+0xe24/0xf80
[  291.225562][    C1]  blk_update_request+0xf4c/0x1a90
[  291.225846][    C1]  blk_mq_end_request+0x50/0xb0
[  291.226071][    C1]  lo_complete_rq+0x188/0x3a0
[  291.226251][    C1]  ? __pfx_lo_complete_rq+0x10/0x10
[  291.226429][    C1]  blk_done_softirq+0x112/0x1f0
[  291.226626][    C1]  ? __pfx_blk_done_softirq+0x10/0x10
[  291.226828][    C1]  handle_softirqs+0x166/0x6e0
[  291.227042][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  291.227222][    C1]  run_ksoftirqd+0x29/0x50
[  291.227389][    C1]  smpboot_thread_fn+0x56c/0xa30
[  291.227627][    C1]  kthread+0xd59/0xf00
[  291.227775][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  291.228020][    C1]  ? __pfx_kthread+0x10/0x10
[  291.228181][    C1]  ret_from_fork+0x1e3/0x310
[  291.228340][    C1]  ? __pfx_kthread+0x10/0x10
[  291.228502][    C1]  ret_from_fork_asm+0x1a/0x30
[  291.228754][    C1]  </TASK>
[  291.256986][   T11] usb 2-1: too many configurations: 53, using maximum allowed: 8
[  291.257677][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  291.330342][   T11] usb 2-1: unable to read config index 0 descriptor/start: -61
[  291.333079][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  291.333235][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.333320][    C1] Call Trace:
[  291.333373][    C1]  <TASK>
[  291.333427][    C1]  __dump_stack+0x26/0x30
[  291.333636][    C1]  dump_stack_lvl+0x1df/0x270
[  291.333826][    C1]  dump_stack+0x1e/0x25
[  291.333992][    C1]  f2fs_handle_critical_error+0xa6f/0xc20
[  291.334234][    C1]  f2fs_stop_checkpoint+0x65/0x80
[  291.334437][    C1]  f2fs_write_end_io+0x101c/0x1bc0
[  291.334851][    C1]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  291.335059][    C1]  bio_endio+0xe24/0xf80
[  291.335296][    C1]  blk_update_request+0xf4c/0x1a90
[  291.335554][    C1]  blk_mq_end_request+0x50/0xb0
[  291.335777][    C1]  lo_complete_rq+0x188/0x3a0
[  291.335946][    C1]  ? __pfx_lo_complete_rq+0x10/0x10
[  291.336122][    C1]  blk_done_softirq+0x112/0x1f0
[  291.336310][    C1]  ? __pfx_blk_done_softirq+0x10/0x10
[  291.336497][    C1]  handle_softirqs+0x166/0x6e0
[  291.336679][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  291.336863][    C1]  run_ksoftirqd+0x29/0x50
[  291.337026][    C1]  smpboot_thread_fn+0x56c/0xa30
[  291.337262][    C1]  kthread+0xd59/0xf00
[  291.337404][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  291.337634][    C1]  ? __pfx_kthread+0x10/0x10
[  291.337796][    C1]  ret_from_fork+0x1e3/0x310
[  291.337948][    C1]  ? __pfx_kthread+0x10/0x10
[  291.338110][    C1]  ret_from_fork_asm+0x1a/0x30
[  291.338341][    C1]  </TASK>
[  291.338523][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  291.338717][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  291.338870][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.338954][    C1] Call Trace:
[  291.339008][    C1]  <TASK>
[  291.339060][    C1]  __dump_stack+0x26/0x30
[  291.339234][    C1]  dump_stack_lvl+0x1df/0x270
[  291.339445][    C1]  dump_stack+0x1e/0x25
[  291.339613][    C1]  f2fs_handle_critical_error+0xa6f/0xc20
[  291.339871][    C1]  f2fs_stop_checkpoint+0x65/0x80
[  291.340075][    C1]  f2fs_write_end_io+0x101c/0x1bc0
[  291.340327][    C1]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  291.340532][    C1]  bio_endio+0xe24/0xf80
[  291.340761][    C1]  blk_update_request+0xf4c/0x1a90
[  291.341019][    C1]  blk_mq_end_request+0x50/0xb0
[  291.341227][    C1]  lo_complete_rq+0x188/0x3a0
[  291.341392][    C1]  ? __pfx_lo_complete_rq+0x10/0x10
[  291.341555][    C1]  blk_done_softirq+0x112/0x1f0
[  291.341743][    C1]  ? __pfx_blk_done_softirq+0x10/0x10
[  291.341927][    C1]  handle_softirqs+0x166/0x6e0
[  291.342102][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  291.342266][    C1]  run_ksoftirqd+0x29/0x50
[  291.342424][    C1]  smpboot_thread_fn+0x56c/0xa30
[  291.342652][    C1]  kthread+0xd59/0xf00
[  291.342799][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  291.343025][    C1]  ? __pfx_kthread+0x10/0x10
[  291.343178][    C1]  ret_from_fork+0x1e3/0x310
[  291.343330][    C1]  ? __pfx_kthread+0x10/0x10
[  291.343477][    C1]  ret_from_fork_asm+0x1a/0x30
[  291.343710][    C1]  </TASK>
[  291.343765][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  291.352317][   T11] usb 2-1: can't read configurations, error -61
[  291.352737][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  291.352894][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.352979][    C1] Call Trace:
[  291.353032][    C1]  <TASK>
[  291.353088][    C1]  __dump_stack+0x26/0x30
[  291.353274][    C1]  dump_stack_lvl+0x1df/0x270
[  291.353477][    C1]  dump_stack+0x1e/0x25
[  291.353645][    C1]  f2fs_handle_critical_error+0xa6f/0xc20
[  291.353889][    C1]  f2fs_stop_checkpoint+0x65/0x80
[  291.354103][    C1]  f2fs_write_end_io+0x101c/0x1bc0
[  291.354355][    C1]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  291.354570][    C1]  bio_endio+0xe24/0xf80
[  291.354861][    C1]  blk_update_request+0xf4c/0x1a90
[  291.355129][    C1]  blk_mq_end_request+0x50/0xb0
[  291.355337][    C1]  lo_complete_rq+0x188/0x3a0
[  291.355611][    C1]  ? __pfx_lo_complete_rq+0x10/0x10
[  291.355779][    C1]  blk_done_softirq+0x112/0x1f0
[  291.355967][    C1]  ? __pfx_blk_done_softirq+0x10/0x10
[  291.356154][    C1]  handle_softirqs+0x166/0x6e0
[  291.356335][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  291.356514][    C1]  run_ksoftirqd+0x29/0x50
[  291.356676][    C1]  smpboot_thread_fn+0x56c/0xa30
[  291.356920][    C1]  kthread+0xd59/0xf00
[  291.357064][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  291.357291][    C1]  ? __pfx_kthread+0x10/0x10
[  291.357451][    C1]  ret_from_fork+0x1e3/0x310
[  291.357598][    C1]  ? __pfx_kthread+0x10/0x10
[  291.357749][    C1]  ret_from_fork_asm+0x1a/0x30
[  291.357991][    C1]  </TASK>
[  291.358171][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  291.565603][   T11] usb usb2-port1: attempt power cycle
[  291.575518][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  291.575689][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.575777][    C1] Call Trace:
[  291.575829][    C1]  <TASK>
[  291.575881][    C1]  __dump_stack+0x26/0x30
[  291.576066][    C1]  dump_stack_lvl+0x1df/0x270
[  291.576258][    C1]  dump_stack+0x1e/0x25
[  291.576424][    C1]  f2fs_handle_critical_error+0xa6f/0xc20
[  291.576674][    C1]  f2fs_stop_checkpoint+0x65/0x80
[  291.576882][    C1]  f2fs_write_end_io+0x101c/0x1bc0
[  291.577144][    C1]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  291.577345][    C1]  bio_endio+0xe24/0xf80
[  291.577573][    C1]  blk_update_request+0xf4c/0x1a90
[  291.577827][    C1]  blk_mq_end_request+0x50/0xb0
[  291.578032][    C1]  lo_complete_rq+0x188/0x3a0
[  291.578197][    C1]  ? __pfx_lo_complete_rq+0x10/0x10
[  291.578361][    C1]  blk_done_softirq+0x112/0x1f0
[  291.578551][    C1]  ? __pfx_blk_done_softirq+0x10/0x10
[  291.578732][    C1]  handle_softirqs+0x166/0x6e0
[  291.578908][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  291.579072][    C1]  run_ksoftirqd+0x29/0x50
[  291.579231][    C1]  smpboot_thread_fn+0x56c/0xa30
[  291.579489][    C1]  kthread+0xd59/0xf00
[  291.579630][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  291.579857][    C1]  ? __pfx_kthread+0x10/0x10
[  291.580016][    C1]  ret_from_fork+0x1e3/0x310
[  291.580162][    C1]  ? __pfx_kthread+0x10/0x10
[  291.580313][    C1]  ret_from_fork_asm+0x1a/0x30
[  291.580543][    C1]  </TASK>
[  291.580691][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  292.078658][ T6345] netlink: 'syz.2.104': attribute type 39 has an invalid length.
[  292.107603][ T5808] F2FS-fs (loop0): do_checkpoint failed err:-5, stop checkpoint
[  292.181320][   T11] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  292.240177][   T11] usb 2-1: too many configurations: 53, using maximum allowed: 8
[  292.317404][   T11] usb 2-1: unable to read config index 0 descriptor/start: -61
[  292.325323][   T11] usb 2-1: can't read configurations, error -61
[  292.455294][ T6349] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  292.597950][   T11] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  292.647843][ T6350] loop3: detected capacity change from 0 to 136
[  292.688425][   T11] usb 2-1: too many configurations: 53, using maximum allowed: 8
[  292.741937][   T11] usb 2-1: unable to read config index 0 descriptor/start: -61
[  292.750467][   T11] usb 2-1: can't read configurations, error -61
[  292.828614][   T11] usb usb2-port1: unable to enumerate USB device
[  292.841683][ T6350] rock: directory entry would overflow storage
[  292.848469][ T6350] rock: sig=0x4f50, size=4, remaining=3
[  292.854364][ T6350] iso9660: Corrupted directory entry in block 2 of inode 1472
[  293.789760][ T6356] loop0: detected capacity change from 0 to 512
[  293.907759][ T6356] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  294.031469][ T6363] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  294.118400][ T6356] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  294.134156][ T6356] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  294.310126][ T6369] loop3: detected capacity change from 0 to 256
[  294.432368][ T6369] exfat: Deprecated parameter 'namecase'
[  294.438747][ T6369] exfat: Deprecated parameter 'utf8'
[  294.904710][ T6369] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  295.049860][ T6368] loop4: detected capacity change from 0 to 32768
[  295.100941][ T6368] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.109 (6368)
[  295.149663][ T6368] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  295.160552][ T6368] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  295.171470][ T6368] BTRFS info (device loop4): using free-space-tree
[  295.237144][ T6371] loop1: detected capacity change from 0 to 1024
[  295.387658][ T6371] hfsplus: Unknown parameter 'nobarr0000000000000004'
[  295.612884][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.737483][   T30] audit: type=1800 audit(1755223078.146:4): pid=6363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.109" name="bus" dev="loop4" ino=263 res=0 errno=0
[  296.085311][ T6371] loop1: detected capacity change from 0 to 1024
[  296.204327][ T6371] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  296.282831][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  296.290045][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  296.400283][ T6390] loop2: detected capacity change from 0 to 1024
[  296.645451][ T6390] netlink: 16 bytes leftover after parsing attributes in process `syz.2.114'.
[  297.060134][   T11] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  297.376605][   T11] usb 4-1: unable to get BOS descriptor or descriptor too short
[  297.414275][   T11] usb 4-1: unable to read config index 0 descriptor/start: -71
[  297.422786][   T11] usb 4-1: can't read configurations, error -71
[  297.773006][   T30] audit: type=1326 audit(1755223080.206:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6399 comm="syz.1.116" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f02ed58ebe9 code=0x0
[  298.129020][ T6404] tipc: Started in network mode
[  298.134381][ T6404] tipc: Node identity e0000001, cluster identity 4711
[  298.143387][ T6404] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  298.222649][ T6403] loop2: detected capacity change from 0 to 256
[  298.398447][ T5816] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  300.333400][ T6421] fuse: Unknown parameter 'rootmo000'
[  300.699800][ T6432] syz.3.127 uses obsolete (PF_INET,SOCK_PACKET)
[  300.805295][ T6431] loop3: detected capacity change from 0 to 16
[  300.897393][ T5894] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  301.117334][ T5894] usb 2-1: Using ep0 maxpacket: 16
[  301.162859][ T5894] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  301.175467][ T5894] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  301.191658][ T5894] usb 2-1: config 0 interface 0 has no altsetting 0
[  301.200552][ T5894] usb 2-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  301.210748][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.710674][ T5894] usb 2-1: config 0 descriptor??
[  302.081998][ T6435] loop0: detected capacity change from 0 to 32768
[  302.146066][ T6435] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.128 (6435)
[  302.198716][ T6435] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  302.214786][ T6435] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  302.224345][ T6435] BTRFS info (device loop0): using free-space-tree
[  302.292256][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.299602][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.316304][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.325954][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.334116][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.341404][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.348580][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.355627][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.363007][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.370162][ T5894] kye 0003:0458:0138.0001: unknown main item tag 0x0
[  302.377297][ T5894] kye 0003:0458:0138.0001: unexpected long global item
[  302.553394][ T5894] kye 0003:0458:0138.0001: parse failed
[  302.559860][ T5894] kye 0003:0458:0138.0001: probe with driver kye failed with error -22
[  302.728224][ T5894] usb 2-1: USB disconnect, device number 16
[  303.188508][ T5808] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  303.325239][   T30] audit: type=1326 audit(1755223085.756:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6463 comm="syz.2.132" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f917d38ebe9 code=0x0
[  303.531895][ T6465] tipc: Started in network mode
[  303.544301][ T6465] tipc: Node identity e0000001, cluster identity 4711
[  303.553859][ T6465] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  303.886604][ T6467] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  303.893445][ T6467] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  303.902170][ T6467] vhci_hcd vhci_hcd.0: Device attached
[  304.170064][ T6472] MPI: mpi too large (113288 bits)
[  304.237846][   T11] usb 42-1: SetAddress Request (2) to port 0
[  304.245287][   T11] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  304.277451][ T6474] loop3: detected capacity change from 0 to 1024
[  305.151492][ T1895] hfsplus: b-tree write err: -5, ino 4
[  306.049894][ T6496] netlink: 8 bytes leftover after parsing attributes in process `syz.2.141'.
[  306.081603][ T6493] netlink: 4 bytes leftover after parsing attributes in process `syz.3.140'.
[  306.143839][ T3748] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  306.192151][ T3748] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  306.227648][ T6493] netlink: 4 bytes leftover after parsing attributes in process `syz.3.140'.
[  306.284012][ T3748] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  306.336389][ T3748] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  306.378530][   T30] audit: type=1804 audit(1755223088.816:7): pid=6496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.141" name="/newroot/27/file0" dev="tmpfs" ino=161 res=1 errno=0
[  306.655948][ T6488] loop1: detected capacity change from 0 to 2048
[  306.797114][ T6488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  306.810197][ T6488] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  306.862240][ T6502] netlink: 12 bytes leftover after parsing attributes in process `syz.0.142'.
[  306.891161][ T6502] vlan2: entered promiscuous mode
[  306.896460][ T6502] dummy0: entered promiscuous mode
[  307.678269][ T6468] vhci_hcd: connection reset by peer
[  307.714150][   T57] vhci_hcd: stop threads
[  307.719667][   T57] vhci_hcd: release socket
[  307.724501][   T57] vhci_hcd: disconnect device
[  307.790508][ T5815] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.418937][ T6518] netlink: 'syz.3.148': attribute type 4 has an invalid length.
[  308.533501][ T6512] loop4: detected capacity change from 0 to 2048
[  308.753223][ T6524] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  308.890552][ T6512] nilfs2: Unknown parameter '�����»�t>yg���|�S;�;VW��X~Z�B�~��?��Ƙ���C��_��w���%��姏���*ʟJ�/׸�Jg'
[  309.377735][   T11] usb 42-1: device descriptor read/8, error -110
[  309.489065][ T6528] binder: 6527:6528 ioctl c038943b 200000000b80 returned -22
[  309.682624][ T6524] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  309.694102][ T6524] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4)
[  309.744622][ T6524] Remounting filesystem read-only
[  309.751769][ T5816] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer
[  309.832640][   T11] usb usb42-port1: attempt power cycle
[  309.857413][ T5864] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  310.083836][ T5864] usb 3-1: Using ep0 maxpacket: 32
[  310.127529][ T5864] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  310.136403][ T5864] usb 3-1: config 0 has no interface number 0
[  310.289291][ T5864] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  310.302716][ T5864] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.312511][ T5864] usb 3-1: Product: syz
[  310.317077][ T5864] usb 3-1: Manufacturer: syz
[  310.321889][ T5864] usb 3-1: SerialNumber: syz
[  310.365531][ T6542] loop4: detected capacity change from 0 to 8
[  310.450543][ T5864] usb 3-1: config 0 descriptor??
[  310.519602][ T6542] unable to read fragment index table
[  310.523763][ T5864] smsc95xx v2.0.0
[  310.534485][   T11] usb usb42-port1: unable to enumerate USB device
[  310.982916][ T5864] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  310.994246][ T5864] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  312.118635][ T5864] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  312.130836][ T5864] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -32
[  313.339670][ T6557] loop0: detected capacity change from 0 to 32768
[  313.370563][ T6557] OCFS2: ERROR (device loop0): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #71: i_blkno is 32583
[  313.387485][ T6557] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  313.397782][ T6557] OCFS2: File system is now read-only.
[  313.403431][ T6557] (syz.0.161,6557,0):ocfs2_read_locked_inode:597 ERROR: status = -30
[  313.412467][ T6557] (syz.0.161,6557,0):_ocfs2_get_system_file_inode:144 ERROR: status = -30
[  313.422435][ T6557] (syz.0.161,6557,0):ocfs2_init_global_system_inodes:465 ERROR: status = -30
[  313.431860][ T6557] (syz.0.161,6557,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 4, possibly corrupt fs?
[  313.432066][ T6557] (syz.0.161,6557,0):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[  313.454291][ T6557] (syz.0.161,6557,0):ocfs2_initialize_super:2198 ERROR: status = -30
[  313.464226][ T6557] (syz.0.161,6557,0):ocfs2_fill_super:1177 ERROR: status = -30
[  313.742737][ T6565] loop1: detected capacity change from 0 to 256
[  314.376154][   T11] usb 3-1: USB disconnect, device number 4
[  314.447663][ T5864] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  314.727457][ T5864] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  314.794778][ T5864] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  314.808477][ T5864] usb 2-1: New USB device strings: Mfr=32, Product=0, SerialNumber=9
[  314.819548][ T5864] usb 2-1: Manufacturer: syz
[  314.824471][ T5864] usb 2-1: SerialNumber: syz
[  314.941983][ T5864] usb 2-1: config 0 descriptor??
[  315.019285][ T5864] usb 2-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  315.026599][ T5864] usb 2-1: No valid video chain found.
[  315.249119][ T1871] usb 2-1: USB disconnect, device number 17
[  315.880683][ T6582] netlink: 12 bytes leftover after parsing attributes in process `syz.2.172'.
[  316.172916][ T1871] kernel write not supported for file /vcsa (pid: 1871 comm: kworker/0:2)
[  316.287661][ T6587] netlink: 'syz.4.174': attribute type 3 has an invalid length.
[  316.484758][ T6591] netlink: 12 bytes leftover after parsing attributes in process `syz.3.175'.
[  317.492260][ T6594] loop2: detected capacity change from 0 to 32768
[  317.780193][ T6594] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  317.780344][ T6594]   allowing incompatible features above 0.0: (unknown version)
[  317.780451][ T6594]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  317.820166][ T6594] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  317.828921][ T6594] bcachefs (loop2): initializing new filesystem
[  317.851833][ T6594] bcachefs (loop2): going read-write
[  317.913193][ T6596] loop0: detected capacity change from 0 to 1024
[  317.922419][ T6594] bcachefs (loop2): marking superblocks
[  317.990857][ T6594] bcachefs (loop2): initializing freespace
[  318.022473][ T6594] bcachefs (loop2): done initializing freespace
[  318.045247][ T6594] bcachefs (loop2): reading snapshots table
[  318.051774][ T6594] bcachefs (loop2): reading snapshots done
[  318.124325][ T6614] netlink: 'syz.3.180': attribute type 1 has an invalid length.
[  318.158847][ T6594] bcachefs (loop2): done starting filesystem
[  318.327892][ T6596] netlink: 56 bytes leftover after parsing attributes in process `syz.0.178'.
[  319.693111][ T5807] bcachefs (loop2): shutting down
[  319.699516][ T5807] bcachefs (loop2): going read-only
[  319.704971][ T5807] bcachefs (loop2): finished waiting for writes to stop
[  319.789929][ T5807] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4
[  320.386216][ T5807] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 5
[  320.491225][ T6630] loop3: detected capacity change from 0 to 128
[  320.511974][ T5807] bcachefs (loop2): clean shutdown complete, journal seq 6
[  320.582386][ T5807] bcachefs (loop2): marking filesystem clean
[  320.616666][ T6630] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  320.820103][ T5807] bcachefs (loop2): shutdown complete
[  320.983470][ T6630] FAT-fs (loop3): FAT read failed (blocknr 128)
[  321.002407][ T6633] netlink: 'syz.3.188': attribute type 4 has an invalid length.
[  321.097700][ T6635] loop4: detected capacity change from 0 to 1024
[  321.163231][ T6630] netlink: 'syz.3.188': attribute type 4 has an invalid length.
[  321.213233][ T6635] EXT4-fs: Ignoring removed nobh option
[  321.219550][ T6635] EXT4-fs: Ignoring removed bh option
[  321.330608][ T6635] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  321.479065][ T6635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.189'.
[  321.488527][ T6635] netlink: 72 bytes leftover after parsing attributes in process `syz.4.189'.
[  321.935139][ T5816] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.919915][ T6648] netlink: 16 bytes leftover after parsing attributes in process `syz.3.193'.
[  322.949863][ T6648] batadv0: entered promiscuous mode
[  322.962666][ T6648] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  322.976443][ T6648] batadv0: left promiscuous mode
[  324.982020][ T6663] loop4: detected capacity change from 0 to 2048
[  325.149697][ T1871] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  325.225512][ T6663] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  325.377339][ T1871] usb 2-1: Using ep0 maxpacket: 8
[  325.437538][ T1871] usb 2-1: unable to get BOS descriptor or descriptor too short
[  325.493555][ T1871] usb 2-1: config 7 has an invalid interface number: 84 but max is 0
[  325.502450][ T1871] usb 2-1: config 7 has no interface number 0
[  325.586982][ T1871] usb 2-1: New USB device found, idVendor=04b4, idProduct=5500, bcdDevice=9e.50
[  325.596561][ T1871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.605157][ T1871] usb 2-1: Product: syz
[  325.609795][ T1871] usb 2-1: Manufacturer: syz
[  325.614544][ T1871] usb 2-1: SerialNumber: syz
[  325.624581][ T6675] loop3: detected capacity change from 0 to 16
[  325.800046][ T6672] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  326.113839][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  326.123340][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  326.199280][ T6667] netlink: 16 bytes leftover after parsing attributes in process `syz.1.200'.
[  326.247087][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  326.339214][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  326.567117][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  326.578343][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  326.815753][ T1871] cypress_m8 2-1:7.84: HID->COM RS232 Adapter converter detected
[  326.827947][ T1871] cyphidcom ttyUSB0: required endpoint is missing
[  326.877834][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  326.955050][ T1871] usb 2-1: USB disconnect, device number 18
[  326.964524][ T1871] cypress_m8 2-1:7.84: device disconnected
[  327.248779][ T6681] team_slave_0: entered promiscuous mode
[  327.254826][ T6681] team_slave_1: entered promiscuous mode
[  327.261448][ T6681] vlan2: entered promiscuous mode
[  327.267254][ T6681] team0: entered promiscuous mode
[  328.567655][ T6698] vim2m vim2m.0: vidioc_s_fmt queue busy
[  328.593225][ T6700] vim2m vim2m.0: vidioc_s_fmt queue busy
[  328.966488][ T6695] loop4: detected capacity change from 0 to 764
[  329.332767][ T6695] rock: directory entry would overflow storage
[  329.345015][ T6695] rock: sig=0x5245, size=8, remaining=5
[  329.498985][ T6707] sctp: [Deprecated]: syz.3.214 (pid 6707) Use of int in max_burst socket option.
[  329.498985][ T6707] Use struct sctp_assoc_value instead
[  329.730279][ T6709] sctp: [Deprecated]: syz.3.214 (pid 6709) Use of int in max_burst socket option.
[  329.730279][ T6709] Use struct sctp_assoc_value instead
[  329.921244][ T6702] netlink: 'syz.4.210': attribute type 29 has an invalid length.
[  329.942845][ T6713] netlink: 'syz.1.215': attribute type 39 has an invalid length.
[  329.980891][ T6713] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.021787][ T6713] bridge_slave_0 (unregistering): left allmulticast mode
[  330.029357][ T6713] bridge_slave_0 (unregistering): left promiscuous mode
[  330.036884][ T6713] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.275379][ T6712] netlink: 'syz.4.210': attribute type 29 has an invalid length.
[  332.984045][ T6728] loop0: detected capacity change from 0 to 40427
[  333.017664][ T6728] F2FS-fs (loop0): invalid crc value
[  333.391457][ T6728] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  333.402651][ T6728] F2FS-fs (loop0): Start checkpoint disabled!
[  333.428289][ T6728] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  333.705668][ T3690] kworker/u8:18: attempt to access beyond end of device
[  333.705668][ T3690] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  333.720983][ T3690] CPU: 1 UID: 0 PID: 3690 Comm: kworker/u8:18 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  333.721152][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  333.721285][ T3690] Workqueue: writeback wb_workfn (flush-7:0)
[  333.721539][ T3690] Call Trace:
[  333.721597][ T3690]  <TASK>
[  333.721653][ T3690]  __dump_stack+0x26/0x30
[  333.721832][ T3690]  dump_stack_lvl+0x1df/0x270
[  333.722031][ T3690]  dump_stack+0x1e/0x25
[  333.722209][ T3690]  f2fs_handle_critical_error+0xa6f/0xc20
[  333.722464][ T3690]  f2fs_stop_checkpoint+0x65/0x80
[  333.722663][ T3690]  f2fs_write_end_io+0x101c/0x1bc0
[  333.722924][ T3690]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  333.723153][ T3690]  bio_endio+0xe24/0xf80
[  333.723381][ T3690]  submit_bio_noacct+0x214/0x2710
[  333.723599][ T3690]  submit_bio+0x57c/0x630
[  333.723751][ T3690]  f2fs_submit_write_bio+0x92/0x250
[  333.723947][ T3690]  __submit_merged_bio+0x16f/0x6a0
[  333.724139][ T3690]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  333.724337][ T3690]  __submit_merged_write_cond+0x458/0x9a0
[  333.724562][ T3690]  f2fs_write_data_pages+0x4bb2/0x5480
[  333.724864][ T3690]  ? __enqueue_entity+0xbc1/0xcd0
[  333.725077][ T3690]  ? kmsan_get_metadata+0xfb/0x160
[  333.725254][ T3690]  ? kmsan_get_metadata+0xfb/0x160
[  333.725417][ T3690]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  333.725605][ T3690]  ? __update_load_avg_cfs_rq+0xe9/0x1010
[  333.725817][ T3690]  ? __update_load_avg_se+0xd02/0x11c0
[  333.726046][ T3690]  ? kmsan_get_metadata+0xfb/0x160
[  333.726235][ T3690]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  333.726408][ T3690]  ? kmsan_get_metadata+0xfb/0x160
[  333.726576][ T3690]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  333.726752][ T3690]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  333.726965][ T3690]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  333.727179][ T3690]  do_writepages+0x3ef/0x860
[  333.727337][ T3690]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  333.727531][ T3690]  ? __pfx_writeback_sb_inodes+0x1/0x10
[  333.727685][ T3690]  ? kmsan_get_metadata+0xfb/0x160
[  333.727888][ T3690]  __writeback_single_inode+0x101/0x1190
[  333.728057][ T3690]  ? kmsan_get_metadata+0xfb/0x160
[  333.728281][ T3690]  writeback_sb_inodes+0xac1/0x1cb0
[  333.728539][ T3690]  ? kmsan_get_metadata+0xfb/0x160
[  333.728755][ T3690]  wb_writeback+0x4ce/0xc00
[  333.728934][ T3690]  ? queue_io+0x491/0x790
[  333.729094][ T3690]  wb_workfn+0x397/0x1910
[  333.729313][ T3690]  ? kmsan_get_metadata+0xfb/0x160
[  333.729522][ T3690]  ? __pfx_wb_workfn+0x10/0x10
[  333.729730][ T3690]  process_scheduled_works+0xb91/0x1d80
[  333.730023][ T3690]  worker_thread+0xedf/0x1590
[  333.730289][ T3690]  kthread+0xd59/0xf00
[  333.730439][ T3690]  ? __pfx_worker_thread+0x10/0x10
[  333.730680][ T3690]  ? __pfx_kthread+0x10/0x10
[  333.730842][ T3690]  ret_from_fork+0x1e3/0x310
[  333.731006][ T3690]  ? __pfx_kthread+0x10/0x10
[  333.731176][ T3690]  ret_from_fork_asm+0x1a/0x30
[  333.731416][ T3690]  </TASK>
[  334.032882][ T3690] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  335.529851][ T6751] loop1: detected capacity change from 0 to 256
[  335.581095][ T6751] exfat: Deprecated parameter 'namecase'
[  335.594737][ T6751] exfat: Deprecated parameter 'utf8'
[  335.755445][ T6751] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  335.870192][ T6753] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  336.689341][ T6758] netlink: 'syz.4.230': attribute type 39 has an invalid length.
[  336.725930][ T6758] bridge0: port 1(bridge_slave_0) entered disabled state
[  336.809998][ T6758] bridge_slave_0 (unregistering): left allmulticast mode
[  336.827387][ T6758] bridge_slave_0 (unregistering): left promiscuous mode
[  336.834921][ T6758] bridge0: port 1(bridge_slave_0) entered disabled state
[  337.016397][ T6759] tc_dump_action: action bad kind
[  338.989891][ T6772] loop1: detected capacity change from 0 to 32768
[  339.126667][ T6772] OCFS2: ERROR (device loop1): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #71: i_blkno is 32583
[  339.142582][ T6772] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  339.153108][ T6772] OCFS2: File system is now read-only.
[  339.158933][ T6772] (syz.1.237,6772,1):ocfs2_read_locked_inode:597 ERROR: status = -30
[  339.167607][ T6772] (syz.1.237,6772,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30
[  339.183574][ T6772] (syz.1.237,6772,1):ocfs2_init_global_system_inodes:465 ERROR: status = -30
[  339.195940][ T6772] (syz.1.237,6772,1):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 4, possibly corrupt fs?
[  339.196147][ T6772] (syz.1.237,6772,1):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[  339.219652][ T6772] (syz.1.237,6772,1):ocfs2_initialize_super:2198 ERROR: status = -30
[  339.228835][ T6772] (syz.1.237,6772,1):ocfs2_fill_super:1177 ERROR: status = -30
[  339.300627][ T5810] Bluetooth: hci0: command 0x0406 tx timeout
[  339.310005][ T5814] Bluetooth: hci2: command 0x0406 tx timeout
[  339.316251][ T5814] Bluetooth: hci1: command 0x0406 tx timeout
[  341.350268][ T6783] loop3: detected capacity change from 0 to 40427
[  341.360896][ T6783] f2fs: Unknown parameter '��������nd_gc'
[  342.291741][ T6791] loop0: detected capacity change from 0 to 2048
[  342.350353][   T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  342.556012][   T24] usb 4-1: device descriptor read/64, error -71
[  342.592458][ T6791] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  342.827319][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  343.007797][   T24] usb 4-1: device descriptor read/64, error -71
[  343.087479][ T5864] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  343.131672][   T24] usb usb4-port1: attempt power cycle
[  343.298487][ T5864] usb 1-1: Using ep0 maxpacket: 16
[  343.378009][ T5864] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  343.388478][ T5864] usb 1-1: config 0 interface 0 has no altsetting 0
[  343.395581][ T5864] usb 1-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  343.406661][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.538324][ T5864] usb 1-1: config 0 descriptor??
[  343.557942][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  343.631867][   T24] usb 4-1: device descriptor read/8, error -71
[  344.230045][ T6809] ipvlan3: entered promiscuous mode
[  344.235682][ T6809] ipvlan3: entered allmulticast mode
[  344.417521][   T49] Bluetooth: hci3: command 0x0406 tx timeout
[  344.791623][ T5864] hid (null): unknown global tag 0xe
[  344.964879][ T6813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.253'.
[  345.037546][ T6791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  345.048104][ T6791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  345.085308][ T5864] cougar 0003:060B:500A.0002: usage count exceeds max: fixing up report descriptor
[  345.180106][ T5864] cougar 0003:060B:500A.0002: unexpected long global item
[  345.235930][ T5864] cougar 0003:060B:500A.0002: parse failed
[  345.243211][ T5864] cougar 0003:060B:500A.0002: probe with driver cougar failed with error -22
[  345.332176][ T5864] usb 1-1: USB disconnect, device number 5
[  346.191997][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.969789][ T6838] netlink: 14 bytes leftover after parsing attributes in process `syz.0.260'.
[  347.128345][ T6842] loop3: detected capacity change from 0 to 512
[  347.220934][ T6842] EXT4-fs: Ignoring removed i_version option
[  347.316341][ T6831] loop2: detected capacity change from 0 to 4096
[  347.378097][ T6842] EXT4-fs (loop3): 1 orphan inode deleted
[  347.386651][ T6842] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.901564][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.391982][ T6854] netlink: 24 bytes leftover after parsing attributes in process `syz.4.265'.
[  348.402119][ T6854] netlink: 8 bytes leftover after parsing attributes in process `syz.4.265'.
[  348.606053][ T6856] netlink: 12 bytes leftover after parsing attributes in process `syz.2.266'.
[  348.637548][ T6856] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  349.500763][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804d1d9000: rx timeout, send abort
[  349.635225][ T6867] netlink: 12 bytes leftover after parsing attributes in process `syz.4.270'.
[  349.982853][ T6867] bridge2: port 1(veth0_to_bond) entered blocking state
[  349.990620][ T6867] bridge2: port 1(veth0_to_bond) entered disabled state
[  349.998457][ T6867] veth0_to_bond: entered allmulticast mode
[  350.001681][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804d24bc00: rx timeout, send abort
[  350.008243][ T6867] veth0_to_bond: entered promiscuous mode
[  350.016900][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804d1d9000: abort rx timeout. Force session deactivation
[  350.359089][ T6865] loop0: detected capacity change from 0 to 32768
[  350.377911][ T6865] BTRFS warning: excessive commit interval 2147483647, use with care
[  350.389261][ T6865] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.269 (6865)
[  350.427901][ T6865] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  350.447685][ T6865] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  350.457079][ T6865] BTRFS info (device loop0): disk space caching is enabled
[  350.464534][ T6865] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  350.513066][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804d24bc00: abort rx timeout. Force session deactivation
[  350.814042][ T6865] BTRFS info (device loop0): rebuilding free space tree
[  350.864949][ T6865] BTRFS info (device loop0): disabling free space tree
[  350.872379][ T6865] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  350.883041][ T6865] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  351.224142][ T5808] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  351.752444][ T6897] netlink: 52 bytes leftover after parsing attributes in process `syz.2.276'.
[  352.258218][ T5864] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  352.427263][ T1871] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  352.510035][ T5864] usb 3-1: Using ep0 maxpacket: 16
[  352.539673][ T5864] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  352.551238][ T5864] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x33, changing to 0x3
[  352.563484][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  352.574802][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 57408, setting to 1024
[  352.600947][ T5864] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  352.614153][ T5864] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  352.652351][ T1871] usb 4-1: device descriptor read/64, error -71
[  352.663074][ T5864] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  352.673474][ T5864] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  352.682276][ T5864] usb 3-1: Manufacturer: syz
[  352.856988][ T5864] usb 3-1: config 0 descriptor??
[  352.897078][ T1871] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  353.127184][ T1871] usb 4-1: device descriptor read/64, error -71
[  353.149869][ T6897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  353.160537][ T6897] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  353.268878][ T1871] usb usb4-port1: attempt power cycle
[  353.373347][   T11] usb 3-1: USB disconnect, device number 5
[  353.715756][ T1871] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  353.843603][ T1871] usb 4-1: device descriptor read/8, error -71
[  354.137165][ T1871] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  354.230676][ T1871] usb 4-1: device descriptor read/8, error -71
[  354.365359][ T1871] usb usb4-port1: unable to enumerate USB device
[  355.072668][ T1871] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  355.243208][ T1871] usb 1-1: Using ep0 maxpacket: 8
[  355.367383][ T1871] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  355.378178][ T1871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.386510][ T1871] usb 1-1: Product: syz
[  355.391155][ T1871] usb 1-1: Manufacturer: syz
[  355.395977][ T1871] usb 1-1: SerialNumber: syz
[  355.533894][ T1871] usb 1-1: config 0 descriptor??
[  355.548083][ T6926] netlink: 76 bytes leftover after parsing attributes in process `syz.2.287'.
[  355.625199][ T1871] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  355.810761][ T1871] gspca_sonixj: reg_w1 err -71
[  355.816071][ T1871] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  355.891395][ T1871] usb 1-1: USB disconnect, device number 6
[  355.917358][ T5988] udevd[5988]: setting owner of /dev/bus/usb/001/006 to uid=0, gid=0 failed: No such file or directory
[  356.048201][   T11] usb 2-1: new full-speed USB device number 19 using dummy_hcd
[  356.329636][   T11] usb 2-1: unable to get BOS descriptor or descriptor too short
[  356.363306][   T11] usb 2-1: not running at top speed; connect to a high speed hub
[  356.415838][   T11] usb 2-1: config 1 has an invalid interface number: 138 but max is 0
[  356.424551][   T11] usb 2-1: config 1 has no interface number 0
[  356.431644][   T11] usb 2-1: config 1 interface 138 has no altsetting 0
[  356.551686][   T11] usb 2-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  356.561462][   T11] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.569909][   T11] usb 2-1: Product: syz
[  356.574276][   T11] usb 2-1: Manufacturer: syz
[  356.583426][   T11] usb 2-1: SerialNumber: syz
[  357.097941][   T11] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  357.100648][ T6937] netlink: 'syz.3.292': attribute type 39 has an invalid length.
[  357.136650][ T6937] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.382668][ T6937] bridge_slave_0 (unregistering): left allmulticast mode
[  357.390415][ T6937] bridge_slave_0 (unregistering): left promiscuous mode
[  357.404767][ T6937] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.495607][   T11] usb 2-1: USB disconnect, device number 19
[  357.774317][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  357.781465][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  358.153355][ T6134] udevd[6134]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  358.249033][ T6939] loop0: detected capacity change from 0 to 32768
[  358.263885][ T6939] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.293 (6939)
[  358.295145][ T6939] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  358.307734][ T6939] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  358.317184][ T6939] BTRFS info (device loop0): using free-space-tree
[  359.008331][   T30] audit: type=1326 audit(1755223141.416:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6961 comm="syz.2.297" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f917d38ebe9 code=0x0
[  359.168646][ T6963] loop1: detected capacity change from 0 to 164
[  359.275933][ T5808] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  359.363654][   T11] IPVS: starting estimator thread 0...
[  359.483999][ T6968] IPVS: using max 192 ests per chain, 9600 per kthread
[  361.344606][ T6977] loop3: detected capacity change from 0 to 2048
[  361.557838][ T6977] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  361.571030][ T6977] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  362.165604][ T6977] overlayfs: conflicting lowerdir path
[  362.703583][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.824311][    C1] Dead loop on virtual device ipvlan1, fix it urgently!
[  363.192609][ T6994] loop2: detected capacity change from 0 to 8
[  363.342075][ T6994] Filesystem uses "unknown" compression. This is not supported
[  363.419996][ T6995] 8021q: VLANs not supported on vcan0
[  364.137983][ T5894] usb 1-1: new low-speed USB device number 7 using dummy_hcd
[  364.370224][ T5894] usb 1-1: Invalid ep0 maxpacket: 16
[  364.538078][ T5894] usb 1-1: new low-speed USB device number 8 using dummy_hcd
[  364.767805][ T5894] usb 1-1: Invalid ep0 maxpacket: 16
[  364.837724][ T5894] usb usb1-port1: attempt power cycle
[  365.083006][ T7011] netlink: 56 bytes leftover after parsing attributes in process `syz.4.312'.
[  365.097250][ T7011] A link change request failed with some changes committed already. Interface veth0_to_batadv may have been left with an inconsistent configuration, please check.
[  365.267647][ T5894] usb 1-1: new low-speed USB device number 9 using dummy_hcd
[  365.332176][ T5894] usb 1-1: Invalid ep0 maxpacket: 16
[  365.509040][ T5894] usb 1-1: new low-speed USB device number 10 using dummy_hcd
[  365.577982][ T5894] usb 1-1: Invalid ep0 maxpacket: 16
[  365.590710][ T5894] usb usb1-port1: unable to enumerate USB device
[  365.879745][ T7021] netlink: 8 bytes leftover after parsing attributes in process `syz.1.317'.
[  366.229285][ T7024] fuse: Bad value for 'fd'
[  366.959268][ T7034] netlink: 84 bytes leftover after parsing attributes in process `syz.2.322'.
[  366.969368][ T7034] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.034779][ T7067] netlink: 14 bytes leftover after parsing attributes in process `syz.1.333'.
[  369.305873][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.315717][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.324647][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.334653][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.342687][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.350973][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.358984][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.366943][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.374662][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.387537][   T11] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  369.554269][ T7073] loop2: detected capacity change from 0 to 1024
[  369.665466][ T7073] EXT4-fs: Ignoring removed nobh option
[  369.671946][ T7073] EXT4-fs: Ignoring removed bh option
[  369.741513][ T7073] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  369.769251][   T11] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  369.937130][   T11] hid-generic 8000:0007:0006.0004: item fetching failed at offset 0/27
[  370.025772][ T5168] udevd[5168]: worker [6032] terminated by signal 33 (Unknown signal 33)
[  370.030309][   T11] hid-generic 8000:0007:0006.0004: probe with driver hid-generic failed with error -22
[  370.070354][ T5168] udevd[5168]: worker [6032] failed while handling '/devices/virtual/block/loop2'
[  370.111578][ T5168] udevd[5168]: worker [5988] terminated by signal 33 (Unknown signal 33)
[  370.154006][ T7079] loop3: detected capacity change from 0 to 1024
[  370.167328][ T5168] udevd[5168]: worker [5988] failed while handling '/devices/virtual/misc/uhid/0000:0000:0000.0003/hidraw/hidraw0'
[  370.263364][ T7085] bond1 (unregistering): Released all slaves
[  370.379841][ T7084] netlink: 16 bytes leftover after parsing attributes in process `syz.1.339'.
[  370.523281][ T5807] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.537656][ T7084] batadv0: entered promiscuous mode
[  370.550849][ T7084] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  370.564396][ T7084] batadv0: left promiscuous mode
[  371.357347][   T11] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  371.381534][ T7097] netlink: 12 bytes leftover after parsing attributes in process `syz.3.342'.
[  371.412424][ T7097] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  371.615296][   T11] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  371.624356][   T11] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  371.637631][   T11] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  371.637715][ T7099] netlink: 'syz.4.343': attribute type 10 has an invalid length.
[  371.655602][ T7099] 8021q: adding VLAN 0 to HW filter on device team0
[  371.657650][   T11] usb 1-1: config 220 has no interface number 2
[  371.657821][   T11] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  371.674041][ T7099] bond0: (slave team0): Enslaving as an active interface with an up link
[  371.685160][   T11] usb 1-1: config 220 interface 0 has no altsetting 0
[  371.702694][   T11] usb 1-1: config 220 interface 76 has no altsetting 0
[  371.710316][   T11] usb 1-1: config 220 interface 1 has no altsetting 0
[  371.724278][ T7099] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  371.781942][ T7099] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  371.969629][   T11] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  371.979347][   T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.987934][   T11] usb 1-1: Product: syz
[  371.992420][   T11] usb 1-1: Manufacturer: syz
[  371.997439][   T11] usb 1-1: SerialNumber: syz
[  372.309079][ T7103] process 'syz.3.345' launched './file0' with NULL argv: empty string added
[  372.610157][   T11] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[  372.617324][   T11] usb 1-1: No valid video chain found.
[  372.623191][   T11] usb 1-1: selecting invalid altsetting 0
[  372.709025][ T5894] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  372.746577][   T11] usb 1-1: selecting invalid altsetting 0
[  372.752948][   T11] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[  372.848952][   T11] usb 1-1: USB disconnect, device number 11
[  372.856366][ T7114] netlink: 12 bytes leftover after parsing attributes in process `syz.2.348'.
[  372.949518][ T5894] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  372.961022][ T5894] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  372.978086][ T5894] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  373.046632][ T5894] usb 4-1: Dual-Role OTG device on HNP port
[  373.104229][ T5894] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  373.114545][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.123203][ T5894] usb 4-1: Product: syz
[  373.127980][ T5894] usb 4-1: Manufacturer: syz
[  373.132800][ T5894] usb 4-1: SerialNumber: syz
[  373.362523][ T5894] cdc_ether 4-1:1.0: skipping garbage
[  373.368542][ T5894] usb 4-1: bad CDC descriptors
[  373.574892][ T5894] usb 4-1: USB disconnect, device number 15
[  373.823798][ T7118] loop1: detected capacity change from 0 to 1024
[  373.927642][ T7118] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  374.082495][ T7118] input: syz0 as /devices/virtual/input/input8
[  374.131521][ T7120] bond_slave_0: entered promiscuous mode
[  374.137968][ T7120] bond_slave_1: entered promiscuous mode
[  374.144320][ T7120] vlan2: entered promiscuous mode
[  374.149898][ T7120] bond0: entered promiscuous mode
[  374.278150][ T7118] udf: Unknown parameter '01777777777777777777777��'
[  374.519535][ T7118] udf: Unknown parameter '����������01777777777777777777777���X�c�v�:�Q���'
[  377.027863][ T7149] netlink: 12 bytes leftover after parsing attributes in process `syz.2.361'.
[  378.232926][   T30] audit: type=1326 audit(1755223160.556:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7158 comm="syz.2.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d38ebe9 code=0x7ffc0000
[  378.233375][ T7153] loop1: detected capacity change from 0 to 32768
[  378.258670][   T30] audit: type=1326 audit(1755223160.556:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7158 comm="syz.2.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d38ebe9 code=0x7ffc0000
[  378.364183][ T7153] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  378.477379][ T7153] XFS (loop1): Ending clean mount
[  378.501379][ T7153] XFS (loop1): Quotacheck needed: Please wait.
[  378.512813][   T30] audit: type=1326 audit(1755223160.776:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7158 comm="syz.2.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f917d38ebe9 code=0x7ffc0000
[  378.536312][   T30] audit: type=1326 audit(1755223160.846:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7158 comm="syz.2.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d38ebe9 code=0x7ffc0000
[  378.559794][   T30] audit: type=1326 audit(1755223160.846:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7158 comm="syz.2.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d38ebe9 code=0x7ffc0000
[  378.683356][ T7153] XFS (loop1): Quotacheck: Done.
[  378.932499][ T5815] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  380.073334][ T7184] netlink: 12 bytes leftover after parsing attributes in process `syz.1.369'.
[  380.102660][ T7184] vlan2: entered promiscuous mode
[  380.108872][ T7184] dummy0: entered promiscuous mode
[  380.655461][ T7183] loop0: detected capacity change from 0 to 32768
[  380.735990][ T7179] loop3: detected capacity change from 0 to 1024
[  380.766617][ T7179] EXT4-fs: Ignoring removed nobh option
[  380.773409][ T7179] EXT4-fs: Ignoring removed bh option
[  381.142717][ T7179] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  381.658880][ T7196] netlink: 12 bytes leftover after parsing attributes in process `syz.1.375'.
[  383.443635][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  383.692367][ T7207] loop0: detected capacity change from 0 to 256
[  383.712314][ T7208] loop2: detected capacity change from 0 to 512
[  383.801601][ T7207] exfat: Deprecated parameter 'namecase'
[  383.808051][ T7207] exfat: Deprecated parameter 'utf8'
[  383.990490][ T7208] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  384.000362][ T7208] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001)
[  384.010994][ T7208] FAT-fs (loop2): Filesystem has been set read-only
[  384.169150][ T7207] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  384.261957][ T7208] netlink: 'syz.2.379': attribute type 1 has an invalid length.
[  384.270893][ T7208] netlink: 'syz.2.379': attribute type 4 has an invalid length.
[  384.278967][ T7208] netlink: 212 bytes leftover after parsing attributes in process `syz.2.379'.
[  384.769616][ T7218] loop3: detected capacity change from 0 to 164
[  384.804512][ T7218] iso9660: Unknown parameter 'chec'
[  384.997253][   T11] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  385.120197][ T7224] netlink: 32 bytes leftover after parsing attributes in process `syz.3.381'.
[  385.211984][   T11] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  385.223680][   T11] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  385.233975][   T11] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  385.243683][   T11] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.475102][   T11] usb 3-1: config 0 descriptor??
[  386.131653][   T11] usbhid 3-1:0.0: can't add hid device: -71
[  386.138683][   T11] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  386.227588][   T11] usb 3-1: USB disconnect, device number 6
[  386.395100][ T7235] netlink: 12 bytes leftover after parsing attributes in process `syz.4.388'.
[  387.517897][ T7240] loop0: detected capacity change from 0 to 32768
[  387.559813][ T7246] netlink: 'syz.4.391': attribute type 1 has an invalid length.
[  387.762371][ T7246] 8021q: adding VLAN 0 to HW filter on device bond1
[  387.784088][ T7240] OCFS2: ERROR (device loop0): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #71: i_blkno is 32583
[  387.799753][ T7240] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  387.821084][ T7240] OCFS2: File system is now read-only.
[  387.828384][ T7240] (syz.0.389,7240,1):ocfs2_read_locked_inode:597 ERROR: status = -30
[  387.837301][ T7240] (syz.0.389,7240,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30
[  387.847063][ T7240] (syz.0.389,7240,1):ocfs2_init_global_system_inodes:465 ERROR: status = -30
[  387.856213][ T7240] (syz.0.389,7240,1):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 4, possibly corrupt fs?
[  387.856417][ T7240] (syz.0.389,7240,1):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[  387.878615][ T7240] (syz.0.389,7240,1):ocfs2_initialize_super:2198 ERROR: status = -30
[  387.887792][ T7240] (syz.0.389,7240,1):ocfs2_fill_super:1177 ERROR: status = -30
[  387.904300][ T7249] vlan2: entered allmulticast mode
[  387.910109][ T7249] macvtap0: entered allmulticast mode
[  387.920820][ T7249] veth0_macvtap: entered allmulticast mode
[  387.946964][ T7249] bond1: (slave vlan2): making interface the new active one
[  387.970877][ T7249] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  388.208397][ T7245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  388.500034][ T7260] netlink: 84 bytes leftover after parsing attributes in process `syz.0.395'.
[  388.712112][ T7260] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.520084][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.396'.
[  389.529566][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.396'.
[  390.588629][ T7278] netlink: 12 bytes leftover after parsing attributes in process `syz.4.401'.
[  390.958220][ T7280] loop2: detected capacity change from 0 to 2048
[  391.193316][ T7287] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  391.339196][ T7280] FAULT_INJECTION: forcing a failure.
[  391.339196][ T7280] name failslab, interval 1, probability 0, space 0, times 1
[  391.352559][ T7280] CPU: 1 UID: 0 PID: 7280 Comm: syz.2.403 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  391.352743][ T7280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  391.352834][ T7280] Call Trace:
[  391.352891][ T7280]  <TASK>
[  391.352947][ T7280]  __dump_stack+0x26/0x30
[  391.353145][ T7280]  dump_stack_lvl+0x1df/0x270
[  391.353350][ T7280]  dump_stack+0x1e/0x25
[  391.353529][ T7280]  should_fail_ex+0x7dc/0x8a0
[  391.353779][ T7280]  should_failslab+0x15b/0x200
[  391.353973][ T7280]  __kmalloc_cache_noprof+0xcb/0xed0
[  391.354181][ T7280]  ? nilfs_init_fs_context+0x5d/0x150
[  391.354362][ T7280]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  391.354535][ T7280]  ? kmsan_get_metadata+0xfb/0x160
[  391.354741][ T7280]  nilfs_init_fs_context+0x5d/0x150
[  391.354925][ T7280]  ? __pfx_nilfs_init_fs_context+0x10/0x10
[  391.355107][ T7280]  alloc_fs_context+0xaf1/0xda0
[  391.355322][ T7280]  fs_context_for_reconfigure+0x75/0xa0
[  391.355522][ T7280]  path_mount+0x19e9/0x1e90
[  391.355763][ T7280]  __se_sys_mount+0x6eb/0x7d0
[  391.355999][ T7280]  __x64_sys_mount+0xe4/0x150
[  391.356213][ T7280]  x64_sys_call+0x3604/0x3e20
[  391.356418][ T7280]  do_syscall_64+0xd9/0x210
[  391.356605][ T7280]  ? irqentry_exit+0x16/0x60
[  391.356784][ T7280]  ? clear_bhb_loop+0x40/0x90
[  391.356960][ T7280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.357133][ T7280] RIP: 0033:0x7f917d39038a
[  391.357258][ T7280] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.357393][ T7280] RSP: 002b:00007f917e21de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  391.357545][ T7280] RAX: ffffffffffffffda RBX: 00007f917e21def0 RCX: 00007f917d39038a
[  391.357661][ T7280] RDX: 0000200000000f40 RSI: 0000200000000140 RDI: 0000000000000000
[  391.357775][ T7280] RBP: 0000200000000f40 R08: 00007f917e21def0 R09: 0000000001a4a438
[  391.357884][ T7280] R10: 0000000001a4a438 R11: 0000000000000246 R12: 0000200000000140
[  391.357983][ T7280] R13: 00007f917e21deb0 R14: 0000000000000000 R15: 00002000000008c0
[  391.358127][ T7280]  </TASK>
[  391.570844][    C1] vkms_vblank_simulate: vblank timer overrun
[  391.936370][ T7287] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  391.949305][ T7287] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4)
[  392.031060][ T7287] Remounting filesystem read-only
[  392.115959][ T5807] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer
[  392.479793][ T7294] loop1: detected capacity change from 0 to 64
[  392.757406][ T7294] netlink: 12 bytes leftover after parsing attributes in process `syz.1.409'.
[  393.082247][ T7292] loop3: detected capacity change from 0 to 32768
[  393.098965][ T7292] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.408 (7292)
[  393.121018][ T7292] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  393.133144][ T7292] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  393.147371][ T7292] BTRFS info (device loop3): disk space caching is enabled
[  393.154965][ T7292] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  393.434113][ T7292] BTRFS info (device loop3): rebuilding free space tree
[  393.484145][ T7292] BTRFS info (device loop3): disabling free space tree
[  393.492180][ T7292] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  393.502279][ T7292] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  393.630257][   T30] audit: type=1800 audit(1755223176.056:14): pid=7292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.408" name="bus" dev="loop3" ino=263 res=0 errno=0
[  393.894847][ T7322] netlink: 12 bytes leftover after parsing attributes in process `syz.1.413'.
[  393.927689][ T7322] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  394.858764][ T7331] netlink: 12 bytes leftover after parsing attributes in process `syz.0.417'.
[  394.943513][ T5821] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  395.109525][ T7335] loop2: detected capacity change from 0 to 256
[  395.152142][ T7335] vfat: Unknown parameter 'nsk'
[  396.054960][ T7343] loop0: detected capacity change from 0 to 1024
[  396.316634][ T7343] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  396.687411][   T11] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  396.961949][   T11] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  396.976398][   T11] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.176598][   T11] usb 2-1: config 0 descriptor??
[  397.297348][   T11] cp210x 2-1:0.0: cp210x converter detected
[  397.567507][ T7351] loop2: detected capacity change from 0 to 32768
[  397.578470][ T7351] BTRFS warning: excessive commit interval 2147483647, use with care
[  397.646512][ T7351] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.425 (7351)
[  397.728281][ T7351] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  397.738918][ T7351] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  397.754742][ T7351] BTRFS info (device loop2): disk space caching is enabled
[  397.762549][ T7351] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  397.897579][   T11] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  397.990566][   T11] cp210x 2-1:0.0: failed to get vendor val 0x3711 size 2: -121
[  397.998929][   T11] cp210x 2-1:0.0: GPIO initialisation failed: -121
[  398.132684][   T11] usb 2-1: cp210x converter now attached to ttyUSB0
[  398.674908][ T7351] BTRFS info (device loop2): rebuilding free space tree
[  398.723818][ T7351] BTRFS info (device loop2): disabling free space tree
[  398.731506][ T7351] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  398.741908][ T7351] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  399.129353][ T5807] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  399.685289][   T24] usb 2-1: USB disconnect, device number 20
[  399.766414][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  399.780278][   T24] cp210x 2-1:0.0: device disconnected
[  400.411563][ T7393] netlink: 76 bytes leftover after parsing attributes in process `syz.4.433'.
[  400.620372][ T7397] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9
[  402.582338][   T11] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  402.850646][   T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  402.867949][   T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 255, setting to 64
[  402.879372][   T11] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  402.888882][   T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.031290][   T11] usb 1-1: config 0 descriptor??
[  403.040471][ T7419] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  403.547390][   T11] ath6kl: Failed to read usb control message: -71
[  403.554304][   T11] ath6kl: Unable to read the bmi data from the device: -71
[  403.561931][   T11] ath6kl: Unable to recv target info: -71
[  403.637831][   T11] ath6kl: Failed to init ath6kl core: -71
[  403.650465][   T11] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  403.693510][ T7426] loop2: detected capacity change from 0 to 2048
[  403.740285][ T7426] udf: Unknown parameter 'iochartf8'
[  403.818780][   T11] usb 1-1: USB disconnect, device number 12
[  404.820258][ T7439] loop3: detected capacity change from 0 to 2048
[  405.071270][ T7443] loop2: detected capacity change from 0 to 2048
[  405.126022][ T7445] loop0: detected capacity change from 0 to 256
[  405.171400][ T7445] exfat: Deprecated parameter 'namecase'
[  405.178162][ T7445] exfat: Deprecated parameter 'utf8'
[  405.352341][ T7447] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  405.409074][ T7445] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  405.618015][ T7449] netlink: 'syz.1.453': attribute type 39 has an invalid length.
[  405.669442][ T7447] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  405.680773][ T7447] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4)
[  405.753713][ T7447] Remounting filesystem read-only
[  405.774324][ T7443] NILFS (loop2): mounting fs with errors
[  405.839568][ T7451] netlink: 28 bytes leftover after parsing attributes in process `syz.4.454'.
[  406.057872][ T7453] loop3: detected capacity change from 0 to 164
[  406.302401][ T7447] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  406.313678][ T7447] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4)
[  406.323578][ T7447] Remounting filesystem read-only
[  406.418712][ T5807] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer
[  407.791314][ T7469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.462'.
[  407.952452][ T7470] team_slave_0: entered promiscuous mode
[  407.958762][ T7470] team_slave_1: entered promiscuous mode
[  407.965073][ T7470] vlan2: entered promiscuous mode
[  407.970596][ T7470] team0: entered promiscuous mode
[  409.525763][ T7476] loop2: detected capacity change from 0 to 32768
[  409.808586][ T7476] OCFS2: ERROR (device loop2): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #71: i_blkno is 32583
[  409.824432][ T7476] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  409.840586][ T7476] OCFS2: File system is now read-only.
[  409.846251][ T7476] (syz.2.465,7476,1):ocfs2_read_locked_inode:597 ERROR: status = -30
[  409.856903][ T7476] (syz.2.465,7476,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30
[  409.866380][ T7476] (syz.2.465,7476,1):ocfs2_init_global_system_inodes:465 ERROR: status = -30
[  409.875822][ T7476] (syz.2.465,7476,1):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 4, possibly corrupt fs?
[  409.876025][ T7476] (syz.2.465,7476,1):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[  409.897949][ T7476] (syz.2.465,7476,1):ocfs2_initialize_super:2198 ERROR: status = -30
[  409.906962][ T7476] (syz.2.465,7476,1):ocfs2_fill_super:1177 ERROR: status = -30
[  411.019470][ T7483] netlink: 'syz.0.466': attribute type 1 has an invalid length.
[  411.117838][   T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  411.370058][   T24] usb 3-1: Using ep0 maxpacket: 16
[  411.375086][ T7483] 8021q: adding VLAN 0 to HW filter on device bond1
[  411.417411][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  411.429567][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  411.443097][   T24] usb 3-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  411.452581][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.507626][   T24] usb 3-1: config 0 descriptor??
[  411.535587][ T7488] vlan2: entered allmulticast mode
[  411.541453][ T7488] macvtap0: entered allmulticast mode
[  411.547487][ T7488] veth0_macvtap: entered allmulticast mode
[  411.565971][ T7482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  411.580588][ T7488] bond1: (slave vlan2): making interface the new active one
[  411.604954][ T7488] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  411.697973][ T7493] loop1: detected capacity change from 0 to 256
[  412.047651][   T24] kye 0003:0458:0153.0005: item fetching failed at offset 1/5
[  412.116094][   T24] kye 0003:0458:0153.0005: parse failed
[  412.122832][   T24] kye 0003:0458:0153.0005: probe with driver kye failed with error -22
[  412.238983][ T1871] usb 3-1: USB disconnect, device number 7
[  413.651469][ T7511] fuse: Bad value for 'fd'
[  414.717423][ T7513] loop2: detected capacity change from 0 to 32768
[  414.961947][ T7513] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  414.962104][ T7513]   allowing incompatible features above 0.0: (unknown version)
[  414.962215][ T7513]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  415.003171][ T7513] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  415.011760][ T7513] bcachefs (loop2): initializing new filesystem
[  415.032812][ T7513] bcachefs (loop2): going read-write
[  415.110572][ T7513] bcachefs (loop2): marking superblocks
[  415.180947][ T7513] bcachefs (loop2): initializing freespace
[  415.212982][ T7513] bcachefs (loop2): done initializing freespace
[  415.235988][ T7513] bcachefs (loop2): reading snapshots table
[  415.242933][ T7513] bcachefs (loop2): reading snapshots done
[  415.364611][ T7513] bcachefs (loop2): done starting filesystem
[  416.001034][ T5807] bcachefs (loop2): shutting down
[  416.006605][ T5807] bcachefs (loop2): going read-only
[  416.012555][ T5807] bcachefs (loop2): finished waiting for writes to stop
[  416.107541][ T5807] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4
[  416.208363][   T24] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  416.364181][ T5807] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4
[  416.404215][ T5807] bcachefs (loop2): clean shutdown complete, journal seq 5
[  416.434164][ T5807] bcachefs (loop2): marking filesystem clean
[  416.448087][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.460109][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.470494][   T24] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  416.479998][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.599699][ T7544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.486'.
[  416.641462][ T7544] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  416.691475][ T5807] bcachefs (loop2): shutdown complete
[  416.729242][   T24] usb 4-1: config 0 descriptor??
[  417.363023][   T24] cm6533_jd 0003:0D8C:0022.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  418.707999][   T24] usb 4-1: reset high-speed USB device number 16 using dummy_hcd
[  418.907735][   T24] usb 4-1: device descriptor read/64, error -32
[  419.162428][   T24] usb 4-1: reset high-speed USB device number 16 using dummy_hcd
[  419.176285][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  419.183579][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  419.988719][ T5894] usb 4-1: USB disconnect, device number 16
[  420.231324][ T5812] Bluetooth: hci2: unexpected event 0x04 length: 83 > 10
[  420.239424][   T30] audit: type=1326 audit(1755223202.666:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7574 comm="syz.0.492" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f464858ebe9 code=0x0
[  420.293878][ T7576] loop1: detected capacity change from 0 to 8
[  420.401884][ T7576] SQUASHFS error: xz decompression failed, data probably corrupt
[  420.411051][ T7576] SQUASHFS error: Failed to read block 0x108: -5
[  420.418736][ T7576] SQUASHFS error: Unable to read metadata cache entry [106]
[  420.426334][ T7576] SQUASHFS error: Unable to read inode 0x11f
[  420.957764][ T7580] loop3: detected capacity change from 0 to 1024
[  421.046431][ T7581] netlink: 16 bytes leftover after parsing attributes in process `syz.4.495'.
[  421.059237][ T7580] EXT4-fs (loop3): blocks per group (65535) and clusters per group (32) inconsistent
[  421.658595][ T6242] udevd[6242]: inotify_add_watch(7, /dev/loop1, 10) failed: No such file or directory
[  422.293555][ T5812] Bluetooth: hci2: command 0x0406 tx timeout
[  422.754217][ T7587] loop0: detected capacity change from 0 to 32768
[  422.766978][ T7587] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.497 (7587)
[  422.827825][ T7587] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  422.843852][ T7587] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  422.853079][ T7587] BTRFS info (device loop0): using free-space-tree
[  422.907169][ T5894] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  423.088189][ T5894] usb 2-1: device descriptor read/64, error -71
[  423.349673][ T5894] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  423.435159][ T5808] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  423.552716][ T5894] usb 2-1: device descriptor read/64, error -71
[  423.698675][ T5894] usb usb2-port1: attempt power cycle
[  424.097044][ T5894] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  424.186088][ T5894] usb 2-1: device descriptor read/8, error -71
[  424.270714][ T7624] netlink: 12 bytes leftover after parsing attributes in process `syz.4.504'.
[  424.280401][ T7624] netlink: 12 bytes leftover after parsing attributes in process `syz.4.504'.
[  424.437523][ T7626] netlink: 12 bytes leftover after parsing attributes in process `syz.4.504'.
[  424.447485][ T7626] netlink: 12 bytes leftover after parsing attributes in process `syz.4.504'.
[  424.458708][ T5894] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  424.553485][ T5894] usb 2-1: device descriptor read/8, error -71
[  424.703407][ T5894] usb usb2-port1: unable to enumerate USB device
[  425.318931][ T7628] loop2: detected capacity change from 0 to 128
[  425.517756][ T7628] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  425.767975][ T7631] netlink: 76 bytes leftover after parsing attributes in process `syz.3.506'.
[  425.897621][ T7632] netlink: 'syz.2.505': attribute type 4 has an invalid length.
[  425.995939][ T7628] FAT-fs (loop2): FAT read failed (blocknr 128)
[  426.262041][ T7639] tmpfs: Bad value for 'mpol'
[  426.432152][ T7639] binder: 7635:7639 ioctl c0306201 2000000003c0 returned -22
[  427.027984][ T7646] netlink: 12 bytes leftover after parsing attributes in process `syz.2.512'.
[  427.249305][ T7648] netlink: 36 bytes leftover after parsing attributes in process `syz.4.513'.
[  427.844190][ T7658] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  427.925783][ T7658] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  429.206114][ T7675] loop0: detected capacity change from 0 to 128
[  429.363745][ T7675] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  429.439915][ T7677] netlink: 'syz.3.523': attribute type 39 has an invalid length.
[  429.573456][ T7680] loop2: detected capacity change from 0 to 8
[  429.705263][ T7680] unable to read fragment index table
[  429.776095][ T7682] netlink: 'syz.0.522': attribute type 4 has an invalid length.
[  429.856305][ T7675] FAT-fs (loop0): FAT read failed (blocknr 128)
[  430.901590][ T7680] loop2: detected capacity change from 0 to 32768
[  430.971530][ T7680] bcachefs (/dev/loop2): error validating superblock: Bad sb offset (got 5, read from 8)
[  430.982578][ T7680] bcachefs: bch2_fs_get_tree() error: invalid_sb_offset
[  431.014066][ T7688] netlink: 8 bytes leftover after parsing attributes in process `syz.4.527'.
[  431.455327][ T7691] loop0: detected capacity change from 0 to 164
[  431.559342][ T7691] ISOFS: Logical zone size(0) < hardware blocksize(1024)
[  431.887954][   T11] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  432.168390][   T11] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  432.180093][   T11] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  432.193687][   T11] usb 4-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00
[  432.203421][   T11] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.383823][   T11] usb 4-1: config 0 descriptor??
[  432.879922][ T7694] loop3: detected capacity change from 0 to 1024
[  432.965327][ T7694] hfsplus: Unknown parameter '/dev/iommu'
[  433.309190][   T11] hid_parser_main: 22 callbacks suppressed
[  433.309309][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x6
[  433.323142][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.330525][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.337894][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.345118][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.352911][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.360339][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.367694][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.375580][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.388759][   T11] ortek 0003:1223:3F07.0007: unknown main item tag 0x0
[  433.900671][ T5894] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  434.191727][ T5894] usb 2-1: config 3 contains an unexpected descriptor of type 0x2, skipping
[  434.206034][ T5894] usb 2-1: config 3 has an invalid descriptor of length 88, skipping remainder of the config
[  434.218876][ T5894] usb 2-1: config 3 has 0 interfaces, different from the descriptor's value: 1
[  434.678705][ T5894] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=90.62
[  434.688589][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.697444][ T5894] usb 2-1: Product: syz
[  434.701820][ T5894] usb 2-1: Manufacturer: syz
[  434.706624][ T5894] usb 2-1: SerialNumber: syz
[  434.718843][ T7706] loop2: detected capacity change from 0 to 40427
[  434.740544][   T11] ortek 0003:1223:3F07.0007: hidraw0: USB HID v0.00 Device [HID 1223:3f07] on usb-dummy_hcd.3-1/input0
[  434.825293][ T7706] F2FS-fs (loop2): invalid crc value
[  435.069834][ T7710] netlink: 8 bytes leftover after parsing attributes in process `syz.4.536'.
[  435.206151][ T7706] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  435.219335][ T7706] F2FS-fs (loop2): Start checkpoint disabled!
[  435.338312][ T7706] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  435.710350][ T7706] syz.2.534: attempt to access beyond end of device
[  435.710350][ T7706] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  435.725574][ T7706] syz.2.534: attempt to access beyond end of device
[  435.725574][ T7706] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  435.895251][   T24] usb 4-1: USB disconnect, device number 17
[  436.108268][ T3748] kworker/u8:20: attempt to access beyond end of device
[  436.108268][ T3748] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  436.123718][ T3748] CPU: 1 UID: 0 PID: 3748 Comm: kworker/u8:20 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  436.123900][ T3748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  436.124020][ T3748] Workqueue: writeback wb_workfn (flush-7:2)
[  436.124274][ T3748] Call Trace:
[  436.124327][ T3748]  <TASK>
[  436.124382][ T3748]  __dump_stack+0x26/0x30
[  436.124571][ T3748]  dump_stack_lvl+0x1df/0x270
[  436.124777][ T3748]  dump_stack+0x1e/0x25
[  436.124957][ T3748]  f2fs_handle_critical_error+0xa6f/0xc20
[  436.125221][ T3748]  f2fs_stop_checkpoint+0x65/0x80
[  436.125436][ T3748]  f2fs_write_end_io+0x101c/0x1bc0
[  436.125701][ T3748]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  436.125913][ T3748]  bio_endio+0xe24/0xf80
[  436.126147][ T3748]  submit_bio_noacct+0x214/0x2710
[  436.126372][ T3748]  submit_bio+0x57c/0x630
[  436.126547][ T3748]  f2fs_submit_write_bio+0x92/0x250
[  436.126753][ T3748]  __submit_merged_bio+0x16f/0x6a0
[  436.126953][ T3748]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  436.127168][ T3748]  __submit_merged_write_cond+0x715/0x9a0
[  436.127369][ T3748]  ? filemap_get_folios_tag+0x488/0x510
[  436.127612][ T3748]  f2fs_submit_merged_write+0x31/0x40
[  436.127811][ T3748]  f2fs_sync_node_pages+0x1fd7/0x20c0
[  436.128009][ T3748]  ? __percpu_counter_sum+0x25b/0x2a0
[  436.128224][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.128406][ T3748]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  436.128613][ T3748]  ? f2fs_sync_fs+0x274/0x440
[  436.128884][ T3748]  f2fs_write_node_pages+0x3c5/0xb40
[  436.129070][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.129258][ T3748]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  436.129473][ T3748]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  436.129663][ T3748]  do_writepages+0x3ef/0x860
[  436.129825][ T3748]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  436.130027][ T3748]  ? __pfx_writeback_sb_inodes+0x1/0x10
[  436.130207][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.130417][ T3748]  __writeback_single_inode+0x101/0x1190
[  436.130603][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.130806][ T3748]  writeback_sb_inodes+0xac1/0x1cb0
[  436.131095][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.131343][ T3748]  wb_writeback+0x4ce/0xc00
[  436.131526][ T3748]  ? queue_io+0x491/0x790
[  436.131701][ T3748]  wb_workfn+0x397/0x1910
[  436.131916][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.132137][ T3748]  ? __pfx_wb_workfn+0x10/0x10
[  436.132349][ T3748]  process_scheduled_works+0xb91/0x1d80
[  436.132649][ T3748]  worker_thread+0xedf/0x1590
[  436.132911][ T3748]  kthread+0xd59/0xf00
[  436.133066][ T3748]  ? __pfx_worker_thread+0x10/0x10
[  436.133321][ T3748]  ? __pfx_kthread+0x10/0x10
[  436.133488][ T3748]  ret_from_fork+0x1e3/0x310
[  436.133652][ T3748]  ? __pfx_kthread+0x10/0x10
[  436.133816][ T3748]  ret_from_fork_asm+0x1a/0x30
[  436.134065][ T3748]  </TASK>
[  436.417866][ T3748] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  436.425058][ T3748] CPU: 1 UID: 0 PID: 3748 Comm: kworker/u8:20 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  436.425242][ T3748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  436.425378][ T3748] Workqueue: writeback wb_workfn (flush-7:2)
[  436.425631][ T3748] Call Trace:
[  436.425691][ T3748]  <TASK>
[  436.425752][ T3748]  __dump_stack+0x26/0x30
[  436.425942][ T3748]  dump_stack_lvl+0x1df/0x270
[  436.426151][ T3748]  dump_stack+0x1e/0x25
[  436.426342][ T3748]  f2fs_handle_critical_error+0xa6f/0xc20
[  436.426608][ T3748]  f2fs_stop_checkpoint+0x65/0x80
[  436.426829][ T3748]  f2fs_write_end_io+0x101c/0x1bc0
[  436.427096][ T3748]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  436.427400][ T3748]  bio_endio+0xe24/0xf80
[  436.427654][ T3748]  submit_bio_noacct+0x214/0x2710
[  436.427890][ T3748]  submit_bio+0x57c/0x630
[  436.428066][ T3748]  f2fs_submit_write_bio+0x92/0x250
[  436.428275][ T3748]  __submit_merged_bio+0x16f/0x6a0
[  436.428485][ T3748]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  436.428695][ T3748]  __submit_merged_write_cond+0x715/0x9a0
[  436.428899][ T3748]  ? filemap_get_folios_tag+0x488/0x510
[  436.429146][ T3748]  f2fs_submit_merged_write+0x31/0x40
[  436.429356][ T3748]  f2fs_sync_node_pages+0x1fd7/0x20c0
[  436.429553][ T3748]  ? __percpu_counter_sum+0x25b/0x2a0
[  436.429763][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.429949][ T3748]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  436.430150][ T3748]  ? f2fs_sync_fs+0x274/0x440
[  436.430433][ T3748]  f2fs_write_node_pages+0x3c5/0xb40
[  436.430622][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.430811][ T3748]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  436.431027][ T3748]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  436.431213][ T3748]  do_writepages+0x3ef/0x860
[  436.431384][ T3748]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  436.431586][ T3748]  ? __pfx_writeback_sb_inodes+0x1/0x10
[  436.431760][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.431969][ T3748]  __writeback_single_inode+0x101/0x1190
[  436.432157][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.432368][ T3748]  writeback_sb_inodes+0xac1/0x1cb0
[  436.432635][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.432870][ T3748]  wb_writeback+0x4ce/0xc00
[  436.433054][ T3748]  ? queue_io+0x491/0x790
[  436.433231][ T3748]  wb_workfn+0x397/0x1910
[  436.433458][ T3748]  ? kmsan_get_metadata+0xfb/0x160
[  436.433676][ T3748]  ? __pfx_wb_workfn+0x10/0x10
[  436.433885][ T3748]  process_scheduled_works+0xb91/0x1d80
[  436.434182][ T3748]  worker_thread+0xedf/0x1590
[  436.434458][ T3748]  kthread+0xd59/0xf00
[  436.434614][ T3748]  ? __pfx_worker_thread+0x10/0x10
[  436.434862][ T3748]  ? __pfx_kthread+0x10/0x10
[  436.435028][ T3748]  ret_from_fork+0x1e3/0x310
[  436.435190][ T3748]  ? __pfx_kthread+0x10/0x10
[  436.435364][ T3748]  ret_from_fork_asm+0x1a/0x30
[  436.435614][ T3748]  </TASK>
[  436.723161][ T3748] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  436.892603][ T5894] usb 2-1: USB disconnect, device number 25
[  437.033899][ T7717] fido_id[7717]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  438.480917][ T7729] loop0: detected capacity change from 0 to 1024
[  438.585709][ T7727] netlink: 'syz.2.538': attribute type 4 has an invalid length.
[  438.915400][ T7732] netlink: 256 bytes leftover after parsing attributes in process `syz.3.543'.
[  439.364873][ T7734] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  439.716163][ T7738] loop2: detected capacity change from 0 to 512
[  439.859409][ T7738] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  439.869647][ T7738] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001)
[  439.880157][ T7738] FAT-fs (loop2): Filesystem has been set read-only
[  440.068338][ T7738] netlink: 'syz.2.546': attribute type 1 has an invalid length.
[  440.076474][ T7738] netlink: 'syz.2.546': attribute type 4 has an invalid length.
[  440.084572][ T7738] netlink: 212 bytes leftover after parsing attributes in process `syz.2.546'.
[  440.489672][ T5894] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  440.632821][ T7746] netlink: 14 bytes leftover after parsing attributes in process `syz.0.549'.
[  440.723769][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  440.735393][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  440.745984][ T5894] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  440.760457][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.053356][ T5894] usb 3-1: config 0 descriptor??
[  441.203846][   T42] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  441.404384][   T42] usb 4-1: device descriptor read/64, error -71
[  441.623546][ T5894] usbhid 3-1:0.0: can't add hid device: -71
[  441.630698][ T5894] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  441.717908][   T42] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  441.748510][ T5894] usb 3-1: USB disconnect, device number 8
[  441.905763][   T42] usb 4-1: device descriptor read/64, error -71
[  442.029522][   T42] usb usb4-port1: attempt power cycle
[  442.061034][ T7759] netlink: 332 bytes leftover after parsing attributes in process `syz.1.555'.
[  442.292799][ T5894] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  442.427071][   T42] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  442.511388][ T5894] usb 1-1: Using ep0 maxpacket: 16
[  442.530650][   T42] usb 4-1: device descriptor read/8, error -71
[  442.561705][ T5894] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  442.573307][ T5894] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  442.687604][ T5894] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  442.702074][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.712249][ T5894] usb 1-1: Product: syz
[  442.719873][ T5894] usb 1-1: Manufacturer: 냢㦴䨗ȗ-习⥰ࣁ煣蚖刳읭귡ꄶ⃰꿂髎㡽
[  442.731453][ T5894] usb 1-1: SerialNumber: syz
[  442.797293][   T42] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  442.865549][   T42] usb 4-1: device descriptor read/8, error -71
[  442.955847][ T7766] loop2: detected capacity change from 0 to 128
[  442.997670][   T42] usb usb4-port1: unable to enumerate USB device
[  443.036276][ T7766] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  443.148099][ T5894] usb 1-1: 0:2 : does not exist
[  443.265284][ T5894] usb 1-1: USB disconnect, device number 13
[  443.354929][ T6346] udevd[6346]: setting mode of /dev/bus/usb/001/013 to 020664 failed: No such file or directory
[  443.402464][ T7771] netlink: 'syz.2.556': attribute type 4 has an invalid length.
[  443.409104][ T6346] udevd[6346]: setting owner of /dev/bus/usb/001/013 to uid=0, gid=0 failed: No such file or directory
[  443.549880][ T7766] FAT-fs (loop2): FAT read failed (blocknr 128)
[  443.643356][ T6346] udevd[6346]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  444.267452][ T7777] loop3: detected capacity change from 0 to 512
[  444.428353][ T7777] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.560: iget: bad i_size value: 38620345925642
[  444.428756][ T7776] netlink: 16 bytes leftover after parsing attributes in process `syz.1.561'.
[  444.474804][ T7776] batadv0: entered promiscuous mode
[  444.487717][ T7776] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  444.501118][ T7776] batadv0: left promiscuous mode
[  444.528193][ T7777] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.560: couldn't read orphan inode 15 (err -117)
[  444.601084][ T7777] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  444.786355][ T7786] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  445.125590][ T7777] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.560: bg 0: block 5: invalid block bitmap
[  445.247503][ T7777] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 5 with error 28
[  445.265596][ T7777] EXT4-fs (loop3): This should not happen!! Data will be lost
[  445.265596][ T7777] 
[  445.276570][ T7791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  445.278406][ T7791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  445.286009][ T7777] EXT4-fs (loop3): Total free blocks count 0
[  445.300581][ T7777] EXT4-fs (loop3): Free/Dirty block details
[  445.307023][ T7777] EXT4-fs (loop3): free_blocks=0
[  445.312177][ T7777] EXT4-fs (loop3): dirty_blocks=5
[  445.317656][ T7777] EXT4-fs (loop3): Block reservation details
[  445.326383][ T7777] EXT4-fs (loop3): i_reserved_data_blocks=5
[  445.537490][ T1871] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  445.621280][ T7793] netlink: 'syz.1.566': attribute type 1 has an invalid length.
[  445.629617][ T7793] netlink: 'syz.1.566': attribute type 4 has an invalid length.
[  445.637846][ T7793] netlink: 212 bytes leftover after parsing attributes in process `syz.1.566'.
[  445.703929][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  445.727175][ T1871] usb 3-1: device descriptor read/64, error -71
[  445.852136][ T7799] FAULT_INJECTION: forcing a failure.
[  445.852136][ T7799] name failslab, interval 1, probability 0, space 0, times 0
[  445.865626][ T7799] CPU: 1 UID: 0 PID: 7799 Comm: syz.0.567 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  445.865802][ T7799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  445.865898][ T7799] Call Trace:
[  445.865951][ T7799]  <TASK>
[  445.866010][ T7799]  __dump_stack+0x26/0x30
[  445.866220][ T7799]  dump_stack_lvl+0x1df/0x270
[  445.866435][ T7799]  dump_stack+0x1e/0x25
[  445.866618][ T7799]  should_fail_ex+0x7dc/0x8a0
[  445.866869][ T7799]  should_failslab+0x15b/0x200
[  445.867069][ T7799]  __kmalloc_noprof+0x182/0x1310
[  445.867289][ T7799]  ? security_prepare_creds+0xa8/0x6e0
[  445.867457][ T7799]  ? kmsan_get_metadata+0xfb/0x160
[  445.867635][ T7799]  ? kmsan_get_metadata+0xfb/0x160
[  445.867834][ T7799]  security_prepare_creds+0xa8/0x6e0
[  445.868013][ T7799]  prepare_creds+0x8e3/0xda0
[  445.868207][ T7799]  copy_creds+0x11c/0xcf0
[  445.868369][ T7799]  ? kmsan_get_metadata+0xfb/0x160
[  445.868553][ T7799]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  445.868763][ T7799]  copy_process+0xffa/0x5eb0
[  445.868949][ T7799]  ? filter_irq_stacks+0x13f/0x190
[  445.869253][ T7799]  kernel_clone+0x416/0x1080
[  445.869440][ T7799]  ? kmsan_get_metadata+0xfb/0x160
[  445.869616][ T7799]  ? kmsan_get_metadata+0xfb/0x160
[  445.869800][ T7799]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  445.869988][ T7799]  ? __msan_memset+0xf6/0x1b0
[  445.870148][ T7799]  __x64_sys_clone+0x253/0x360
[  445.870422][ T7799]  x64_sys_call+0x14f4/0x3e20
[  445.870638][ T7799]  do_syscall_64+0xd9/0x210
[  445.870829][ T7799]  ? irqentry_exit+0x16/0x60
[  445.870998][ T7799]  ? clear_bhb_loop+0x40/0x90
[  445.871168][ T7799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.871351][ T7799] RIP: 0033:0x7f464858ebe9
[  445.871476][ T7799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  445.871621][ T7799] RSP: 002b:00007f46493effe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  445.871779][ T7799] RAX: ffffffffffffffda RBX: 00007f46487b5fa0 RCX: 00007f464858ebe9
[  445.871902][ T7799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002a809000
[  445.872003][ T7799] RBP: 00007f46493f0090 R08: 0000000000000000 R09: 0000000000000000
[  445.872106][ T7799] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  445.872204][ T7799] R13: 00007f46487b6038 R14: 00007f46487b5fa0 R15: 00007ffd6436f8a8
[  445.872371][ T7799]  </TASK>
[  446.028414][ T1871] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  446.264065][   T11] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  446.536275][   T11] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  446.548240][   T11] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  446.558797][   T11] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  446.568423][   T11] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.678284][   T11] usb 2-1: config 0 descriptor??
[  447.242298][   T11] usbhid 2-1:0.0: can't add hid device: -71
[  447.249630][   T11] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  447.340030][   T11] usb 2-1: USB disconnect, device number 26
[  447.432569][ T7807] loop2: detected capacity change from 0 to 1024
[  447.495421][ T7807] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  447.507296][ T7807] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  447.521837][ T7807] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  447.633501][ T7813] netlink: 76 bytes leftover after parsing attributes in process `syz.3.573'.
[  447.672164][ T7807] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  449.790054][ T5807] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.152274][ T7834] loop0: detected capacity change from 0 to 32768
[  450.164614][ T7834] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.580 (7834)
[  450.233510][ T7834] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  450.244304][ T7834] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  450.253926][ T7834] BTRFS info (device loop0): using free-space-tree
[  450.439518][ T7847] vim2m vim2m.0: vidioc_s_fmt queue busy
[  450.445595][ T7847] FAULT_INJECTION: forcing a failure.
[  450.445595][ T7847] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  450.459801][ T7847] CPU: 0 UID: 0 PID: 7847 Comm: syz.2.582 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  450.459977][ T7847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  450.460074][ T7847] Call Trace:
[  450.460130][ T7847]  <TASK>
[  450.460189][ T7847]  __dump_stack+0x26/0x30
[  450.460392][ T7847]  dump_stack_lvl+0x1df/0x270
[  450.460599][ T7847]  dump_stack+0x1e/0x25
[  450.460789][ T7847]  should_fail_ex+0x7dc/0x8a0
[  450.461039][ T7847]  should_fail+0x2a/0x40
[  450.461255][ T7847]  should_fail_usercopy+0x2e/0x40
[  450.461408][ T7847]  _copy_from_user+0x33/0x100
[  450.461577][ T7847]  kstrtouint_from_user+0x75/0x140
[  450.461783][ T7847]  ? kmsan_get_metadata+0xfb/0x160
[  450.461969][ T7847]  ? proc_fail_nth_write+0x43/0x300
[  450.462135][ T7847]  ? vfs_write+0x48a/0x15d0
[  450.462326][ T7847]  proc_fail_nth_write+0x61/0x300
[  450.462495][ T7847]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  450.462685][ T7847]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  450.462859][ T7847]  vfs_write+0x48a/0x15d0
[  450.463039][ T7847]  ? stack_depot_save_flags+0x35/0x7b0
[  450.463256][ T7847]  ? kmsan_get_metadata+0xfb/0x160
[  450.463429][ T7847]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  450.463605][ T7847]  ? kmsan_get_metadata+0xfb/0x160
[  450.463799][ T7847]  __x64_sys_write+0x1fb/0x4d0
[  450.464011][ T7847]  x64_sys_call+0x3014/0x3e20
[  450.464225][ T7847]  do_syscall_64+0xd9/0x210
[  450.464420][ T7847]  ? irqentry_exit+0x16/0x60
[  450.464585][ T7847]  ? clear_bhb_loop+0x40/0x90
[  450.464758][ T7847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.464930][ T7847] RIP: 0033:0x7f917d38d69f
[  450.465048][ T7847] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  450.465193][ T7847] RSP: 002b:00007f917e21e030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  450.465353][ T7847] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f917d38d69f
[  450.465463][ T7847] RDX: 0000000000000001 RSI: 00007f917e21e0a0 RDI: 0000000000000004
[  450.465563][ T7847] RBP: 00007f917e21e090 R08: 0000000000000000 R09: 0000000000000000
[  450.465667][ T7847] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  450.465762][ T7847] R13: 00007f917d5b6038 R14: 00007f917d5b5fa0 R15: 00007ffc08245508
[  450.465915][ T7847]  </TASK>
[  451.066455][ T7867] loop3: detected capacity change from 0 to 128
[  451.158542][ T7867] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  451.228096][ T5808] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  451.249722][ T7869] loop2: detected capacity change from 0 to 512
[  451.433717][ T7869] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  451.443898][ T7869] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001)
[  451.454390][ T7869] FAT-fs (loop2): Filesystem has been set read-only
[  451.712444][ T7869] netlink: 'syz.2.587': attribute type 1 has an invalid length.
[  451.720635][ T7869] netlink: 'syz.2.587': attribute type 4 has an invalid length.
[  451.728805][ T7869] netlink: 212 bytes leftover after parsing attributes in process `syz.2.587'.
[  451.772358][ T7867] FAT-fs (loop3): FAT read failed (blocknr 128)
[  452.008284][ T7879] netlink: 'syz.4.590': attribute type 39 has an invalid length.
[  452.026498][ T7880] netlink: 'syz.0.589': attribute type 39 has an invalid length.
[  452.207900][ T5894] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  452.359801][ T7880] bridge_slave_0 (unregistering): left allmulticast mode
[  452.367275][ T7880] bridge_slave_0 (unregistering): left promiscuous mode
[  452.374794][ T7880] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.494200][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  452.506301][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  452.517123][ T5894] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  452.530229][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.627931][ T5894] usb 3-1: config 0 descriptor??
[  453.168622][ T5894] usbhid 3-1:0.0: can't add hid device: -71
[  453.175617][ T5894] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  453.234676][ T5894] usb 3-1: USB disconnect, device number 11
[  453.411962][ T7888] loop3: detected capacity change from 0 to 8
[  453.534173][ T7888] unable to read fragment index table
[  454.108157][ T7892] netlink: 8 bytes leftover after parsing attributes in process `syz.1.595'.
[  454.537512][ T7888] loop3: detected capacity change from 0 to 32768
[  454.554669][ T7888] bcachefs (/dev/loop3): error validating superblock: Bad sb offset (got 9, read from 8)
[  454.565915][ T7888] bcachefs: bch2_fs_get_tree() error: invalid_sb_offset
[  454.980662][ T7897] netlink: 156 bytes leftover after parsing attributes in process `syz.2.597'.
[  455.442911][ T7899] loop3: detected capacity change from 0 to 2048
[  455.645333][ T7906] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  455.729426][   T11] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  455.856244][ T7899] NILFS (loop3): bad btree root (ino=16): level = 164, flags = 0x1, nchildren = 1
[  455.927735][   T11] usb 1-1: Using ep0 maxpacket: 32
[  455.976040][ T7899] 9pnet_fd: Insufficient options for proto=fd
[  455.988419][   T11] usb 1-1: config 0 has an invalid interface number: 228 but max is 0
[  455.998126][   T11] usb 1-1: config 0 has no interface number 0
[  456.004465][   T11] usb 1-1: config 0 interface 228 has no altsetting 0
[  456.129903][ T7907] NILFS (loop3): bad btree root (ino=16): level = 164, flags = 0x1, nchildren = 1
[  456.158353][   T11] usb 1-1: New USB device found, idVendor=0547, idProduct=7303, bcdDevice=7d.df
[  456.168059][   T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.176562][   T11] usb 1-1: Product: syz
[  456.181615][   T11] usb 1-1: Manufacturer: syz
[  456.186442][   T11] usb 1-1: SerialNumber: syz
[  456.370407][   T11] usb 1-1: config 0 descriptor??
[  456.668738][   T11] gspca_main: dtcs033-2.14.0 probing 0547:7303
[  456.771868][   T11] usb 1-1: USB disconnect, device number 14
[  457.800709][   T30] audit: type=1326 audit(1755223240.226:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02ed58ebe9 code=0x7ffc0000
[  457.960984][   T30] audit: type=1326 audit(1755223240.266:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f02ed58ebe9 code=0x7ffc0000
[  457.984538][   T30] audit: type=1326 audit(1755223240.276:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02ed58ebe9 code=0x7ffc0000
[  458.007614][   T30] audit: type=1326 audit(1755223240.286:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f02ed58ebe9 code=0x7ffc0000
[  458.030230][   T30] audit: type=1326 audit(1755223240.286:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02ed58ebe9 code=0x7ffc0000
[  458.053135][   T30] audit: type=1326 audit(1755223240.286:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f02ed58ebe9 code=0x7ffc0000
[  458.080572][   T30] audit: type=1326 audit(1755223240.286:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02ed58ebe9 code=0x7ffc0000
[  458.105103][   T30] audit: type=1326 audit(1755223240.286:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f02ed58d550 code=0x7ffc0000
[  458.128190][   T30] audit: type=1326 audit(1755223240.296:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f02ed590417 code=0x7ffc0000
[  458.155406][   T30] audit: type=1326 audit(1755223240.296:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7920 comm="syz.1.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f02ed58ebe9 code=0x7ffc0000
[  458.302963][ T7925] netlink: 32 bytes leftover after parsing attributes in process `syz.2.608'.
[  458.313737][ T7925] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  458.321797][ T7925] batman_adv: batadv0: Removing interface: batadv_slave_0
[  458.511202][ T7925] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  458.519636][ T7925] batman_adv: batadv0: Removing interface: batadv_slave_1
[  458.872829][ T7931] netlink: 'syz.4.611': attribute type 1 has an invalid length.
[  459.110903][ T7931] 8021q: adding VLAN 0 to HW filter on device bond2
[  459.173764][ T7930] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  459.938331][ T7939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  459.948822][ T7939] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  460.090829][ T7940] netlink: 'syz.2.614': attribute type 5 has an invalid length.
[  460.178207][ T7935] loop0: detected capacity change from 0 to 32768
[  460.187306][ T5894] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  460.367468][ T7935] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  460.367626][ T7935]   allowing incompatible features above 0.0: (unknown version)
[  460.367734][ T7935]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  460.402208][ T5894] usb 4-1: Using ep0 maxpacket: 32
[  460.407547][ T7935] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  460.425700][ T7935] bcachefs (loop0): initializing new filesystem
[  460.449390][ T7935] bcachefs (loop0): going read-write
[  460.484199][ T7935] bcachefs (loop0): marking superblocks
[  460.549778][ T7935] bcachefs (loop0): initializing freespace
[  460.555077][ T5894] usb 4-1: config 0 has an invalid interface number: 50 but max is 0
[  460.565146][ T5894] usb 4-1: config 0 has no interface number 0
[  460.572218][ T5894] usb 4-1: too many endpoints for config 0 interface 50 altsetting 255: 255, using maximum allowed: 30
[  460.579529][ T7935] bcachefs (loop0): done initializing freespace
[  460.585324][ T5894] usb 4-1: config 0 interface 50 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  460.604314][ T5894] usb 4-1: config 0 interface 50 has no altsetting 0
[  460.604894][ T7935] bcachefs (loop0): reading snapshots table
[  460.622599][ T7935] bcachefs (loop0): reading snapshots done
[  460.812928][ T7935] bcachefs (loop0): done starting filesystem
[  460.963504][ T5894] usb 4-1: New USB device found, idVendor=0403, idProduct=bca2, bcdDevice=bf.71
[  460.973546][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=27
[  460.983046][ T5894] usb 4-1: SerialNumber: syz
[  461.004426][ T5894] usb 4-1: config 0 descriptor??
[  461.175974][ T7952] netlink: 12 bytes leftover after parsing attributes in process `syz.4.615'.
[  461.237485][ T7952] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  461.267848][ T5894] ftdi_sio 4-1:0.50: FTDI USB Serial Device converter detected
[  461.280114][ T5894] ftdi_sio ttyUSB0: unknown device type: 0xbf71
[  461.474845][ T5894] usb 4-1: USB disconnect, device number 22
[  461.484911][ T5894] ftdi_sio 4-1:0.50: device disconnected
[  461.664572][ T5808] bcachefs (loop0): shutting down
[  461.671511][ T5808] bcachefs (loop0): going read-only
[  461.685189][ T5808] bcachefs (loop0): finished waiting for writes to stop
[  461.738684][ T7955] netlink: 208 bytes leftover after parsing attributes in process `syz.2.616'.
[  461.777175][ T5808] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[  462.147522][ T5808] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 4
[  462.236276][ T5808] bcachefs (loop0): clean shutdown complete, journal seq 5
[  462.299590][ T5808] bcachefs (loop0): marking filesystem clean
[  462.486437][ T5808] bcachefs (loop0): shutdown complete
[  462.773472][ T7968] netlink: 36 bytes leftover after parsing attributes in process `syz.2.622'.
[  463.571018][ T7975] netlink: 14 bytes leftover after parsing attributes in process `syz.2.624'.
[  464.297179][ T7985] netlink: 'syz.3.629': attribute type 3 has an invalid length.
[  464.828850][ T7991] netlink: 208 bytes leftover after parsing attributes in process `syz.2.632'.
[  465.554134][ T8002] netlink: 12 bytes leftover after parsing attributes in process `syz.3.635'.
[  465.750917][ T8002] bridge2: port 1(veth0_to_bond) entered blocking state
[  465.758828][ T8002] bridge2: port 1(veth0_to_bond) entered disabled state
[  465.766620][ T8002] veth0_to_bond: entered allmulticast mode
[  465.778238][ T8002] veth0_to_bond: entered promiscuous mode
[  466.733934][ T8016] loop3: detected capacity change from 0 to 64
[  467.180843][ T8022] loop2: detected capacity change from 0 to 64
[  467.257246][ T5894] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  467.454696][ T8022] =====================================================
[  467.462716][ T8022] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120
[  467.472133][ T8022]  _copy_to_user+0xcc/0x120
[  467.481066][ T8022]  copy_siginfo_to_user+0x3f/0x140
[  467.486504][ T8022]  x64_setup_rt_frame+0x1392/0x2590
[  467.493234][ T8022]  arch_do_signal_or_restart+0x63c/0xbf0
[  467.499407][ T8022]  exit_to_user_mode_loop+0xec/0x330
[  467.504921][ T8022]  do_syscall_64+0x1e3/0x210
[  467.509984][ T8022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.514212][ T5894] usb 2-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51
[  467.516157][ T8022] 
[  467.516189][ T8022] Uninit was stored to memory at:
[  467.516395][ T8022]  __dequeue_signal+0x4d6/0x970
[  467.526539][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.528339][ T8022]  dequeue_signal+0x1c0/0x840
[  467.533295][ T5894] usb 2-1: Product: syz
[  467.538323][ T8022]  get_signal+0xbf8/0x2a20
[  467.538439][ T8022]  arch_do_signal_or_restart+0x53/0xbf0
[  467.546574][ T5894] usb 2-1: Manufacturer: syz
[  467.551625][ T8022]  exit_to_user_mode_loop+0xec/0x330
[  467.555713][ T5894] usb 2-1: SerialNumber: syz
[  467.560282][ T8022]  do_syscall_64+0x1e3/0x210
[  467.560442][ T8022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.560581][ T8022] 
[  467.560609][ T8022] Uninit was created at:
[  467.560826][ T8022]  kmem_cache_free+0x2a1/0xec0
[  467.560990][ T8022]  __sigqueue_free+0x23a/0x270
[  467.561181][ T8022]  __dequeue_signal+0x66b/0x970
[  467.561342][ T8022]  dequeue_signal+0x1c0/0x840
[  467.561494][ T8022]  get_signal+0xbf8/0x2a20
[  467.561602][ T8022]  arch_do_signal_or_restart+0x53/0xbf0
[  467.561789][ T8022]  exit_to_user_mode_loop+0xec/0x330
[  467.561931][ T8022]  do_syscall_64+0x1e3/0x210
[  467.600073][ T5168] udevd[5168]: worker [6242] terminated by signal 33 (Unknown signal 33)
[  467.601655][ T8022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.606484][ T5168] udevd[5168]: worker [6242] failed while handling '/devices/virtual/block/loop2'
[  467.611531][ T8022] 
[  467.611561][ T8022] Bytes 12-15 of 48 are uninitialized
[  467.611622][ T8022] Memory access of size 48 starts at ffff88812e307df0
[  467.611690][ T8022] Data copied to user address 00007f917e21d9f0
[  467.696620][ T8022] 
[  467.700174][ T8022] CPU: 0 UID: 0 PID: 8022 Comm: syz.2.643 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  467.712894][ T8022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  467.723319][ T8022] =====================================================
[  467.731093][ T8022] Disabling lock debugging due to kernel taint
[  467.737559][ T8022] Kernel panic - not syncing: kmsan.panic set ...
[  467.744180][ T8022] CPU: 0 UID: 0 PID: 8022 Comm: syz.2.643 Tainted: G    B               6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
[  467.757905][ T8022] Tainted: [B]=BAD_PAGE
[  467.762183][ T8022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  467.772422][ T8022] Call Trace:
[  467.776110][ T8022]  <TASK>
[  467.779343][ T8022]  __dump_stack+0x26/0x30
[  467.783906][ T8022]  dump_stack_lvl+0x53/0x270
[  467.788838][ T8022]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.794946][ T8022]  dump_stack+0x1e/0x25
[  467.799353][ T8022]  vpanic+0x361/0xc50
[  467.804129][ T8022]  panic+0x15d/0x160
[  467.808331][ T8022]  kmsan_report+0x31c/0x320
[  467.813323][ T8022]  ? copy_fpstate_to_sigframe+0x11c1/0x13d0
[  467.819588][ T8022]  ? kmsan_internal_check_memory+0x16c/0x230
[  467.826011][ T8022]  ? kmsan_copy_to_user+0xf1/0x190
[  467.831356][ T8022]  ? _copy_to_user+0xcc/0x120
[  467.836330][ T8022]  ? copy_siginfo_to_user+0x3f/0x140
[  467.841935][ T8022]  ? x64_setup_rt_frame+0x1392/0x2590
[  467.847594][ T8022]  ? arch_do_signal_or_restart+0x63c/0xbf0
[  467.853736][ T8022]  ? exit_to_user_mode_loop+0xec/0x330
[  467.859440][ T8022]  ? do_syscall_64+0x1e3/0x210
[  467.864437][ T8022]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.870818][ T8022]  ? stack_depot_save_flags+0x35/0x7b0
[  467.876711][ T8022]  ? kmsan_get_metadata+0xfb/0x160
[  467.882099][ T8022]  ? kmsan_internal_check_memory+0x9c/0x230
[  467.888293][ T8022]  ? copy_fpstate_to_sigframe+0x126f/0x13d0
[  467.894499][ T8022]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.900579][ T8022]  ? kmsan_get_metadata+0xfb/0x160
[  467.905932][ T8022]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.912121][ T8022]  kmsan_internal_check_memory+0x16c/0x230
[  467.918456][ T8022]  kmsan_copy_to_user+0xf1/0x190
[  467.923728][ T8022]  _copy_to_user+0xcc/0x120
[  467.928451][ T8022]  copy_siginfo_to_user+0x3f/0x140
[  467.933798][ T8022]  x64_setup_rt_frame+0x1392/0x2590
[  467.939478][ T8022]  arch_do_signal_or_restart+0x63c/0xbf0
[  467.945464][ T8022]  exit_to_user_mode_loop+0xec/0x330
[  467.951006][ T8022]  do_syscall_64+0x1e3/0x210
[  467.955845][ T8022]  ? irqentry_exit+0x16/0x60
[  467.960640][ T8022]  ? clear_bhb_loop+0x40/0x90
[  467.965884][ T8022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.972619][ T8022] RIP: 0033:0x7f917d39038a
[  467.977195][ T8022] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.997547][ T8022] RSP: 002b:00007f917e21de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  468.006307][ T8022] RAX: 0000000000000000 RBX: 00007f917e21def0 RCX: 00007f917d39038a
[  468.014462][ T8022] RDX: 0000200000000140 RSI: 00002000000008c0 RDI: 00007f917e21deb0
[  468.022702][ T8022] RBP: 0000200000000140 R08: 00007f917e21def0 R09: 0000000002810880
[  468.030882][ T8022] R10: 0000000002810880 R11: 0000000000000246 R12: 00002000000008c0
[  468.039131][ T8022] R13: 00007f917e21deb0 R14: 00000000000002d2 R15: 0000200000000000
[  468.047334][ T8022]  </TASK>
[  468.050755][ T8022] Kernel Offset: disabled
[  468.055159][ T8022] Rebooting in 86400 seconds..