last executing test programs:

7m27.737012975s ago: executing program 32 (id=23):
sendmsg$key(0xffffffffffffffff, 0x0, 0x80)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="070000000400000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x73)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x60, r3, 0xc, 0x70bd25, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x62}]}]}, 0x60}}, 0x4c0c0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000880)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r5, 0x1, 0x10, &(0x7f0000001280), 0x4)
sendmsg$inet(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000013c0)="d0", 0x1}], 0x1}, 0x20000801)
sendmsg(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)='x', 0x1}], 0x1}, 0x4)
recvmsg(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x10020)

7m14.324057916s ago: executing program 0 (id=52):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000200000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1"], 0x254}}, 0x0)

7m14.13979358s ago: executing program 0 (id=55):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000080)='./file2\x00', 0x1004800, &(0x7f0000000100)=ANY=[], 0x1, 0x6bb, &(0x7f00000018c0)="$eJzs3c1vXFfdB/DvHY8dT9ombpq0eR5VqtVIgIhI7FgpmA0BIWSkCqGyYG0lTmNlkhbHRW6FqMPrtov+Ad1kg1ghsWITqbBgA7vukJeVkNh0g1kNujN3XjJ+m+bF45TPJ7pzzj3nnnN/93fvnbfImgD/s5bOp34/RZbOv75Rrm/dW2hu3Vu41a0nOZZkM6knqSUp/t1qtT5OriRFb5piqNzhw9XFNz75bOvTzlq9Wtrb1/YbN6TabnOoebPbNptkoiofwQPzXX3k+Ype5FeSnKtKGLvJJK3WZFo9P/nrs72esvNkp2zsNnr68AIFnpii87pZvhjXBttnkuPVjV6+D+i+8tbGEuQIjo243fA7CAAAAHjajPIZ+OR2trNRnDiEcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOALYbP/+/9FtdS69dkU3d//n6raUtWPllc+3+b3n1QcAAAAAAAAAHCIXtnOdjZyorveKtr/5/9qe+V0+/GZvJM7WclaLmQjy1nPetYyn2RmYKKpjeX19bX5EUZe2nXkpQMCPVaVjcdz3AAAAAAAAADwBfOLLPX//x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6CIpnoFCnuDjTPpFZPMp1kqmzYTP7erT/N7o87AAAAADgEJ7eznY2c6K63ipxO8mL7O4DpvJPbWc9q1tPMSq61vxfofOqvbd1baG7dW7hVLjvn/fa/HlidPiCM9ozpfPew+57Ptrdo5HpW2y0XcjVvpZlrqbVHls5W8XRnHYrrbhlT8a3KiAm6VpXlkX9QlTu8P+Jk+xv+MqWx/xcsM+2MTPYyMlfFVmbj+e6Z2f0MDZ2dgwzvaT61XmCnh/Y0FPBD5fx4VZbH85u9cj4Ww5m4NHD1vbh/zpMv//H3P56r6kfnkEYzUZWt9mNjZyYWBjLx0iiZuNG8ffPG9Tvnn7ZM7DDXzsSZ3vpSvpcf5Xxm88OsZTU/zXLWs5LZfLddW65OfjFwe++RqSudYnK33S71E9fN+1R1hU5UrZ8nplfbY09kNT/IW7mWlbzW/ncp8/l6LudyFgfO8Jn9z3D7rq89cNf3XwFaz+2axnNfqSrl095vq3JXe3Y8KWVenx/I6+Bz7ky7b7Cln6VTB2epTMsDz41/2j+U+v9XlXIfvxw49+M3nIn5gUy8sF8muhfynebtm2s3lt8ebXenPhgY/usj9ZRaXi+nypOV7gnqXx1l3wvdvqF8lX2ne321HX1nen2dO3Vzzzt1qnoPt3OmS+2+l3btW2j3nR3o2+391sHv5gAYs+NfPT7V+Gfjb42PGr9q3Gi8Pv2dY9849vJUJv88+c363MSXai8Xf8hH+Xn/8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDw7rz73s3lZnNlbajSarXe36Or2TqZ7NH1cJXanmGUlfoBoe6oZPYfz5QDui2t9Lq6P2f2GIM/qPJ/zyajj6p+gSedlvrjzfMYK/9ptVpVS7HHNr/7y85EPTdS6qZGvzYOqExXV3jlSKSuqtQPeadjekICDs3F9VtvX7zz7ntfW721/ObKmyu3Fy9fXpxbvPzawsXrq82Vuc7juKMEnoT+i/64IwEAAAAAAAAAAABGNdrfA+SR/pxg3McIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPN2Wzqd+P0Xm5y7Mletb9xaa5dKt97esJ6klKX6WFB8nV9JZMjMwXbHXfj5cXXzjk8+2Pu3PVS75/tUDxo1ms1oym2SiU959XPNdrcp9FfsdQtE7wjJh57qJg3H7bwAAAP//EOj9JQ==")
r0 = creat(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x192)
write$cgroup_type(r0, &(0x7f0000000200), 0x175d9003)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x16, 0x0, 0x4, 0x7, 0x0, 0x1}, 0x50)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)={0x6, [0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000003c0)=0x1c)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000400)={r5, 0x0, 0x6, [0x9, 0x7, 0x6, 0x2, 0x6, 0x5]}, &(0x7f00000004c0)=0x14)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)={0x3c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x5}]}, @NL80211_ATTR_SCAN_SSIDS={0x14, 0x2d, 0x0, 0x1, [{0x4}, {0xa, 0x0, @default_ibss_ssid}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

7m13.722285623s ago: executing program 0 (id=57):
socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 32)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) (rerun: 32)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) (async, rerun: 64)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) (async, rerun: 64)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async, rerun: 64)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) (rerun: 64)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="a2", 0x1}], 0x1) (async)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r2 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0) (async, rerun: 64)
r3 = msgget(0x2, 0xc) (rerun: 64)
msgctl$IPC_RMID(r3, 0x0) (async)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000080)=<r4=>0xffffffffffffffff)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000040)={0x2}) (async)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r5, r5, 0x0, 0x200900) (async)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 32)
r6 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x2, 0x0, 0x5}) (async, rerun: 64)
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000040)=0x1) (rerun: 64)
poll(&(0x7f0000000080)=[{r6, 0x4004}], 0x1, 0x9)

7m13.283916558s ago: executing program 0 (id=59):
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./file0\x00', 0x882, &(0x7f0000020100)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b26209f1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc563b62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x1, 0x28e, &(0x7f0000000880)="$eJzs281qE1EYxvEn/YytbaLVaivii250M7TxCkJpQQwotRE/QJjaiYakScmESERsd269C6G4dCeIN9CNV+DCXTcuuxBHOolt0qZoBTv9+P82c8qZp5zD+85wFpn1B28XCznfyblVdcVMPVJcG1JSXepWQ6x57QrHfWq1ohsjma+X7z18dDudyUzPms2k526mzGz4yqcXr95f/VwdvP9h+GO/1pJP1r+nvq2Nro2t/5x7nvct71upXDXX5svlqjtf9Gwh7xccs7tFz/U9y5d8r9I2nyuWl5bq5pYWhgaWKp7vm1uqW8GrW7Vs1Urd3GduvmSO49jQgPAn2dXZWTcd9Srwf1UqaXdK0viumexqJAsCAACR6nD+X+H8fxTFYvvPcP4/CTbP/4+bz287zv8AAAAAAAAAAAAAAAAAAAAAABwFG0GQCIIg8fvaK4Vf+ATNv09JGpA0KOm0pCFJw5ISkpKSzkg6K2lE0jlJ5yWNSrog6aKksZb/FfVesdtB17836g2jzQHUv5/n//Di/X+ytXy4G5cW39SytWzj2phP55RXUZ4mlNCPsJZNfeF45lZmesJCSV1aXG7ml2vZ7vb8pBKbDbOd11Z+spG39nx/2Hdb+ZQSmw3WKZ/qmI/r+rWWvKOEvjxVWUUthD25nX89aTZ1J9OSj6uWHQ/vO+4c29Kxfo6z13wjv3d/aGd/7KhPj8Z7ot07JL/+suAWi16FAYPjMHinQ7GMoz+I+s2Eg7Bd9KhXAgAAAAAAAAAAAAAAAADYj3/9hWCw3Mj/zc1R7xEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJ1+BQAA//8m4VzP")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket(0x10, 0xa, 0x2)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
sendmsg$kcm(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1c00000022008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet6(0xa, 0x2, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r6, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
ptrace(0x10, r5)
r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
unshare(0x2c020400)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x170)
read$FUSE(r7, &(0x7f00000021c0)={0x2020}, 0x2020)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
fgetxattr(r8, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
prctl$PR_GET_TIMERSLACK(0x1e)
ftruncate(r0, 0x6000000)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x500)

7m12.389716758s ago: executing program 0 (id=61):
unshare(0x6a040000)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000ac0)=ANY=[@ANYBLOB="12011001c7af7320720c0d008f96010203010902"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a0000008d0000006c07010033d43afffe800000000000000000000000000010ff0200000000ff810000000000000001"], 0x340a)

7m11.951984782s ago: executing program 0 (id=62):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
syz_mount_image$exfat(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0x1000000, &(0x7f0000000840)=ANY=[@ANYBLOB="646d61736b3d30303030303030303030303030303030303030303030372c666d61736b3d30303030303030303030303030303030303030303030322c696f636861727365743d69736f383835392d31332c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646d61736b3d30303030303030303030303030303337313630373234312c696f636861727365743d63703933322c6572726f72733d72656d6f756e742d726f2c666d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303030362c696f636861727365743d63703836362c00ce0a5a71797b7256e90d2c78b433e66c4b4bc11d1f2c4d0cc1067826fa1a2c7e4d91d9b0179d604e463f435112f83befe3fe654c7636195294441b3602771ab07c8432acef3d5d173bdcde62c060457d460e95674bf5088b838b15ca8513626878d244b25d4f64d3c7eeeeeb484c2ffa3f8b4ad3ae9cb028b2b4d6e1aa1ec5406b99aa5b65ee0d12a169116f65688cbd61df820a0edfc5c40da44e70327aafebaa4a7c8bb964a37c5d89a99fb4fd0b149070fb825786654ff7ddcf75358ded9cd800000000a0c3328e6a138baad4bd205d6fb08d", @ANYRES16, @ANYBLOB="ebe050f9a6e26556b98b3a694ca1d9f8df1d1907a2607c94fad06b78ed9f520e602e86e81adc6386a9cd7f05df985b7d7649fbe21aac9ea3cd407d5b9c5b0b7ff5572dc06f5dc6fa7d1206852880bc490a27a1ec2e3d77acc8c7454c8cfc31b1cddd5727a3a7bb058f019d781f3174f03a4f699b28b8ee3491fe8da4a5d8b2431b5b560ae1638b532ebadbb95c3d0ecece79ca4492a146892118cd97d3a346c6e0eccede0661be772eb19221fdc8f58e6d741bd5212bb2a9b57a1666e4bb084eecf00117c99520a8", @ANYRESHEX, @ANYRESHEX], 0x1, 0x1517, &(0x7f00000046c0)="$eJzs3AnYjVXXOPC19t43D4mTZMpee92cZNgkSYaEDEmSJEmmhCRJkpBMmZKQhMxJ5pBMIZnneU6SV5IkISHJ/l+q7/W9X19fXd/b/+99/8/6XdfNXs991jrrPut5zrnPfT3n+brdwEp1KpevxczwT8Ff/usKACkA0AcAMgFABADFMhfLfGl/Oo1d/7k7EX+tB6dc6Q7ElSTzT91k/qmbzD91k/mnbjL/1E3mn7rJ/FM3mb8QqdmWqTmukS31bn/++r/7n3fL9f9/Q/L6//+tP/WTJvNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2RW79qwB4F/g+vef2P7+WP16iftK9/M7W/S/yrty33lCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIVKTc+EyAwD/sb7SfQkhhBBCCCGEEOKvE9Je6Q6EEEIIIYQQQgjxfx8CGA0GIkgDaSEF0kF6uAoywNWQETJBAq6BzHAtZIHrICtkg+yQA3KGTJALLBA4YIghN+SBJNwAeeFGyAf5oQAUBA+FoDDcBEXgZigKt0AxmLUA4DYoASWhFJSG26EM3AFloRyUhzuhAlSESlAZ7oIqcDdUhXugGtwL1eE+qAH3Q014AGrBg1AbHoI68DDUhUegHtSHBtAQGv2v8l+ATvAidIYu0BW6QXd4CXpAT+gFvaEPvAx94RXoB69CfxgAA+E1GASvw2B4A4bAUBgGb8JwGAEjYRSMhjEwFt6CcfA2jId3YAJMhEkwGabAVJgG78J0mAEz4T2YBe/DbJgDc2EezIcPYAEshEXwISyGj2AJLIVlsBxWwEpYBathDZ6AdbAeNsBG2ASbYQtshW2wHXbATtgFu8vtgY9hL3wC++BT2A+f/TYf1v4P+WfhH/PbIyCgQoUGDabBNJiCKZge02MGzIAZMSMmMIGZMTNmwSyYFbNidsyOOTEn5sJcSEjIyJgbc2MSk5gX82I+zIcFsAB69FgYC2MRvBmLYlEshsWwOBbHElgSS2JpLI1lsAyWxbJY/rY5AFgBK2ElvAvvwruxKlbFalgNq2N1rIE1sCbWxFpYC2tjbayDdbAu1sV6WA8bYANshI2wMTbGJtgEm2EzbI7NsQW2wJbYElthK2yNrbENtsG22BbbYTtsjx2wA76AL+CL+CJ2wQqqG3bH7tgDe2Av7I298WXsi6/gK/gq9scBOBBfw9fwdRyMZ3AIDsVhOAzLqBE4EkchqzE4FsfiOByH43E8TsCJOBEn4xScitNwGk7HGTgD38NZ+D6+j3NwDs7D+TgfF+BCXISLcDGexSW4FJfhclyBK3EFrsY1uBrX4XpchxtxI27GzbgVt+J23I47cSfuxt34MX6Mn+An2B/34348gAfwIB7EQ3gID+NhPIJHtl4FgMfwGB7H43gCT+IpPImn8TSewbN4Ds/heTyPF/C5nF/W3p1/bX9QlxhlVBqVRqWoFJVepVcZVAaVUWVUCZVQmVVmlUVlUVlVVpVdZVc5VU6VS+VSpEixilVulVslVVLlVXlVPpVPFVAFlFdeFVaFVRFVRBVVRVUxdasqrm5TJVRJ1dSXVqVVGdXMl1XlVHlVXlVQFVUlVVlVVlVUFVVVVVXVVDVVXVVXNdT9qqbqhr3wQXVpMnXUAKyrBmI9VV81UA3V6/ioaqwGYxPVVDVTj6uhOARbqMa+pXpKtVIjsbV6Ro3CZ1VbNQbbqedVe9VBdVQvqE6qie+suqgJ2E11V5Oxh+qpeqneajpWVJcmVkm9qvqrAWqgek3Nw9fVYPWGGqKGqmHqTTVcjVAj1Sg1Wo1RY9Vbapx6W41X76gJaqKapCarKWqqmqbeVdPVDDVTvadmqffVbDVHzVXz1Hz1gVqgFqpF6kO1WH2klqilaplarlaolWqVWq3WqLVqnVqvNqiNapParLaorWqb2q52qJ1ql9qt9qiP1V71idqnPlX71WfqgPqbOqg+V4fUF+qw+lIdUV+po+prdUx9o46rLuqEOqlOqe/UafW9OqPOqnPqB3Ve/aguqJ/URRUUaNRKa210pNPotDpFp9Pp9VU6g75aZ9SZdEJfozPra3UWfZ3OqrPp7DqHzqmv17m01aSdZh3r3DqPTuobdF59o86n8+sCuqD2upAurG/SRfTNuqi+RRfTt+ri+jZdQpfUpXRpfbsuo+/QZXU5XV7fqSvoirqSrqzv0lX03bqqvkdX0/fq6vo+XUPfr2vqB3Qt/aCurR/SdfTDuq5+RNfT9XUD3VA30o/qxvox3UQ31c3047q5fkK30E/qlvop3Uo/rVvrZ3Qb/axuq5/T7fTzur3uoDvqn/RFHXRn3UV31d2i7vol3UP31L10b91Hv6z76ld0P/2q7q8H6IH6NT1Iv64H6zf0ED1UD9Nv6uF6hB6pR+nReoweq9/S4/Tberx+R0/QE/UkPVlP0VN1r18rzfwT+W//N/n9fr73zXqL3qq36e16h96pd+ndeo/eo/fqvXqf3qf36/36gD6gD+qD+pA+pA/rw/qIPqKP6qP6mD6mj+vj+oQ+qX/Q3+nT+nt9Rp/VZ/UP+rw+ry/8+hiAQaOMNsZEJo1Ja1JMOpPeXGUymKtNRpPJJMw1JrO51mQx15msJpvJbnKYnOZ6k8tYQ8YZNrHJbfKYpLnB5DU3mnwmvylgChpvCpnC5qZ/Ov93+ls+6ZeTl9AFwDQ2jU0T08Q0M81Mc9PctDAtTEvT0rQyrUxr09q0MW1MW9PWtDPtTHvT3nQ0HU0n08l0RjBdTVfT3bxkepieppfpbfqYl01f09f0M/1Mf9PfDDQDzSAzyAw2g80QM8QYABhuhpuRZqQZbUabsWasGWfGmfFmvJlgJphJZpKZYqaYaWaamW6mm5lmppllZpnZZraZa+aa+Wa+WWAWmEVmkVlsFpslZqlZapab5WalWWlWm9VmrVlr1pv1ZqPZaJaYLWaL2Wa2mR1mh9lldpk9Zo/Za/aafWaf2W/2mwPmgDloDppD5pA5bA6bI+aIOWqOmmPmmDlujpsT5oQ5ZU6Z0+a0OWPOmHPmnDlvzpsL5oK5aC5eOu2LVKQiE5koTZQmSolSovRR+ihDlCHKGGWMElEiyhxljrJE10VZo2xR9ihHlDO6PsoV2YgiF3EUR7mjPFEyuiHKG90Y5YvyRwWigpGPCkWFo5uiItHNUdHolqhYdGtUPLotKhGVjEpFpaPbozLRHVHZqFxUProzqhBVjCpFlaO7oirR3VHV6J6oWnRvVD26L6oR3R/VjB6IakUPRrWjh6I60cNR3eiRqF5UP2oQNYwa/aX1QziT7THf2XaxaaGb7W5fsj1sT9vL9rZ97Mu2r33F9rOv2v52gB1oX7OD7Ot2sH3DDrFD7TD7ph1uR9iRdpQdbcfYsfYtO86+bcfbd+wEO9FOspPtFDvVTrPv2ul2hp1p37Oz7Pt2tp1j59p5dr79wC6wC+0i+6FdbD+yS+xSu8wutyvsSrvKrrZr7Fq7zq63G+xGu8lutlvsVrvNbrc77E67y+62e+zHdq/9xO6zn9r99jN7wKb8en7/hT1sv7RH7Ff2qP3aHrPf2OP2W3vCnrSn7Hf2tP3enrFn7Tn7gz1vf7QX7E/2og2XTu4vvbyTIUNpKA2lUAqlp/SUgTJQRspICUpQZspMWSgLZaWslJ2yU07KSbkoF13CxJSbclOSkpSX8lI+ykcFqAB58lSYClMRKkJFqSgVo2JUnIpTCSpBpagU3U630x10B5WjcnQn3UkVqSJVpspUhapQVapK1agaVafqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB41oAbUiBpRY2pMTagJNaNm1JyaUwtqQS2pJbWiVtSaWlMbakNtqS21o3bUntpTR+pInagTdabO1JW6UnfqTj2oB/WiXtSH+lBf6kv9qB/1p/40kAbSIBpEg2kwDaGhNIzepOE0gkbSKBpNY2gsjaVxNI7G03iaQBNoEk2iKTSFptE0mk7TaSbNpFk0i2bTbJpLc2k+zacFtIAW0SJaTItpCS2hZbSMVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI120A7aRbtoD+2hvbSX9tE+2k/76QAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+giBUpx6Vx6d5XL4K52GV0m91/j7C6Hy+mud7mcdVldtn+IyTmXz+V3BVxB510hV9jd9Ju4hCvpSrnS7nZXxt3hyv4mrrJmxy+/iO7udZXdXa6Ku9tVdfe4au5eV93d52q4h11N94ir5eq72q6hq+MednXdI66eq+8auIauuXvCtXBPupbuKdfKPf2beIFb6Na4tW6dW+/2uk/cOfeDO+q+dufdj66z6+L6uJddX/eK6+dedf3dgN/Ew9ybbrgb4Ua6UW60G/ObeJKb7Ka4qW6ae9dNdzN+E893H7hZbpGb7ea4uW7ez/Glnha5D91i95Fb4pa6ZW65W+FWulVu9d97Xe42uk1us9vjPnbb3Ha3w+10u9zun+NLx7HPfer2u8/cEfeVO+g+d4fcMXfYfflzfOn4jrlv3HH3rTvhTrpT7jt32n3vzrizPx//pWP/zv3kLrrggJEVazYccRpOyymcjtPzVZyBr+aMnIkTfA1n5ms5C1/HWTkbZ+ccnJOv51xsmdgxc8y5OQ8n+QbOyzdyPs7PBbggey7EhfkmLsI3c1G+hYvxrVycb+MSXJJLcWm+ncvwHVyWy3F5vpMrcEWuxJX5Lq7Cd3NVvoer8b1cne/jGnw/1+QHuBY/yLX5Ia7DD3NdfoTrcX1uwA25ET/KjfkxbsJNuRk/zs35CW7BT3JLfopb8dPcmp/hNvwst+XnuB0/z+25A3fkF7gTv8iduQt35W7cHYF7cE/uxb25D7/MffkV7sevcn8ewAP5NR7Er/NgfoOH8FAexm/ycB7BI3kUj+YxPJbf4nH8No/nd3gCT+RJPJmn8FSexu/ydJ7BM/k9nsXv82yew3N5Hs/nD3gBL+RF/CEv5o94CS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VtvJ2Rd/KuS0/z/DHv5U94H3/K+/kzPsB/44P8OR/iL/gwf8lH+Cs+yl/zMf6Gj/O3fIJP8in+jk/z93yGz/I5/oHP8498gX/iixwYYoxVrGMTR3GaOG2cEqeL08dXxRniq+OMcaY4EV8TZ46vjbPE18VZ42xx9jhHnDO+Ps4V25hiF3Mcx7njPHEyviHOG98Y54vzxwXigrGPC8WF45viIvHNcdH4lrhYfGtcPL4tLhGXjB++t3R8e1wmviMuG5eLy8d3xhXiinGluHJ8V1wlvjuuGt8TV4vvjYvG98U14vvjmvEDca34wbh2/FBcJ344rhs/EteL68cN4oZxo/jRuHH8WNwkbho3ix+Pm8dPxC3iJ+OW8VNxq/jpP9zfNe4Wd49fil+KQ7hHz03OS85PfpBckFyYXJT8MLk4+VFySXJpcllyeXJFcmVyVXJ1ck1ybXJdcn1yQ3JjclNyczKEymnBo1dee+Mjn8an9Sk+nU/vr/IZ/NU+o8/kE/4an9lf67P463xWn81n9zl8Tn+9z+WtJ+88+9jn9nl80t/g8/obfT6f3xfwBb33hXxh39A38o18Y/+Yb+Kb+gge94/7J/wT/kn/pH/Kt/JP+9b+Gd/GP+vb+uf8c/5539538B39C76Tf9F39l18V9/Vd/fdfQ/fw/fyvXwf38f39X19P9/P9/f9/UA/0A/yg/xgP9gP8UP8MD/MD/fD/Ug/0o/2o/1YP9aP8+P8eD/eT/AT/CQ/yU/xU/w0P81P99P9TD/Tz8o3y8/2s/1cP9fP9/P9Ar/AL/KL/GK/2C/xS/wyv8yv8Cv8Kr/Kr/Fr/Dq/zm/wG/wmv8lv8Vv8Nr/N7/A7/C6/y+/xe/xev9fv8/v8fr/fH/AHzgV/0B/yX/jD/kt/xH/lj/qv/TH/jT/uv/Un/El/yn/nT/vv/Rl/1p/zP/jz/kd/wf/kL/rgxybeSoxLvJ0Yn3gnMSExMTEpMTkxJTE1MS3xbmJ6YkZiZuK9xKzE+4nZiTmJuYl5ifmJDxILEgsTixIfJhYnPkosSSxNLEssT6xIrEyEcP22OOQOeUIy3BDyhhtDvpA/FAgFgw+FQuFwUygSbg5Fwy2hWLg1FA+3hRKhZCgVHgn1Qv3QIDQMjcKjoXF4LDQJTUOz8HhoHp4ILcKToWV4KrQKT4fW4ZnQJjwb2obnQrvwfGgfOoSO4YXQKbwYOgcduoZuoXt4KfQIPUOv0Dv0CS+HvuGV0C+8GvqHAWFgeC0MCq+HweGNMCQMDcPCm2F4GBFGhlFhdBgTxoa3wrjwdhgf3gkTwsQwKUwOU8LUMC28G6aHGWFmeC/MCu+H2WFOmBvmhfnhg7AgLAyLwodhcfgoLAlLw7KwPEDKyrAqrA5rwtqwLqwPG8LGsClsDlvC1rAtbA87ws6wK+wOe8LHYW/4JOwLn4b94bNwIPwtHAyfh0Phi3A4fBmOhK/C0fB1OBa+CcfDt+FEOBlOhe/C6fB9OBPOhnPhh3A+/BguhJ/CRfnMmhBCCCHEn6L/YH+3f4jU3/9Vv36lOwBcvT3H4f9ac0PWX9Y9Vc7mCQB4qku7B/9jq1Cha9euv952iYYozxwASFzOTwOX46XQDJ6AltAUivy3/fVUHc7zH9RP3gqQ/j/lpMDl+HL9m3+n/ohZf1h/DkC+PJdz0sHl+HL9or+pHf1cP1vjP6if7vOxAE3+U14GuBxfrl8YHoOnoeU/3FIIIYQQQgghhPhFT1WqzR+9v730/jynuZyTFn6JzZ94fw6/fMJACCGEEEIIIYQQV9CzHTo++WjLlk3b/M6i3O/vkkVqWaT512jj334B8C/Rxp9bXOlnJiGEEEIIIcRf7fJJ/5XuRAghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESL3+X/w5sSt9jEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIcSV9n8CAAD//yldK4M=")
mount$nfs(&(0x7f0000000000)='\xb2\x83\x87J9I\xc3i\xe4\xc0\xc1\xb8\xffW/\"\t\xccLD\x9d+\xe2\xa3c\xd0\x9d\xb1\xc8\\\xdf\x9aih\xd8\xc7\x90v\x8b\x82\x94\xa4\xdd\x98\xb8\rQh#\x05dl\x01\x8cC\x1f|\xa5\xcb>\xf2\xd6\t\xf4IE\xcb\x15', &(0x7f0000000240)='./file0\x00', 0x0, 0x6e1088, 0x0)
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fcntl$addseals(r0, 0x409, 0xd)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x7d}, @printk={@ld}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [{@measure}, {@appraise}]}})

7m11.33609687s ago: executing program 33 (id=62):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
syz_mount_image$exfat(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0x1000000, &(0x7f0000000840)=ANY=[@ANYBLOB="646d61736b3d30303030303030303030303030303030303030303030372c666d61736b3d30303030303030303030303030303030303030303030322c696f636861727365743d69736f383835392d31332c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646d61736b3d30303030303030303030303030303337313630373234312c696f636861727365743d63703933322c6572726f72733d72656d6f756e742d726f2c666d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303030362c696f636861727365743d63703836362c00ce0a5a71797b7256e90d2c78b433e66c4b4bc11d1f2c4d0cc1067826fa1a2c7e4d91d9b0179d604e463f435112f83befe3fe654c7636195294441b3602771ab07c8432acef3d5d173bdcde62c060457d460e95674bf5088b838b15ca8513626878d244b25d4f64d3c7eeeeeb484c2ffa3f8b4ad3ae9cb028b2b4d6e1aa1ec5406b99aa5b65ee0d12a169116f65688cbd61df820a0edfc5c40da44e70327aafebaa4a7c8bb964a37c5d89a99fb4fd0b149070fb825786654ff7ddcf75358ded9cd800000000a0c3328e6a138baad4bd205d6fb08d", @ANYRES16, @ANYBLOB="ebe050f9a6e26556b98b3a694ca1d9f8df1d1907a2607c94fad06b78ed9f520e602e86e81adc6386a9cd7f05df985b7d7649fbe21aac9ea3cd407d5b9c5b0b7ff5572dc06f5dc6fa7d1206852880bc490a27a1ec2e3d77acc8c7454c8cfc31b1cddd5727a3a7bb058f019d781f3174f03a4f699b28b8ee3491fe8da4a5d8b2431b5b560ae1638b532ebadbb95c3d0ecece79ca4492a146892118cd97d3a346c6e0eccede0661be772eb19221fdc8f58e6d741bd5212bb2a9b57a1666e4bb084eecf00117c99520a8", @ANYRESHEX, @ANYRESHEX], 0x1, 0x1517, &(0x7f00000046c0)="$eJzs3AnYjVXXOPC19t43D4mTZMpee92cZNgkSYaEDEmSJEmmhCRJkpBMmZKQhMxJ5pBMIZnneU6SV5IkISHJ/l+q7/W9X19fXd/b/+99/8/6XdfNXs991jrrPut5zrnPfT3n+brdwEp1KpevxczwT8Ff/usKACkA0AcAMgFABADFMhfLfGl/Oo1d/7k7EX+tB6dc6Q7ElSTzT91k/qmbzD91k/mnbjL/1E3mn7rJ/FM3mb8QqdmWqTmukS31bn/++r/7n3fL9f9/Q/L6//+tP/WTJvNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2RW79qwB4F/g+vef2P7+WP16iftK9/M7W/S/yrty33lCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIVKTc+EyAwD/sb7SfQkhhBBCCCGEEOKvE9Je6Q6EEEIIIYQQQgjxfx8CGA0GIkgDaSEF0kF6uAoywNWQETJBAq6BzHAtZIHrICtkg+yQA3KGTJALLBA4YIghN+SBJNwAeeFGyAf5oQAUBA+FoDDcBEXgZigKt0AxmLUA4DYoASWhFJSG26EM3AFloRyUhzuhAlSESlAZ7oIqcDdUhXugGtwL1eE+qAH3Q014AGrBg1AbHoI68DDUhUegHtSHBtAQGv2v8l+ATvAidIYu0BW6QXd4CXpAT+gFvaEPvAx94RXoB69CfxgAA+E1GASvw2B4A4bAUBgGb8JwGAEjYRSMhjEwFt6CcfA2jId3YAJMhEkwGabAVJgG78J0mAEz4T2YBe/DbJgDc2EezIcPYAEshEXwISyGj2AJLIVlsBxWwEpYBathDZ6AdbAeNsBG2ASbYQtshW2wHXbATtgFu8vtgY9hL3wC++BT2A+f/TYf1v4P+WfhH/PbIyCgQoUGDabBNJiCKZge02MGzIAZMSMmMIGZMTNmwSyYFbNidsyOOTEn5sJcSEjIyJgbc2MSk5gX82I+zIcFsAB69FgYC2MRvBmLYlEshsWwOBbHElgSS2JpLI1lsAyWxbJY/rY5AFgBK2ElvAvvwruxKlbFalgNq2N1rIE1sCbWxFpYC2tjbayDdbAu1sV6WA8bYANshI2wMTbGJtgEm2EzbI7NsQW2wJbYElthK2yNrbENtsG22BbbYTtsjx2wA76AL+CL+CJ2wQqqG3bH7tgDe2Av7I298WXsi6/gK/gq9scBOBBfw9fwdRyMZ3AIDsVhOAzLqBE4EkchqzE4FsfiOByH43E8TsCJOBEn4xScitNwGk7HGTgD38NZ+D6+j3NwDs7D+TgfF+BCXISLcDGexSW4FJfhclyBK3EFrsY1uBrX4XpchxtxI27GzbgVt+J23I47cSfuxt34MX6Mn+An2B/34348gAfwIB7EQ3gID+NhPIJHtl4FgMfwGB7H43gCT+IpPImn8TSewbN4Ds/heTyPF/C5nF/W3p1/bX9QlxhlVBqVRqWoFJVepVcZVAaVUWVUCZVQmVVmlUVlUVlVVpVdZVc5VU6VS+VSpEixilVulVslVVLlVXlVPpVPFVAFlFdeFVaFVRFVRBVVRVUxdasqrm5TJVRJ1dSXVqVVGdXMl1XlVHlVXlVQFVUlVVlVVlVUFVVVVVXVVDVVXVVXNdT9qqbqhr3wQXVpMnXUAKyrBmI9VV81UA3V6/ioaqwGYxPVVDVTj6uhOARbqMa+pXpKtVIjsbV6Ro3CZ1VbNQbbqedVe9VBdVQvqE6qie+suqgJ2E11V5Oxh+qpeqneajpWVJcmVkm9qvqrAWqgek3Nw9fVYPWGGqKGqmHqTTVcjVAj1Sg1Wo1RY9Vbapx6W41X76gJaqKapCarKWqqmqbeVdPVDDVTvadmqffVbDVHzVXz1Hz1gVqgFqpF6kO1WH2klqilaplarlaolWqVWq3WqLVqnVqvNqiNapParLaorWqb2q52qJ1ql9qt9qiP1V71idqnPlX71WfqgPqbOqg+V4fUF+qw+lIdUV+po+prdUx9o46rLuqEOqlOqe/UafW9OqPOqnPqB3Ve/aguqJ/URRUUaNRKa210pNPotDpFp9Pp9VU6g75aZ9SZdEJfozPra3UWfZ3OqrPp7DqHzqmv17m01aSdZh3r3DqPTuobdF59o86n8+sCuqD2upAurG/SRfTNuqi+RRfTt+ri+jZdQpfUpXRpfbsuo+/QZXU5XV7fqSvoirqSrqzv0lX03bqqvkdX0/fq6vo+XUPfr2vqB3Qt/aCurR/SdfTDuq5+RNfT9XUD3VA30o/qxvox3UQ31c3047q5fkK30E/qlvop3Uo/rVvrZ3Qb/axuq5/T7fTzur3uoDvqn/RFHXRn3UV31d2i7vol3UP31L10b91Hv6z76ld0P/2q7q8H6IH6NT1Iv64H6zf0ED1UD9Nv6uF6hB6pR+nReoweq9/S4/Tberx+R0/QE/UkPVlP0VN1r18rzfwT+W//N/n9fr73zXqL3qq36e16h96pd+ndeo/eo/fqvXqf3qf36/36gD6gD+qD+pA+pA/rw/qIPqKP6qP6mD6mj+vj+oQ+qX/Q3+nT+nt9Rp/VZ/UP+rw+ry/8+hiAQaOMNsZEJo1Ja1JMOpPeXGUymKtNRpPJJMw1JrO51mQx15msJpvJbnKYnOZ6k8tYQ8YZNrHJbfKYpLnB5DU3mnwmvylgChpvCpnC5qZ/Ov93+ls+6ZeTl9AFwDQ2jU0T08Q0M81Mc9PctDAtTEvT0rQyrUxr09q0MW1MW9PWtDPtTHvT3nQ0HU0n08l0RjBdTVfT3bxkepieppfpbfqYl01f09f0M/1Mf9PfDDQDzSAzyAw2g80QM8QYABhuhpuRZqQZbUabsWasGWfGmfFmvJlgJphJZpKZYqaYaWaamW6mm5lmppllZpnZZraZa+aa+Wa+WWAWmEVmkVlsFpslZqlZapab5WalWWlWm9VmrVlr1pv1ZqPZaJaYLWaL2Wa2mR1mh9lldpk9Zo/Za/aafWaf2W/2mwPmgDloDppD5pA5bA6bI+aIOWqOmmPmmDlujpsT5oQ5ZU6Z0+a0OWPOmHPmnDlvzpsL5oK5aC5eOu2LVKQiE5koTZQmSolSovRR+ihDlCHKGGWMElEiyhxljrJE10VZo2xR9ihHlDO6PsoV2YgiF3EUR7mjPFEyuiHKG90Y5YvyRwWigpGPCkWFo5uiItHNUdHolqhYdGtUPLotKhGVjEpFpaPbozLRHVHZqFxUProzqhBVjCpFlaO7oirR3VHV6J6oWnRvVD26L6oR3R/VjB6IakUPRrWjh6I60cNR3eiRqF5UP2oQNYwa/aX1QziT7THf2XaxaaGb7W5fsj1sT9vL9rZ97Mu2r33F9rOv2v52gB1oX7OD7Ot2sH3DDrFD7TD7ph1uR9iRdpQdbcfYsfYtO86+bcfbd+wEO9FOspPtFDvVTrPv2ul2hp1p37Oz7Pt2tp1j59p5dr79wC6wC+0i+6FdbD+yS+xSu8wutyvsSrvKrrZr7Fq7zq63G+xGu8lutlvsVrvNbrc77E67y+62e+zHdq/9xO6zn9r99jN7wKb8en7/hT1sv7RH7Ff2qP3aHrPf2OP2W3vCnrSn7Hf2tP3enrFn7Tn7gz1vf7QX7E/2og2XTu4vvbyTIUNpKA2lUAqlp/SUgTJQRspICUpQZspMWSgLZaWslJ2yU07KSbkoF13CxJSbclOSkpSX8lI+ykcFqAB58lSYClMRKkJFqSgVo2JUnIpTCSpBpagU3U630x10B5WjcnQn3UkVqSJVpspUhapQVapK1agaVafqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB41oAbUiBpRY2pMTagJNaNm1JyaUwtqQS2pJbWiVtSaWlMbakNtqS21o3bUntpTR+pInagTdabO1JW6UnfqTj2oB/WiXtSH+lBf6kv9qB/1p/40kAbSIBpEg2kwDaGhNIzepOE0gkbSKBpNY2gsjaVxNI7G03iaQBNoEk2iKTSFptE0mk7TaSbNpFk0i2bTbJpLc2k+zacFtIAW0SJaTItpCS2hZbSMVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI120A7aRbtoD+2hvbSX9tE+2k/76QAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+giBUpx6Vx6d5XL4K52GV0m91/j7C6Hy+mud7mcdVldtn+IyTmXz+V3BVxB510hV9jd9Ju4hCvpSrnS7nZXxt3hyv4mrrJmxy+/iO7udZXdXa6Ku9tVdfe4au5eV93d52q4h11N94ir5eq72q6hq+MednXdI66eq+8auIauuXvCtXBPupbuKdfKPf2beIFb6Na4tW6dW+/2uk/cOfeDO+q+dufdj66z6+L6uJddX/eK6+dedf3dgN/Ew9ybbrgb4Ua6UW60G/ObeJKb7Ka4qW6ae9dNdzN+E893H7hZbpGb7ea4uW7ez/Glnha5D91i95Fb4pa6ZW65W+FWulVu9d97Xe42uk1us9vjPnbb3Ha3w+10u9zun+NLx7HPfer2u8/cEfeVO+g+d4fcMXfYfflzfOn4jrlv3HH3rTvhTrpT7jt32n3vzrizPx//pWP/zv3kLrrggJEVazYccRpOyymcjtPzVZyBr+aMnIkTfA1n5ms5C1/HWTkbZ+ccnJOv51xsmdgxc8y5OQ8n+QbOyzdyPs7PBbggey7EhfkmLsI3c1G+hYvxrVycb+MSXJJLcWm+ncvwHVyWy3F5vpMrcEWuxJX5Lq7Cd3NVvoer8b1cne/jGnw/1+QHuBY/yLX5Ia7DD3NdfoTrcX1uwA25ET/KjfkxbsJNuRk/zs35CW7BT3JLfopb8dPcmp/hNvwst+XnuB0/z+25A3fkF7gTv8iduQt35W7cHYF7cE/uxb25D7/MffkV7sevcn8ewAP5NR7Er/NgfoOH8FAexm/ycB7BI3kUj+YxPJbf4nH8No/nd3gCT+RJPJmn8FSexu/ydJ7BM/k9nsXv82yew3N5Hs/nD3gBL+RF/CEv5o94CS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VtvJ2Rd/KuS0/z/DHv5U94H3/K+/kzPsB/44P8OR/iL/gwf8lH+Cs+yl/zMf6Gj/O3fIJP8in+jk/z93yGz/I5/oHP8498gX/iixwYYoxVrGMTR3GaOG2cEqeL08dXxRniq+OMcaY4EV8TZ46vjbPE18VZ42xx9jhHnDO+Ps4V25hiF3Mcx7njPHEyviHOG98Y54vzxwXigrGPC8WF45viIvHNcdH4lrhYfGtcPL4tLhGXjB++t3R8e1wmviMuG5eLy8d3xhXiinGluHJ8V1wlvjuuGt8TV4vvjYvG98U14vvjmvEDca34wbh2/FBcJ344rhs/EteL68cN4oZxo/jRuHH8WNwkbho3ix+Pm8dPxC3iJ+OW8VNxq/jpP9zfNe4Wd49fil+KQ7hHz03OS85PfpBckFyYXJT8MLk4+VFySXJpcllyeXJFcmVyVXJ1ck1ybXJdcn1yQ3JjclNyczKEymnBo1dee+Mjn8an9Sk+nU/vr/IZ/NU+o8/kE/4an9lf67P463xWn81n9zl8Tn+9z+WtJ+88+9jn9nl80t/g8/obfT6f3xfwBb33hXxh39A38o18Y/+Yb+Kb+gge94/7J/wT/kn/pH/Kt/JP+9b+Gd/GP+vb+uf8c/5539538B39C76Tf9F39l18V9/Vd/fdfQ/fw/fyvXwf38f39X19P9/P9/f9/UA/0A/yg/xgP9gP8UP8MD/MD/fD/Ug/0o/2o/1YP9aP8+P8eD/eT/AT/CQ/yU/xU/w0P81P99P9TD/Tz8o3y8/2s/1cP9fP9/P9Ar/AL/KL/GK/2C/xS/wyv8yv8Cv8Kr/Kr/Fr/Dq/zm/wG/wmv8lv8Vv8Nr/N7/A7/C6/y+/xe/xev9fv8/v8fr/fH/AHzgV/0B/yX/jD/kt/xH/lj/qv/TH/jT/uv/Un/El/yn/nT/vv/Rl/1p/zP/jz/kd/wf/kL/rgxybeSoxLvJ0Yn3gnMSExMTEpMTkxJTE1MS3xbmJ6YkZiZuK9xKzE+4nZiTmJuYl5ifmJDxILEgsTixIfJhYnPkosSSxNLEssT6xIrEyEcP22OOQOeUIy3BDyhhtDvpA/FAgFgw+FQuFwUygSbg5Fwy2hWLg1FA+3hRKhZCgVHgn1Qv3QIDQMjcKjoXF4LDQJTUOz8HhoHp4ILcKToWV4KrQKT4fW4ZnQJjwb2obnQrvwfGgfOoSO4YXQKbwYOgcduoZuoXt4KfQIPUOv0Dv0CS+HvuGV0C+8GvqHAWFgeC0MCq+HweGNMCQMDcPCm2F4GBFGhlFhdBgTxoa3wrjwdhgf3gkTwsQwKUwOU8LUMC28G6aHGWFmeC/MCu+H2WFOmBvmhfnhg7AgLAyLwodhcfgoLAlLw7KwPEDKyrAqrA5rwtqwLqwPG8LGsClsDlvC1rAtbA87ws6wK+wOe8LHYW/4JOwLn4b94bNwIPwtHAyfh0Phi3A4fBmOhK/C0fB1OBa+CcfDt+FEOBlOhe/C6fB9OBPOhnPhh3A+/BguhJ/CRfnMmhBCCCHEn6L/YH+3f4jU3/9Vv36lOwBcvT3H4f9ac0PWX9Y9Vc7mCQB4qku7B/9jq1Cha9euv952iYYozxwASFzOTwOX46XQDJ6AltAUivy3/fVUHc7zH9RP3gqQ/j/lpMDl+HL9m3+n/ohZf1h/DkC+PJdz0sHl+HL9or+pHf1cP1vjP6if7vOxAE3+U14GuBxfrl8YHoOnoeU/3FIIIYQQQgghhPhFT1WqzR+9v730/jynuZyTFn6JzZ94fw6/fMJACCGEEEIIIYQQV9CzHTo++WjLlk3b/M6i3O/vkkVqWaT512jj334B8C/Rxp9bXOlnJiGEEEIIIcRf7fJJ/5XuRAghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESL3+X/w5sSt9jEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIcSV9n8CAAD//yldK4M=")
mount$nfs(&(0x7f0000000000)='\xb2\x83\x87J9I\xc3i\xe4\xc0\xc1\xb8\xffW/\"\t\xccLD\x9d+\xe2\xa3c\xd0\x9d\xb1\xc8\\\xdf\x9aih\xd8\xc7\x90v\x8b\x82\x94\xa4\xdd\x98\xb8\rQh#\x05dl\x01\x8cC\x1f|\xa5\xcb>\xf2\xd6\t\xf4IE\xcb\x15', &(0x7f0000000240)='./file0\x00', 0x0, 0x6e1088, 0x0)
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fcntl$addseals(r0, 0x409, 0xd)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x7d}, @printk={@ld}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [{@measure}, {@appraise}]}})

7m0.271887068s ago: executing program 2 (id=92):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106a0531030000000000010902"], 0x0)
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7], &(0x7f0000000240), 0x0, 0x1}}, 0x40)

6m58.697288531s ago: executing program 2 (id=95):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
timer_create(0x8, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001200)=ANY=[@ANYBLOB="61124c00000000006113300000000000bf300000000000002500070007ffffffbd0201000000000095002000000000006916320000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee60090bf050000570200000c5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f055af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6901fcecc8158f0200000000c8fb735fd552bdc268694aeb0763f65e439ec1120843e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3abd5dedd3f7d2cf5834f2af97787f696649a46e17e090000000000000045eac1720e83b7838e3eede14308d582685e1becd6f35154bcb400000000000000000000008129277dc467148670ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbfea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f14c3f2ed6c64ec90000022d600000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca51c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233ba3d4ce26ed703dcb9fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c17d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be6910023a26faea764fae160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7beecaaa61e7a726571df5cf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da046c7aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ce27e134548032a307871cea4c89d4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b8748d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b25055e786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc136464025013665b1cf26a863a5cb3e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a56c4f3f265a09628878040000000000000017b68afd95d4abd79286692439ee7acca2adc3d83d72b1b778e30c2bf2efbbcd054cf51f5705eb0faa8a0d9f18135cb1d8d567c3436fa697b72c5035d98b9e4f7f3379c0b3339debc78352b2e65299223d7ef2bd540e78167a3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586331eb5995d2288a167b7c6b20b32116b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22db669560d296287c13c92070000ee7553eb2df17a39542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c887081c8d320642389f5f0c42dba0ff75a257310f2d92cb1d1e16468949f5675262ee6609cf26ae4a8f5eac0ebf318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0f72c4a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1a706ec201eedfa5fbdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee8072d1f88cb781e4cdb04af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98c5a471f3521956f8da6a4ccf2071095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5a071ba22251e2de8bac16e79da9c2444d52facb7ab49420900000000000000f888a94365b99b72796fde1b922fc9ae09b526efca65faf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837be14d6a483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c79c846e403910bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be0000fdde69c350e59f11f1d26a4d04d8c8b2c4a4d23ee931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f647e1f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680faa8cf38dbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705113a5ce1c99193886d6008d3565b00000000000000000000000000000000001c260fc175785ca04e31790f542c0f17b6599e93134792eae9878638b299e1d2b38d367be0d5c99d179c6bde265caebbae48bae74338f9d4f12f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50}, 0x48)

6m57.097146797s ago: executing program 2 (id=98):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid() (async)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) (async)
landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) (async)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0}, 0x94)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(0x3)
r3 = socket(0x2, 0x80805, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0) (async)
shutdown(r4, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={<r5=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) (async)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
setsockopt(r2, 0x84, 0x75, &(0x7f0000000040)="020000000980ffff", 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x18000000000000, 0x80) (async)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x18000000000000, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000003540)={[{@dmask={'dmask', 0x3d, 0x7}}, {@namecase}, {@dmask={'dmask', 0x3d, 0x400005}}, {@sys_tz}, {@errors_remount}, {@discard}, {@keep_last_dots}, {@umask={'umask', 0x3d, 0x200}}, {@namecase}, {@namecase}]}, 0x1, 0x153b, &(0x7f0000001f80)="$eJzs3AucTlXXAPC19t5nDImnSS7D3nsdnuSyTZLkkiSXJEmSJLeEpEleSUgMIUlDEpLLkMQQksvEpHG/3y8JSdIkSUhuyf5+E37qrb73/b73/fL+vln/3+/87DXnrH3WedZznuecg/m269BaTWpXb0RE8C/BC38kAUAsAAwEgLwAEABA+bjycYAB5JSY9K/thP17PZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/x1z/+Bn///x+Hv//9HMsuM/XJNmeu6AcT8sync/+yN+///VvDPbMT9z964/9lV7JUugP0H4PM/O8jxp2u4/9kb95+x7OxKP3++0gtE/sNegyM5LzTmrzp+xhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPsL3DaX6YA4NL4StfFGGOMMcYYY4yxfx+f40pXwBhjjDHGGGOMsf97CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgPGsD90BAegEbwIDSGh6AJPAxN4RFoBs2hBbSEVv+r/OehJ7wAvaA3JEEf6AsvQj/oDwPgJRgIL8MgeAUGw6uQDENgKLwGw+B1GA5vwAgYCaPgTRgNb8EYGAvjYDykwASYCG/DJHgHJsO7MAWmQipMg+nwHsyAmTAL3ofZ8AHMgbkwD+ZDGnwIC2AhpMNHsAg+hgxYDEtgKSyD5bACVsIqWA1rYC2sg/WwATbCJtgMW2ArbIPtsAM+gZ3wKeyC3bAHPoO98Pmv8gGSfunnf5d/6u/yuyEgoECBChXGYAzGYizmwlyYG3NjHsyDEYxgHMZhPsyH+TE/FsSCGI/xWASLoEGDhIRFsShGMYrFsTiWwBJYCkuhQ4cJmIBl8SYsh+WwPJbHClgBK2IlrIRVsApWxapYDathdayONbAG1sJaeBfehX2wLtbFelgP62P9S4+nsBE2wsbYGJtgE2yKTbEZNsMW2AJbYStsja2xDbbBdtgO22N77IAdMBETsSN2xE7YCTtjZ+yCXbArdsVu2B27Zz6fA/AFfAF7Yw3RB/tiX+yHyTkG4Ev4Er6Mg/AVfAVfxWQcgkPxNXwNX8fheBJH4EgchaOwqngLx+BYJDEeUzAFJ+JEnISTMKvQd3EqpuI0nI7TcQbOxJn4Ps7GD/ADnItzcT6mYRouwIWYjum4CE9hBi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+gAsBPcTfuxmTci3txH+7D/bgfD+ABzMRMPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hs/NeNPym5OhlEFiWUiBExIlbEilwil8gtcos8Io+IiIiIE3Ein8gn8ov8oqAoKOJFvCgiiggjjCARxgCAiIqoKC6KixKihCglSgknnEgQCaKsKCvKiXKivLhFVBC3ioqikmjrqogqoqpo56qJO0R1UV3UEDVFLVFb1BZ1RB1RV9QV9UQ9UV/UFw3E/aKh6IMD8EGR1ZkmYgg2FUOxmWgu5MVPsNZiOLYRbUU78bgYiSOwg2jtEsVToqMYg53E38RYfEZ0EeOxq3hOdBPdRQ/xvOgp2rheoreYjH1EXzEV+4n+YoB4SczAmuJ9nJ2zlnhVJIshYqh4TczH18Vw8YYYIUaKUeJNMVq8JcaIsWKcGC9SxAQxUbwtJol3xGTxrpgipopUMU1MF++JGWKmmCXeF7PFB2KOmCvmifkiTXwoFoiFIl18JBaJj0WGWCyWiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLnaIT8RO8anYJXaLPeIzsVd8LvaJL8R+8aU4IL4SmeJrcVB8Iw6Jb8Vh8Z04Ir4XR8UxcVz8IE6IH8VJcUqcFmfEWfGTOCd+FueFFyBRCimlkoGMkTlkrMwpc8mrZG4ZXHx1r5Fx8lqZT14n88sCsqAsJONlYVlEammklSRDWVQWk1F5vSwub5AlZElZSpaWTpaRCfJGWVbeJMvJm2V5eYusIG+VFWUlWVlWkbfJqvJ2CZEL+6gha8pasra8SybB3bKuvEfWk/fK+vI+2UDeLxvKB2Qj+aBsLB+STeTDsql8RDaTzWUL2VK2ko/K1vIx2Ua2le3k47K9fEJ2kE/KRPmU7Cj9xbfIM7KLfFZ2lc/JbrK77CF/luell71kbwl9QPaVL8p+sr8cEAsA8mU5SL4iB8tXZbIcIofK1+Qw+bocLt+QI+RIOUq+KUfLt+QYOVaOk+NlipwgJ8q35ST5jpws35VT5FSZKqfJAXLgLzPNkvIf5r/9B/mDf9n7RrlJbpZb5Fa5TW6XO+QncqfcKXfJXXKP3CP3yr1yn9wn98v98oA8IDNlpjwoD8pD8pA8LA/LI/KIPCqPyTPyB3lC/ihPylPylDwjz8qz8tzF1wAUKqGkUipQMSqHilU5VS51lcqtrlZ5VF4VUdeoOHWtyqeuU/lVAVVQFVLxqrAqorQyyipSoSqqiqmouh4vvmFUKVVaOVVGJagb/yf5qri6QZVQJX+Tf6m+pD+pr5VqpVqr1qqNaqPaqXaqvWqvOqgOKlElqo6qo+qkOqnOqrPqorqorqqr6qa6qR6qh+qpeqpeqpdKUkmqr3pR9VP91QD1khqoXlaD1CA1WA1WySpZDVVD1TA1TA1Xw9UINUKNUqPUaDVajVFj1Dg1TqWoFDVRTVST1CQ1WU1WU9QUlapS1XQ1Xc1QM9QsNUvNVrPVHDVHzVPzVJpKUwvUApWu0tUitUhlqMVqsVqqlqrlarlaqVaq1Wq1WqvWqvVqvcpQm9QmtUVtUdvUNrVD7VA71U61S+1Se9QetVftVfvUPrVf7VcH1AGVqTLVQXVQHVKH1GF1WB1RR9RRdVQdV8fVCXVCnVQn1Wl1Wp1VZ9U5dU6dV+ezLvsCEYhABSqICWKC2CA2yBXkCnIHuYM8QZ4gEkSCuCAuyBdcF+QPCgQFg0JBfFA4KBLowAQ2EBebHg2uD4oHNwQlgpJBqaB04IIyQUJwY1A2uCkoF9wclA9uCSoEtwYVg0pB5aBKcFtQNbg9qBbcEVQP7gxqBDWDWkHt4K6gTnB3UDe4J6gX3BvUD+4LGgT3Bw2DB4JGwYNB4+ChoEnwcNA0eCRoFjQPWgQtg1b/4vxZp/zl+b0/WeAx10v31km6j+6rX9T9dH89QL+kB+qX9SD9ih6sX9XJeogeql/Tw/Trerh+Q4/QI/Uo/aYerd/SY/RYPU6P1yl6gp6o39aT9Dt6sn5XT9FTdaqepqfr9/QMPVPP0u/r2foDPUfP1fP0fJ2mP9QL9EKdrj/Si/THOkMv1kv0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/Qneqf+VO/Su/Ue/Zneqz/X+/QXer/+Uh/QX+lM/bU+qL/Rh/S3+rD+Th/R3+uj+pg+rn/QJ/SP+qQ+pU/rM/qs/kmf0z/r89pnXdxnfb0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSafyWfym/ymoClo4k28KWKKmCxkyBQ1RU3URE1xU9yUMCVMKVPKOONMgkkwZU1ZU86UM+VNeVPBVDAVTUVT2VQ2t5nbzO3mdnOHucPcae40NU1NU9vUNnVMHVPX1DX1TD1T39Q3DUwD09A0NI1MI9PYNDZNTBPT1DQ1zUwz08K0MK1MK9PatDZtTBvTzrQz7U1708F0MIkm0XQ0HU0n08l0Np1NF9PFdDVdTTfTzfQwPUxP09P0Mr1MkkkyfU1f08/0MwPMADPQDDSDzCAz2Aw2ySbZDDVDzTAzzAw3w80IM9KMyrpQNW+ZMWasGWfGmxSTYiaaiWaSmWQmm8lmipliUk2qmW6mmxlmhpllZpnZZraZY+aYeWaeSTNpZoFZYNJNullkFpkMk2GWmCVmmVlmVpgVZpVZZdaYNWYdrDMbzAazyWwyW8wWs81sMzvMDrPT7DS7zC6zx+wxe81es8/sM/vNfnPAHDCZJtMcNAfNIXPIHDaHzRFzxBw1R81xc9ycMCfMSXPSnDanzVlT4OL3pTexNqfNZa+yue3VNo/Na/8+LmgL2Xhb2Bax2ua3BX4TG2ttCVvSlrKlrbNlbIK98XdxRVvJVrZV7G22qr3dVvtdXMfebevae2w9e6+tbe/6TVzf3mcb2IdtQ0QA29w2ti1tE/uwbWofsc1sc9vCtrTt7RO2g33SJtqnbEf79O/iBXahXWVX2zV2rd1ld9vT9ow9ZL+1Z+1PtpftbQfal+0g+4odbF+1yXbI7+JR9k072r5lx9ixdpwd/7t4ip1qU+00O92+Z2fYmb+L0+yHdrZNt3PsXDvPzv8lzqop3X5kF9mPbYYNYIldapfZ5XaFXXmpVp/Xrrcb7Ea7035qt9itdpvdbndcuhC2u+0e+5ndaz+3B+03dr/90h6wh22m/fqXOOv4Dtvv7BH7vT1qj9nj9gd7wv6oLmVnHfsP9md73noLhAQkSVFAMZSDYikn5aKrKDddTXkoL0XoGoqjaykfXUf5qQAVpEIUT4WpCGkyZIkopKJUjKJ0PV0qrxSVJkdlKIFupLJ0E5Wjm6k83UIV6FaqSJWoMlWh26gq3U7V6A6qTndSDapJtag23UV16G6qS/dQPbqX6tN91IDup4b0ADWiB6kxPURN6GFqSo9QM2pOLagltaJHqTU9Rm2oLbWjx6k9PUEd6ElKpKeoIz1Nnehv1JmeoS70LHWl56gbdace9Dz1pBeoF/WmJOpDfelF6kf9aQC9RAPpZRpEr9BgepWSaQgNpddoGL1Ow+kNGkEjaRS9SaPpLRpDY2kcjacUmkAT6W2aRO/QZHqXptBUSqVpNJ3eoxk0k2bR+zSbPqA5NJfm0XxKow9pAS2kdPqIFtHHlEGLaQktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtAntJM+pV20m/bQZ7SXPqd99AXtpy/pAH1FmfQ1HaRv6BB9S4fpO9+bvqejdIyO0w90gn6kk3SKTtMZOks/0Tn6mc6TJwgxFKEMVRiEMWGOMDbMGeYKrwpzh1eHecK8YSS8JowLrw3zhdeF+cMCYcGwUBgfFg6LhDo0oQ0pDMOiYbEwGl4fFg9vCEuEJcNSYenQhWXChPDGsGx4U1guvDksH94SVghvDSuGlcKH760S3hZWDW8Pq4V3hNXDO8MaYc2wVlg7vCusE94d1g3vCeuF94blwvvCBuH9YcPwgbBR+GDYOHwobBI+HDYNHwmbhc3DFmHLsFX4aNg6fCxsE7YN24WPh+3DJ8IO4ZNhYvhU2DF8+pf19y388/VJYZ+wb/hi+GLo/T1yXnR+NC36YXRBdGE0PfpRdFH042hGdHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH10Q3Rj1PvaOcChE0465QIX43K4WJfT5XJXudzuapfH5XURd42Lc9e6fO46l98VcAVdIRfvCrsiTjvjrCMXuqKumIu6611xd4Mr4Uq6Uq60c66MS3AtXSvXyrV2j7k2rq1r5x53j7sn3BPuSfeke8p1dE+7Tu5vrrN7xnVxz7pn3XOum+vuerjnXU83Ic+FczLJ9XV9XT/Xzw1wA9xAN9ANcoPcYDfYJbtkN9QNdcPcMDfcDXcj3Ag3yo1yo91oN8aNcePcOJfiUtxEN9FNcpPcZDfZTXFTXKpLddPddDfDzXBVZ17Yyxw3x81z81yaS3MLXNY1Y7pb5Ba5DJfhlrglbplb5la4FW6VW+XWuDVunVvnNrgNbpPb5La4LW6b2+Z2uB1up9vpdvm8FyZ1e90+t8/td/vdAfeVy3Rfu4PuG3fIfesOu+/cEfe9O+qOuePuB3fC/ehOulPutDvjzrqf3Dn3szvvvEuJTIhMjLwdmRR5JzI58m5kSmRqJDUyLTI98l5kRmRmZFbk/cjsyAeROZG5kXmR+ZG0yIeRBZGFkfTIR5FFkY8jGZHFkSWRpZFlkeUR7wtvCX1RX8xH/fW+uL/Bl/AlfSlf2jtfxif4G31Zf5Mv52/25f0tvoK/1Vf0lXxl/4hv5pv7Fr6lb+Uf9a39Y76Nb+vb+cd9e/+E7+Cf9In+Kd/RP+07+b/5zv4Z38U/67v653w339338M/7nv4F38v39km+j+/rX/T9fH8/wL/kB/qX/SD/ih/sX/XJfogf6l/zw/zrfrh/w4/wI/2omDf96Eu3yDDep/gJfqJ/20/y7/jJ/l0/xU/1qX6an+7f8zP8TD/Lv+9n+w/8HD/Xz/PzfZr/0C/wC326/8gv8h/7DL/40kNlv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dr/Df+J3+k/9Lr/b7/Gf+b3+c7/Pf+H3+y/9Af+Vz/Rf+4P+G3/If+sP++/8Ef+9P+qP+eP+B3/C/+hP+lP+tD/jz/qf/Dn/sz/P/2eNMcYYY+yfMuHyUPx2zYXH+X3+IEf8auO+AHD11kKZv16fdUW5Lv+FcX8R3z4CAE/17vrgpaVGjaSkpIvbZkgIis0FuPQ3QVli4HK8GNrBE5AIbaHsH9bfX3Q/S/9g/ugtALl+lRMLl+PL838BgEl/MP+jj49aUCE8HfffzD8XoESxyzk54XK8GNr98nylLZT7k/oLtP6T+vHi/Dm/TAFo86uc3HA5vlx/AjwGT0Pib7ZkjDHGGGOMMcYu6C8qd750/3npX3z+0f15vLqckwMux//o/pwxxhhjjDHGGGNX3jPdezz5aGJi287/80G1/1XWPz1oCv9XM/PgDwfeA1z6iQKAf3FCgKyB/CuPYvNfsq/ki6fO369adsYH8J/Ryn/H4Ap/MDHGGGOMMcb+7S5f9P/25+pKFcQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGVDf8WvE7vSx8gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xdaf8VAAD//3aq+3A=")
fchmodat(0xffffffffffffff9c, 0x0, 0x16f)

6m56.41634449s ago: executing program 2 (id=99):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000180)='./bus\x00', 0x8, &(0x7f0000000280)={[{@discard_unit_block}, {@nocheckpoint_merge}, {@alloc_mode_def}, {@age_extent_cache}, {@nodiscard}, {@fault_injection={'fault_injection', 0x3d, 0x4ee}}, {@acl}, {@noacl}, {@memory_normal}, {@alloc_mode_def}, {@noheap}, {@block_mode}, {@extent_cache}, {@atgc}, {@data_flush}]}, 0x1, 0x5505, &(0x7f00000079c0)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0)
setxattr$security_evm(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240), &(0x7f0000000640)=ANY=[@ANYBLOB="05"], 0x2d6, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)

6m53.752011149s ago: executing program 2 (id=104):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, 0x0, 0x0, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

6m52.040009213s ago: executing program 2 (id=108):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x18) (async)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

6m50.79790874s ago: executing program 34 (id=108):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x18) (async)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

5m39.360752492s ago: executing program 4 (id=303):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
pipe(&(0x7f0000000300))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x80800)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0x29e9c934, 0x3, 0x0, 0x1}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="200000001600010a0000000000000000020000000c0000800800", @ANYRES16=r2], 0x20}, 0x1, 0x0, 0x0, 0x200c0801}, 0x4004014)

5m39.091049133s ago: executing program 4 (id=307):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe2(&(0x7f0000000300)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4000)
fcntl$setpipe(r1, 0x407, 0x7ffffffffffffff)
r2 = socket$inet(0xa, 0x801, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100020008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
listen(r2, 0x6)
syz_open_dev$vim2m(&(0x7f0000000500), 0x7, 0x2)
ioperm(0x0, 0x2, 0x7e)
syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[], 0x0)
fcntl$setflags(r0, 0x2, 0x1)
r6 = syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x4e001)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000500)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x80000700, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe10804000000af8e0e3dc11d875397bdb22d0000b420a1a93e527d3d458d080000000000000000000000000000000000000000004300", "f4bd000000801900000000e9ffffff0200000000000000000000000012ff00", [0x8, 0x5]}})

5m37.878359918s ago: executing program 4 (id=309):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000200000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001"], 0x254}}, 0x0)

5m37.652057706s ago: executing program 4 (id=311):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106a0531030000000000010902"], 0x0)
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
write$binfmt_elf64(r0, &(0x7f0000002600)=ANY=[], 0x1820)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x8e, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x12}}, 0x40)

5m35.114594045s ago: executing program 4 (id=320):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x1008a, &(0x7f0000000180)={[{@nomblk_io_submit}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@nomblk_io_submit}, {@sb={'sb', 0x3d, 0x1}, 0x22}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}], [{@obj_role={'obj_role', 0x3d, 'ext3\x00'}}]}, 0xfe, 0x455, &(0x7f0000000fc0)="$eJzs3M9PHFUcAPDv7rJQ2iJY649iq2g1En9AoT/swUuNJh40MdFDjScE2mC3xRRMbEMUPeDRNPFuPJr4F3ixXox6MvGqd2NCDBerpzWzO0O3sAssLGx1P59k4L19b/Ped2be7ts3OxtAxxpK/uQiDkbErxHRX83eWWGo+u/WysLk3ysLk7kol9/4M1ep99fKwmRWNXvegWqmXN6g3aW3IyZKpemraX50/vJ7o3PXrj83c3ni4vTF6SvjZ8+eOnms+8z46ZbE2Zf0dfDD2aNHXnnrxmuT52+88+PXSX8PpuW1cbTKUHXv1vVkqxtrs76adK6rjR2hKYWISA5XsTL++6MQvatl/fHyJ23tHLCryuV8uadx8WIZ+B9LJupAJ8re6JPPv9m2R1OPu8LyuVhdx7iVbtWSrsindYrpZ6TdMBQR5xf/+SLZYpfWIQAAat08FxHP1pv/5eOBmnr3pNeGBiLi3og4FBH3RcThiLg/olL3wYh4qMn2114hWT//KfdvK7AtSuZ/L6TXtu6c/2WzvxgopLm+SvzF3IWZ0vSJdJ8MR7EnyY9t0MZ3L/3yWaOy2vlfsiXtZ3PBtB9/dK1ZoJuamJ/YScy1lj+OGOyqF39udc6bzI+PRMTgNtuYefqro43KNo9/Ay2YlJe/jHiqevwXY038mVzD65Njz58ZPz26L0rTJ0azs2K9n35eer1R+zuKvwWWb5Zjf93zfzX+gdy+iLlr1y9VrtfONd/G0m+fNvxMs93zvzv3ZiXdnT72wcT8/NWxiO7cq+sfH7/93Cyf1U/O/+Hj9cf/obi9Jx6OiOQkPhYRj0TEo2nfH4uIxyPi+Abx//DiE+82H/8Gq/ItlMQ/tdnxj9rj33yicOn7b5qPP5Mc/1OV1HD6yFZe/7bawZ3sOwAAAPivyFe+A5/Lj6ym8/mRkep3+A/H/nxpdm7+mQuz71+Zqn5XfiCK+Wylq79mPXQsXRvO8uNr8ifTdePPC72V/MjkbGmq3cFDhzvQYPwnfi+0u3fArnO/FnQu4x86l/EPncv4h85l/EPnqjf+P2pDP4C9t8n7f+9e9QPYe+b/0LmMf+hcxj90pIb3xud3dMu/RJsS33bv7Lcatp6I/F0S8q4neiNiL9oqRjXRExE1RV1b/jGLbSZ66ha1+5UJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4NAAD//xwt370=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0xc0800, 0x80)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)

5m34.78796975s ago: executing program 4 (id=322):
r0 = openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$proc_mixer(r0, &(0x7f0000000600)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES8=r1], 0xb0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="48010000100001000000000000000000e00000020000000000000000000000000a010101000000000000000000000000000000004e2100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffdfff0000000000000000000000000000000033000000fe8000000000000000000000010000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000004000000010000000000000000000a000000000000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048460000000000000000000000000008001d00000000000800220003"], 0x148}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x9c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x8c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_NAT_SRC={0x4}]}, 0x8c}}, 0x0)

5m19.788609776s ago: executing program 35 (id=322):
r0 = openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$proc_mixer(r0, &(0x7f0000000600)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES8=r1], 0xb0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="48010000100001000000000000000000e00000020000000000000000000000000a010101000000000000000000000000000000004e2100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffdfff0000000000000000000000000000000033000000fe8000000000000000000000010000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000004000000010000000000000000000a000000000000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048460000000000000000000000000008001d00000000000800220003"], 0x148}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x9c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x8c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_NAT_SRC={0x4}]}, 0x8c}}, 0x0)

4m16.932098315s ago: executing program 5 (id=604):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0xfffffffe, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0xeb}}], 0x18}}], 0x1, 0x4000890)
syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x1000000, @empty}, {0x0, 0x4e22, 0x18, 0x0, @wg=@data}}}}}, 0x0)

4m16.823054753s ago: executing program 5 (id=605):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0)={[{@i_version}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3U1vG0UfAPD/bt7atE+TSs+Bl4sFSERCJE3aApVAIuLCoT3RA0es2C1RnQYlRqJVxItA3EAC8QHgAHwEjnDgO8AZOEClCOVAys1o7V3HxHbapA6ukt9PGnlmZ+2Z9XjW68nsJIBjqxQRL0fESESci4ipfHuah3i/FbL9trc2lv7e2lhKotF47c8kknxb8VpJ/ngqf4GZNCL9KInHe5S7fuv2jXKtVl3L03P1lbfm1m/dfnZ5pXy9er16c+G58xcuXnzh0sLzAzvWzZXkk6e+ufzbZx9XPv/pj++ns/qezvM6j2NQSlFqvye7XRp0YUN2oiOejA6xIgAA7CnNr/1Hm9f/UzESOxdvU/Hpj0OtHAAAADAQjUbxCAAAABxdid/+AAAAcMQV8wC2tzaWijDE6Qj8xzYXI2K61f5389DKGW3f0zu26/7eQSpFxKsnrixkIQ7pPmwAAACA4+yHxdbCf93jf2k80rHfyYiYLNb2G6DSrnT3+E96Z8BF0mFzMeLFiLjbNf6XFrtMj+Sp/zWHCseSa8u16rmIOBMRMzE2kaXn9yjj3SdufNsvr3P878tfX5/Pys8ed/ZI74xO/Ps5lXK9/CDHzI7NDyIeG+3V/kl7zLdzncyDeGN5+6V+eVn7Z+1dhO725zA1vop4umf/31m5NNl7fda55vlgLj8rTHSX8cvprz/sV35n/89CVn7xtwAOX9b/J/du/+Y6ue31etf3X8Z3f135uV/evdu/9/l/PLnarOB4vu2dcr2+Nh8xnlzu3u7T1Fa8H8X7lbX/zJO9v/+L678k/+4/07E+9H688t7Zq/3y9P/hytq/sq/+v//Im5OPzvQr//76/4VmZYoXcf13b/fbQMOuJwAAAAAAAACDkTbn9iXpbDueprOzrXm+/4/JtLa6Xn/m2urbNyutOYDTMZYW8z+nOuaDzrduI2+nF3alz0fE2Yj4YupkMz27tFqrDPvgAQAA4Jg41ef3f+b3g9zsAQAAADycpoddAQAAAODQ+f0PAAAAR9qDrOtfq64V/yLogE8XETlYZCT/4D0s9Tl6kSGelAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIfwIAAP//keS8Nw==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r2, r3, 0x0, 0x20fffe82)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1, <r4=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20)
close(0x3)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x7, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)

4m14.992899726s ago: executing program 5 (id=612):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001032000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff000000000000000033"], 0x254}}, 0x0)

4m14.544114382s ago: executing program 5 (id=614):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='maps\x00')
r1 = fanotify_init(0x0, 0x101000)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
fanotify_mark(r1, 0x1, 0x40001019, r0, 0x0)
r2 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000400)=ANY=[@ANYBLOB='uid=', @ANYRES16=r1, @ANYBLOB="2c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c6e66733d6e6f7374616c655f726f2c756e695f786c6174653d312c756e695f786c6174653d302c756e695f786c6174653d312c2c64656275672c73686f72746e616d653d6d697865642c71756965742c757466383d302c00ba56dd00"/132], 0x0, 0x29f, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=")
r3 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r2, 0x80286722, &(0x7f0000000140)={&(0x7f0000000080)=""/118, 0x76, 0xb, 0x5154})
getpeername$packet(r3, &(0x7f0000000200), &(0x7f00000002c0)=0x14)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r3, &(0x7f0000002c00)={0x2020}, 0x2020)
syz_open_procfs(0x0, &(0x7f0000000240)='maps\x00') (async)
fanotify_init(0x0, 0x101000) (async)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) (async)
fanotify_mark(r1, 0x1, 0x40001019, r0, 0x0) (async)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000400)=ANY=[@ANYBLOB='uid=', @ANYRES16=r1, @ANYBLOB="2c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c6e66733d6e6f7374616c655f726f2c756e695f786c6174653d312c756e695f786c6174653d302c756e695f786c6174653d312c2c64656275672c73686f72746e616d653d6d697865642c71756965742c757466383d302c00ba56dd00"/132], 0x0, 0x29f, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=") (async)
syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') (async)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r2, 0x80286722, &(0x7f0000000140)={&(0x7f0000000080)=""/118, 0x76, 0xb, 0x5154}) (async)
getpeername$packet(r3, &(0x7f0000000200), &(0x7f00000002c0)=0x14) (async)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) (async)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) (async)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) (async)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) (async)
read$FUSE(r3, &(0x7f0000002c00)={0x2020}, 0x2020) (async)

4m14.369472326s ago: executing program 5 (id=616):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap$KVM_VCPU(&(0x7f0000f3d000/0x4000)=nil, 0x930, 0xc, 0x8010, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_misc(r4, &(0x7f0000000080)="b3", 0x1)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x58)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000280)={0x29e9c934, 0x3, 0x0, 0x1}, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="200000001600010a0000000000000000020000000c0000800800", @ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x200c0801}, 0x4004014)

4m13.791997531s ago: executing program 5 (id=619):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106a0531030000000000010902"], 0x0)
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
write$binfmt_elf64(r0, &(0x7f0000002600)=ANY=[], 0x1820)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x1820, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x12}}, 0x40)

4m12.253003131s ago: executing program 36 (id=619):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106a0531030000000000010902"], 0x0)
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
write$binfmt_elf64(r0, &(0x7f0000002600)=ANY=[], 0x1820)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x1820, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x12}}, 0x40)

4m3.959856772s ago: executing program 3 (id=638):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe2(&(0x7f0000000300)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4000)
fcntl$setpipe(r1, 0x407, 0x7ffffffffffffff)
r2 = socket$inet(0xa, 0x801, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100020008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
listen(r2, 0x6)
syz_open_dev$vim2m(&(0x7f0000000500), 0x7, 0x2)
ioperm(0x0, 0x2, 0x7e)
syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[], 0x0)
fcntl$setflags(r0, 0x2, 0x1)
r6 = syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x4e001)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r7, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000500)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x80000700, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe10804000000af8e0e3dc11d875397bdb22d0000b420a1a93e527d3d458d080000000000000000000000000000000000000000004300", "f4bd000000801900000000e9ffffff0200000000000000000000120000ff00", [0x8, 0x5]}})

4m2.761767216s ago: executing program 3 (id=639):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000001c0), &(0x7f0000000300)=0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x36}}, 0x6}, 0x1c)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigprocmask(0x2, &(0x7f0000000080)={[0x4]}, 0x0, 0x8)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r1)
sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[], 0x4a}, 0x1, 0x0, 0x0, 0x50}, 0xc101)
sendmsg$inet6(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000880)="b1", 0x1}], 0x1}, 0x10)
setsockopt$inet6_tcp_int(r3, 0x6, 0xc, &(0x7f0000000140)=0x80000001, 0x4)
mknodat$loop(r3, &(0x7f0000000000)='./file0\x00', 0x1, 0x0)
mount(&(0x7f00000001c0), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='reiserfs\x00', 0x0, 0x0)

4m2.566738021s ago: executing program 3 (id=640):
unshare(0x6a040000)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000ac0)=ANY=[@ANYBLOB="12011001c7af7320720c0d008f96010203010902"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a0000008d0000006c07010033d43afffe800000000000000000000000000010ff0200000000ffffff8f000000000001"], 0x340a)

3m59.586789965s ago: executing program 3 (id=650):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@abort}, {@user_xattr}, {@bh}, {@errors_remount}]}, 0x1, 0x55f, &(0x7f0000000580)="$eJzs3d9rU+cbAPDnpK2/v18riGxjjIIXczhT2+6Hg124y7HJhO3ehfZYpKmRJhXbCdOLebObIYMxJozdb/e7lP0D+yuETZAhZbvYTcZJT2q0SRNrtNF8PnDkfXNO+p4n73le35M3IQEMrYnsn0LEyxHxTRJxMCKSfN9o5Dsn1o9bu391NtuSqNc//StpHJfVm3+r+bz9eeWliPjtq4jjhc3tVldWF0rlcrqU1ydri5cmqyurJy4slubT+fTi9MzMqbdnpt97952+xfrG2X++/+T2h6e+Prr23S93D91M4nQcyPe1xvEErrVWJmIif03G4vQjB071obFBkuz0CbAtI3mej0U2BhyMkTzrgRfflxFRB4ZUIv9hSDXnAc17+z7dBz837n2wfgO0Of7R9fdGYk/j3mjfWvLQnVF2vzveh/azNn7989bNbIv+vQ8B0NW16xFxcnR08/iX5OPf9p3s4ZhH2zD+wbNzO5v/vNlu/lPYmP9Em/nP/ja5ux3d879wtw/NdJTN/95vO//dWLQaH8lr/2vM+caS8xfKaTa2/T8ijsXY7qy+1XrOqbU79U77Wud/2Za135wL5udxd3T3w8+ZK9VKTxJzq3vXI15pO/9NNvo/adP/2etxtsc2jqS3Xuu0r3v8T1f9p4jX2/b/gxWtZOv1ycnG9TDZvCo2+/vGkd87tb/T8Wf9v2/r+MeT1vXa6uO38eOef9NO+x6KP3q//nclnzXKu/LHrpRqtaWpiF3Jx5sfn37w3Ga9eXwW/7GjW49/7a7/vRHxeY/x3zj886s9xd+t/5/CImsW/9xj9f/jF+589MUP248/6/+3GqVj+SO9jH+9nuCTvHYAAAAAAAAwaAoRcSCSQnGjXCgUi+uf7zgc+wrlSrV2/Hxl+eJcNL4rOx5jheZK98GWz0NM5Z+HbdanH6nPRMShiPh2ZG+jXpytlOd2OngAAAAAAAAAAAAAAAAAAAAYEPs7fP8/88fITp8d8NT5yW8YXl3zvx+/9AQMJP//w/CS/zC85D8ML/kPw0v+w/CS/zC85D8ML/kPAAAAAAAAAAAAAAAAAAAAAAAAAAAAfXX2zJlsq6/dvzqb1ecurywvVC6fmEurC8XF5dnibGXpUnG+Upkvp8XZymK3v1euVC5NTcfylclaWq1NVldWzy1Wli/Wzl1YLM2n59KxZxIVAAAAAAAAAAAAAAAAAAAAPF+qK6sLpXI5XVJQ2FZhdDBOY3UhYiBO40Up7PTIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/BcAAP//8NI25Q==")
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000001540)='./file0\x00', 0x2000004c, &(0x7f00000003c0)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYBLOB=',dmask=00000000000000000000152,iocharset=iso8859-1,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646973636172642c00214b3cf244ea5fb7437f2c69f67a093e240a6e978fa4cd2d"], 0x1, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='memory.events.local\x00', 0x275a, 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f00000001c0)='./bus\x00', 0x40403, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_pressure(r1, &(0x7f0000000240)='memory.pressure\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x80000001)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x6, 0x0, 0x0, 0x0, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac6390b86fa00000000004faa2ae2c084a0ea000000000000008000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0)
lsetxattr$security_ima(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000200)=ANY=[], 0x9, 0x1)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f00000003c0)='system.posix_acl_access\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000480)=ANY=[], 0xfe37, 0x0)

3m59.00555354s ago: executing program 3 (id=655):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c000000150a0102bea41fc0d2bfa7ea000000000000000000009e21fcaf7534664ec72200020900020073790400000000000c000640ae86937fea7f89758d9542f7d39a98e40000000000000005"], 0x2c}, 0x1, 0x0, 0x0, 0x8804}, 0x24040808)
syz_mount_image$minix(&(0x7f0000000080), &(0x7f0000000040)='./file2\x00', 0x120080c, &(0x7f0000000600)=ANY=[], 0x9, 0x202, &(0x7f0000000240)="$eJzs279u01AUx/HfzX9DgfJ3AKQiMcBCkqaiElPLS7AwVW1aVXUBYRZHSA0jCzwDM4/Ay/AAdGBjwsiO3YTYbtxbkpT2+1lyck+Pc1zZ9ZEbC8CFta4HMjKqhW/uNxY/3zSF6mrTbgzA1AXx6+/AhmNVBeCsKP8aX4kngP58+gEwK4fPpe+Sfvx8vxkEwUG4NjofhPl+nFepnpofDj9Idytx3jTkjM8XX6RHSb25lK6vDF4H+cuZ23/8MPn8BV3RVV3Toq7rhunLRPmto/o79oMQAAAXiFFzUr4plXNyA+mpYKiq7W/pq/pQTdu7brczIb+Sm69H+ebma3frmE8BkKVU6PzPV47Ov3ZuvhLll+N3DbsmAUyF5/fqct3uW88PL/JR0NvbcE8UOEkQbqJo1dcXH+9N3LKx6sc+qI2tBAeSjlbWw0CjKwWDQJ6f3Bnxe3vO6O95yVs6ffNmcJcm1ZhTpLykrNRLizbW0qnqCQ6J7MD0rcoXPilzv04XrKnQD1ctDpLcoD6jg//vYK5/lgDMQOvd/puW5/ee7O5v7HR3uq867faz1acry6udVjTZt46f7wH8v4YXfY18Gygx/t88AAAAAAAAAAAAAABwFt3S7dRaaS6dAAAAAJi2f/bMUEW5j1vNex8BAAAAAAAAAAAAAAAAADhv/gQAAP//KYoGsQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000180)='./bus\x00', 0x0)
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0)
ftruncate(r4, 0x2007ffb)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000005c0)='./cgroup\x00', 0x200001f, &(0x7f00000011c0)={[{@barrier_val={'barrier', 0x3d, 0x7221}}, {@errors_remount}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@noinit_itable}]}, 0xfe, 0x4e5, &(0x7f0000000980)="$eJzs3UFrHG0dAPD/THZ9mzavm6qHWrAttpIU7SZpbBs8VAXRU0Gt9xqTbQjZZEuyaZtQNMUPIIio4EVPXgQ/gCD9CCIU9C4qimirBw/Vkd2djWm6m6R0s8ub/f3gycwzOzv/559lnp1nZtgJYGhdiojJiMiyLLsaEaV8eZqX2GmVxnovXzxZaJQksuzu35NI8mXtbb2XT8/kbzsVEV//SsS3kjfjbmxtr8xXq5X1vD5VX01eZdn2teXV+aXKUmVtdnbm5tytuRtz0z3Jczwibn/pzz/83s+/fPvXn3n0h3t/nfx2K8GWvXn0Uiv1YvN/0VaIiPXjCDYghWaGLTcG3BYAAA7WON7/SER8MiKuRilGmkdzAAAAwEmSfX4sXiWt638AAADAyZRGxFgkaTm/33cs0rRcbt3D+7E4nVZrG/VPZ6Xd8wXjUUzvL1cr0/m9A+NRTBr1mfwe23b9+r76bEScjYgflEab9fJCrbo40DMfAAAAMDzO7Bv//6vUGv8DAAAAJ8z4oBsAAAAAHDvjfwAAADj5jP8BAADgRPvqnTuNkrWff734cGtzpfbw2mJlY6W8urlQXqitPygv1WpLzd/sWz1se9Va7cFnY23z8VS9slGf2tjavrda21yr31t+7RHYAAAAQB+dvfjs90lE7HxuNI2ILNnzWjEiG9m7cqH/7QOOT/o2K//p+NoB9N/IoBsADIxDehhexUE3ABi4w/qBrjfv/Kb3bQEAAI7HxMd3r/83CzA88uv/STLohgB95/o/DC/X/2F4FQ86AjAogBMvPcKu/u7X/7PsrRoFAAD03FizJGk5HweMRZqWyxHvNx8LUEzuL1cr0xHx4Yj4Xan4XqM+03xn4vQAAAAAAAAAAAAAAAAAAAAAAAAAABxRliWRdTG6uw4AAADwQRaR/iXJn/81Uboytv/8wIeSf5ea04h49JO7P3o8X6+vzzSW/2N3ef3H+fLr/T57AQAAAHTSHqe3x/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EsvXzxZaJd+xv3bFyNivFP8QpxqTk9FMSJO/zOJwp73JREx0oP4O08j4lyn+EmjWTGet2J//DQiRgcc/0wP4sMwe9bof77Qaf9L41Jz2nn/K+TlXXXv/9Ld/m+kS//3fqcNpm8uOv/8l1Nd4z+NOF/o3P+04ydd4l8+Yo7f/Mb2drfXsp9FTHT8/kleizWVFB5MbWxtX1tenV+qLFXWZmdnbs7dmrsxNz11f7layf92jPH9T/zqvwflf7pL/PFD8r9yxPz/8/zxi4+2Zov7XirGT7Ns8nLnz/9cl/jt775P5R93oz7Rnt9pze914Re/vXDxgPwXu+R/2Oc/ecT8r37tu3884qoAQB9sbG2vzFerlXUzZo5tZjT6GHQ+DlqnfRDbh/Z8Jw/1rtvJSoPYTwfYKQEAAMfi/wf9g24JAAAAAAAAAAAAAAAAAAAADK/DfgYsevBzYvtj7gwmVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA/0vAAD//+XXyps=")
syz_mount_image$fuse(&(0x7f0000003080), &(0x7f00000030c0)='./file2\x00', 0x60, &(0x7f0000003100)=ANY=[], 0x0, 0x0, 0x0)
listxattr(&(0x7f0000000100)='./file2\x00', 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000200), 0x1, 0x200000)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = signalfd(r4, &(0x7f00000000c0)={[0x32fa]}, 0x8)
close(r5)
setxattr$trusted_overlay_origin(&(0x7f0000000480)='./bus\x00', &(0x7f0000000540), &(0x7f0000000580), 0x2, 0x1)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000001c40))
write$midi(r4, &(0x7f0000000180)="1651e3c3ab8e87ca0152d32d1af3068361c67a455a754dd9b7980d802a1119734157899320e890022184c3937c8054c1fbb7701513ec92da9b06906d772697b1a743b0f98693d35f6fe3a44618cb5fb740b1883253bea54e4712717910817d8d35db53e9bc797bea5343a7902a34", 0x6e)
mount(0x0, &(0x7f0000000240)='./cgroup\x00', &(0x7f00000004c0)='afs\x00', 0x800000, &(0x7f0000000500)='=V,\x92TvH<\x00\x00@Q7')

3m58.619801891s ago: executing program 3 (id=657):
r0 = socket(0x2, 0x3, 0x100000001)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x4}, 0x8)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0xffffffb6, 0xffffffff})
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x9, @local, 0x1}, 0x1c, 0x0}}], 0x1, 0x4004000)
setsockopt(r0, 0xff, 0x1, &(0x7f0000000100)='O', 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000700)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x65, 0x0, 0x0, 0x1, 0x0, @private=0xa0100ff, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x3f18, {0x5, 0x4, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x6c, 0x0, @local, @private=0xa010100}}}}}}, 0x0)
r2 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x59, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1000, 0x6, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x3}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000200)={<r5=>0x0, 0xea, "767a11dd496ae3f197faee7baca41efc7cb76aaca77bd37c20ceb432b4f9cccae9793efb50b1ef172318d6b2025fff603a4fcbb636fbef5bff87c2f116494e6f7d74cd38027c004962c6290f651b6da778e76f61236e055615880ab908d563f3c72301a6361fd0cb34e8682ddbb79f886f16cdbcf989e887e6bb5b6f91d33b4ae4de630d624c0f98d458c67d8e794773b799a873519f26e0bac644aea28a3448a4858f1ba0b9803f00881307909e90d5c24f740561f980a7c29bbe2e8c98c087c2f2d32d0fd1db02738138df8c2f0aa676aff0cc7bf35468acef231a661ccbb1cbcc4e75f4ef4a1b9735"}, &(0x7f00000000c0)=0xf2)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000380)={r5, @in6={{0xa, 0x4e20, 0x1, @mcast1, 0x4}}, 0x8, 0x1, 0x9, 0x3, 0x6d, 0x1, 0x59}, &(0x7f0000000140)=0x9c)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4})
syz_usb_control_io$hid(r2, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0xf, {[@main=@item_012={0x1, 0x0, 0x9, 'j'}, @global=@item_4={0x3, 0x1, 0x7, "dc96fbfd"}, @global=@item_012={0x0, 0x1, 0x2}, @main=@item_012={0x1, 0x0, 0x2, 'k'}, @global=@item_4={0x3, 0x1, 0x4, "c6c0aa6d"}]}}, 0x0}, 0x0)

3m58.205361023s ago: executing program 37 (id=657):
r0 = socket(0x2, 0x3, 0x100000001)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x4}, 0x8)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0xffffffb6, 0xffffffff})
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x9, @local, 0x1}, 0x1c, 0x0}}], 0x1, 0x4004000)
setsockopt(r0, 0xff, 0x1, &(0x7f0000000100)='O', 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000700)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x65, 0x0, 0x0, 0x1, 0x0, @private=0xa0100ff, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x3f18, {0x5, 0x4, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x6c, 0x0, @local, @private=0xa010100}}}}}}, 0x0)
r2 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x59, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1000, 0x6, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x3}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000200)={<r5=>0x0, 0xea, "767a11dd496ae3f197faee7baca41efc7cb76aaca77bd37c20ceb432b4f9cccae9793efb50b1ef172318d6b2025fff603a4fcbb636fbef5bff87c2f116494e6f7d74cd38027c004962c6290f651b6da778e76f61236e055615880ab908d563f3c72301a6361fd0cb34e8682ddbb79f886f16cdbcf989e887e6bb5b6f91d33b4ae4de630d624c0f98d458c67d8e794773b799a873519f26e0bac644aea28a3448a4858f1ba0b9803f00881307909e90d5c24f740561f980a7c29bbe2e8c98c087c2f2d32d0fd1db02738138df8c2f0aa676aff0cc7bf35468acef231a661ccbb1cbcc4e75f4ef4a1b9735"}, &(0x7f00000000c0)=0xf2)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000380)={r5, @in6={{0xa, 0x4e20, 0x1, @mcast1, 0x4}}, 0x8, 0x1, 0x9, 0x3, 0x6d, 0x1, 0x59}, &(0x7f0000000140)=0x9c)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4})
syz_usb_control_io$hid(r2, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0xf, {[@main=@item_012={0x1, 0x0, 0x9, 'j'}, @global=@item_4={0x3, 0x1, 0x7, "dc96fbfd"}, @global=@item_012={0x0, 0x1, 0x2}, @main=@item_012={0x1, 0x0, 0x2, 'k'}, @global=@item_4={0x3, 0x1, 0x4, "c6c0aa6d"}]}}, 0x0}, 0x0)

2m28.489641937s ago: executing program 8 (id=918):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x180)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000000c0)={"0e00", 0x0, 0x6, 0x2, 0x0, 0x1, "f700", '\x00', "0300", "fcffffff", ["5089986400005cacf10000b6", "9adf23eed9aca6cb7fe00100", '\x00\x00\x00T\x00', "f11100f68357ed0ba6727452"]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
close(r1)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)='syz_tun\x00', 0x10)
sendto$inet(r3, 0x0, 0x0, 0x24000840, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x1, 0x28, 0x2, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2, 0x0, 0x0, 0xffff}}}}}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000c85000)={0x8000200d}) (async)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000c85000)={0x8000200d})
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x258, 0x4c, 0x232, 0x258, 0x0, 0x388, 0x2e8, 0x2e8, 0x388, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [], [], 'veth1_to_bond\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x3}, 0x0, 0x230, 0x258, 0x0, {}, [@common=@unspec=@cluster={{0x30}}, @common=@inet=@policy={{0x158}, {[{@ipv4=@dev, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@ipv4, [], @ipv4=@broadcast}, {@ipv4=@multicast2, [], @ipv4=@dev}, {@ipv6=@loopback, [], @ipv6=@private2}], 0x1}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @private1, [], [], 'team_slave_0\x00', 'xfrm0\x00'}, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) (async)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x258, 0x4c, 0x232, 0x258, 0x0, 0x388, 0x2e8, 0x2e8, 0x388, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [], [], 'veth1_to_bond\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x3}, 0x0, 0x230, 0x258, 0x0, {}, [@common=@unspec=@cluster={{0x30}}, @common=@inet=@policy={{0x158}, {[{@ipv4=@dev, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@ipv4, [], @ipv4=@broadcast}, {@ipv4=@multicast2, [], @ipv4=@dev}, {@ipv6=@loopback, [], @ipv6=@private2}], 0x1}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @private1, [], [], 'team_slave_0\x00', 'xfrm0\x00'}, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0) (async)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
utime(&(0x7f0000000100)='./file0\x00', 0x0)

2m27.260077623s ago: executing program 8 (id=921):
r0 = openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write$proc_mixer(r0, &(0x7f0000000600)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES8=r1], 0xb0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="48010000100001000000000000000000e00000020000000000000000000000000a010101000000000000000000000000000000004e2100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffdfff0000000000000000000000000000000033000000fe800000000000000000000001000000000000000000000000000000000000000000000000ff80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000004000000010000000000000000000a000000000000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048460000000000000000000000000008001d00000000000800220003"], 0x148}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x9c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x8c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_NAT_SRC={0x4}]}, 0x8c}}, 0x0)

2m26.182171878s ago: executing program 8 (id=923):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)="5bff", 0x2}], 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x88b81, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000})
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file1\x00', 0x2000c12, &(0x7f0000000180)={[{@check_relaxed}, {@hide}, {@unhide}, {@cruft}, {@check_strict}, {@iocharset={'iocharset', 0x3d, 'cp932'}}, {@showassoc}, {@hide}, {@unhide}, {}, {@iocharset={'iocharset', 0x3d, 'cp949'}}, {@session={'session', 0x3d, 0x5a}}]}, 0x4, 0xa09, &(0x7f0000003280)="$eJzs3ctvXGdfB/Dv8SVx3SpJ21BK1DaTlKRuaxzbaROiLkpiTxIXX5DtSI1YNKVxUBRDoQGprZCaIsSKCiQQC9hVrGBTqRu6Qd3BDlYskFD/hepd5V351TkzTsb2jMdOHDtNP59oLuec33me37k+mfGZ84SflpWDa4ZWVqrHAw5f+dddyJjH2IXJH77+5qvy8eWd7Etv3i7+PRlIUkv6kryY9E9Mzs/NdCnoVnItyfdJkWR/Gq9bci3F3+aZ+8Pfp/jnst6O9m21ZLpZ4Wdtr/c/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4HBUTk6OjY8W+TM1eeb/WkNQ2mJicnyuysrJxyuo8Dd9VvX4X33WtNynKRwYGVrv6fvHw/ckvJKkdz0uNoZeqDskzkM+ffuHQO8/39azO3ymbh7J/68Xe/uzzWx8uLy990jlk5YvGMuxMbo+ZS/XZqYW5qZnzl+q1qYW52rkzZ0ZPXb64ULs4NV1fuLqwWJ+pTczXzy/OzdeGJl6vjZ07d7pWH7k6d2X20uTIdH115NnfGh8dPVN7b+T36ufnF+ZmT703sjBxeWp6emr2UhVTTi5jzpY74u9OLdYW6+dnarUbN5eXTq/LqXf9yi6DxrotSRk03i1ofHR8fGxsfHzsy2bv2fdGnHn73NtnR0f7RtfJhohHtNPyeHmq82be4TM4PLieRvufTGcqs7mS91Nr+28ik5nPXGY6TG9abf9PnKpvWm9r+99s5ftaJh8pn47nlebgQIf2v0Muu/fvdj7L57mVD7Oc5Szlkz3PaHf/XUo9s5nKQuYylZmcr8bUmmNqOZczOZPRfJDLOZqF1HIxU5lOPQu5moUspl7tUROZTz3ns5i5zKeWoUzk9dQylnM5l9OppZ6RXM1crmQ2lzKZ81UpN3KzWu+nN8nxXtDYVoLGNwla35iX+/r22v/6k/o/QbZs50/i8IBWmu3/vu6hQxO7kRAAAACw437jv3Lg8HP/+f9JkZer7+UvTk3X393rtAAAAIAdVF2u91L50l++ezlF+fl/dK/TAgAAAHZQUf3GrkgymKONd6u/hPIlAAAAADwhqr//v5Li6P0RPv8DAADAE6b7Pfa7RhTDq7f/rV1vvF5vRjSGisGLU9P1kYm56XfGcrK6y0D1S4MNpfUmRX/184M3cqwRdWyw8Tp4v8SyzoEyamzknbG8kePNBRl6tXx5dahN5Hgj8rVG5Gutkb1ZE3m6jASAJ93xTdrjrbb/b2S4ETF8pGry+460aYNHtawA8Li418fOL5tdmrVp/5sRr3Rq/9/a5PN/GfFcbhxtXFIwko/ycZZzPcNpXnFwtF2pq70RNC5DGO7ybcBg85KF/znbk+EN3wcM3FvW1tiljGe47TcCLeUWqzmcbsT1PpptAAC77fim7fDW2v/hLp//B11SCACPlZX9SdWD/b2u7Lu/+WI7wUuf3N7rZQQA1tJKAwAAAAAAAAAAAAAAAAAAAAAAAAAAwM7b0g38//tksry8lGzrtv8P+WZgOxlu/qYnu5Tznr/pTbJXtb+77Y4klspt/BCV/ttTDzX7E/WmPFR2vEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACedEXS2258T7I/yWiSU7uf1aNzZ68T2Cm1B5utuJu7+TQHdjodAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICfu+b9/3vSeH26MSp9PcmJJNeS/P5e57iT7u51Anvmj6rnlvv/9yT9WSnS19jsKfonJufnZsrNX+wvp//w9TdflY/uZW/sVaEsoKxhTecSzRpaxvSvnevZaq7ByaXbt/7s4z+pTV6odswLixenJ2cuzf/O/cAXim8bXSC0doOwmu9fnPiPv2sZva9Z+bflkra3vt6LVb2TG+v99XZzd6h3C24uL42XNS3W31/88z+++WnLpOdyLHl1KBlaW9Mflo8ONR1bvz7XKn4s/ro4kH/MtWr7l2ujWCnKTXSwWv6nbtxcXhr56OPl682c/vKtL9bkdChHk1xPBrae09HqfNJWtdf19Je1jlZB5dPhLuVtqqXEsQ7r9dlqlxnc1jLUOi9Dpct6b2Z0um1Gf/+nz+fktrf0yS41tlX8WPxfcTn/m79q6f+jp9z+J9L26GxTRBXZsqe0TltzePU0IqslH2+d8MH6MjselTwCf5M/yG/f2/49Lef/5rbanfNRS43tj4tk+8fFvxzc0KLcV7VIh9e1SM2zT6d5mnkebkR1yPPX8mbSd2RbZ5Q3u5xRHtXx/0/FUH6RO/r/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHn9F0ttufE9yIsmhJAfL4Vqysj7mzgPU1zNYPEiaO+ZBcv7pKTouaHG3Wv8HdjkhAAAAAAAAAB6RC5M/fP3NV+Wj+ntwb36zpzmllvQlOVT8Q//E5PzcTJeC+pNrq3/SH9heDtfKp2fuD39fDr3YZaa9vXwAAH7SfhUAAP//BDJpug==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)

2m25.159628758s ago: executing program 8 (id=928):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
pipe(&(0x7f0000000300))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x80800)
r2 = socket(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x8820, &(0x7f0000000240)=ANY=[], 0x1, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0x29e9c934, 0x3, 0x0, 0x1}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="200000001600010a0000000000000000020000000c0000800800", @ANYRES16=r2], 0x20}, 0x1, 0x0, 0x0, 0x200c0801}, 0x4004014)

2m24.694619664s ago: executing program 8 (id=931):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/profiling', 0x2, 0x184)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x20) (async)
mkdir(&(0x7f0000000040)='./file1\x00', 0x20)
mkdir(&(0x7f0000000000)='./bus\x00', 0x1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x102) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x102)
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000f5352930ae3e70b1a83a5de90b0326dbdbc627499dae910cfdb2f285beadd27ff80c28a62b4e4a3e69483a0a7b0e6b5848d02c1453b4c5e6b8c4e979a8feb8825a00b76de5c01aa20f02410b9d02ca7f056d7982f915c3c4b9e99702cf02e724aca2cfa1112e92c78af1b9dc49f6ffa39592549ce68995c41fffa18cbcc13e18c9ce808c3ad2c41b068ac6add029056d7dc29616bb3f76d1cba7189f97894bb22f65ea5830014e6c0200bea3582bdbbbea635742fd9c09e58599650fec998a0d3b0523bda242", @ANYRES8=r1, @ANYRES8, @ANYRES32=0x0, @ANYRESHEX=r1, @ANYBLOB="000000df0000000000000000200000000000000c0000000000000000f722760a581cacaaf9680d6de6a64f4e157c1aa4b566bb79e6ced4013e7129b79fdac821d713d7aaaf00cd257547d66939de78ca1556695e6fecb97bc0e8661d12c76bafa1ad61c73dab7a0d072acf8c68e65ee60937857afa39cf0cad3e2f80007436132c185727b7b766197f394f8f15d4e096ae9e616b9a338fe0da82629e97d3a7f0441f4b565265bdcf880b0fec5893bd20646c2ff38c51ed241c7cc35b"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000009b00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e86c0d85ff9782762f0800", 0x0, 0x1300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) (async)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x5, 0x343102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$dir(0xffffffffffffff9c, 0x0, 0x202042, 0x0) (async)
openat$dir(0xffffffffffffff9c, 0x0, 0x202042, 0x0)
fanotify_init(0x200, 0x0)
sendto$netrom(r0, &(0x7f0000000240)="ddae7d558a76990bcdcd", 0xa, 0x80, &(0x7f00000003c0)={{0x3, @null, 0x5}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340), &(0x7f0000000000)) (async)
r7 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000000)=<r9=>0x0)
llistxattr(0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
fcntl$getown(r5, 0x9) (async)
fcntl$getown(r5, 0x9)
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

2m24.139829238s ago: executing program 8 (id=933):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x442, 0x1ff)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
chown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)

2m23.759027938s ago: executing program 38 (id=933):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x442, 0x1ff)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
chown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)

37.384175209s ago: executing program 6 (id=1282):
syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000500)=ANY=[], 0x9, 0x201, &(0x7f0000000f40)="$eJzsVUtrU0EU/s7NJLfRLAru3BpsN9rmFsS1G7vXH2BIr7WY+OhENKFgdNONgvgnCv4JXQi6dyEiuNGFgi4qrioSOTNnJpMH9ra+NvPB5XznPY87M1f0TZ0C+LG71cI8DAg1vCWCArBA1rZXsfKryKHgo7J6Q+xPRH4QqXv9Vw8s7V9tttv5pu79mqQgYJ+YcTJtOvf04bHi+RPk5f1xC6FIFqnD9Po90i3ZlZ12PRqzpLNiJBeTlRsX/vEsDk+qU4N35FsNCC2f/mD3Mq9mGTNjiA70r88gXMAQwLu+16a3aZK8eWw7z4wpSXoV48uyL+FT/L93mQnfRYYkB0rXkP3Q5+8l+EJAGa93t1psvSS3GLvX7OeOhMli5XkQc1wBA4BKGJqiXEdJ7AKApW7nxpLu9U9tdJrr+Xp+LctWziy/OCpHdHgX2Gjny2SGYdMTJgoefE6rgZ//tHcj/wABKBgaeF4jsy/pLufFE0FIFUiC3KCGFHjm+6diu6U7uIiTmANwe8DuTBaoDq6mcJmntgpCSZSGCgeEPSSYM47TrevttW0QyKXtQPkajfcoeyUThRvlK2f99LdF1kWuitwZ9TNwb5d7k5Sp8Fm0xQFQwZ1mt7tpHi/L2FbxFYwtm/edE+nqXkPXrJ6iII4UDYyIiIiIiIiI+Ev4GQAA//8sQT03")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x48)
timer_create(0x2, 0x0, &(0x7f0000000040))
timer_settime(0x0, 0x5, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x10012, r0, 0x1000)
utimensat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x100)

36.835866561s ago: executing program 6 (id=1285):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000003100)={0x0, 0x0, &(0x7f00000030c0)={&(0x7f0000000040)={0x38, r0, 0x1, 0x70bd23, 0x25dfdbfa, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x3}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_TYPE={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c054}, 0x20000000)

34.55898384s ago: executing program 6 (id=1287):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_POISON(r0, 0xc020aa08, 0x0)

34.215649757s ago: executing program 6 (id=1289):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f088a8", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

32.082372775s ago: executing program 6 (id=1290):
io_setup(0x5ff, 0x0)
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="bcea"])
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000001c0)={0x51, 0xffff, 0x560c, {0x803, 0x5d5}, {0xfffa, 0x2}, @period={0x59, 0x2, 0x4, 0x6d, 0x9ee, {0x2, 0xb, 0xfffb, 0xa}, 0x0, 0x0}})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r2, 0xffffffffffffffff, 0x0)

21.55201546s ago: executing program 6 (id=1305):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004}, 0x0)
r0 = open(0x0, 0x80140, 0x2)
fcntl$setlease(r0, 0x400, 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_type(r2, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000280), 0x9)
r4 = openat$cgroup_procs(r2, 0x0, 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000c40), 0x12)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = epoll_create1(0x0)
r7 = epoll_create1(0x0)
close(r6)
syz_open_dev$usbfs(&(0x7f0000000000), 0x75, 0x82000)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000c85000)={0x8000200d})
r8 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12)
ioctl$VHOST_VDPA_SET_GROUP_ASID(r8, 0x4008af7c, &(0x7f00000000c0)={0x1, 0xfffff3e5})

12.018355117s ago: executing program 7 (id=1325):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x5, 0x7ffc0001}]})
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0)
signalfd(r0, &(0x7f0000000040), 0x8)

11.796352655s ago: executing program 7 (id=1326):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008ff0122f700090581033a63e817f4d73e00000000"], 0x0)
fchdir(0xffffffffffffffff)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

11.684613594s ago: executing program 9 (id=1328):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x1fe, 0x3, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d01, 0x0, 0x1}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1}, 0x6e)
connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1}, 0x6e)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, &(0x7f0000000100)={0x0, 0xea60}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

11.336000851s ago: executing program 9 (id=1330):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file1\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x35d, &(0x7f0000000f00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPNiDurJvyeatLzFpfr/2+4GSycw8u7OZSXk27WYv3/3yo0rJ0kp6Q6JJJRERkSuRrEQlEPEfo245IWGH8srMnz+/uL5ZTHoVaiW/8WpOKTU3/8PHn6X8bmfTcpF9//KP3O8Xz148f/nvxodlS5UtVa01lK62a7829G3TULtlq6IptWoaumWoctUy6l77d/52zNreXlPp1d3Z9F7dsCylV5uqYjRVo6Ya9abSP9DLVaVpmppNC25SPF5b0/NDBu+MeDAYk3o9r0+JSKqnpXg8kQEBAICJ6s7/o05KP0z+vyVzhcLymnI6t/P/k5fOGzPvnM75+f9Zol/+/9ov3rY68n/ndKKd/9e884PSzfn/13KH/L83I3pchs7/s2MYDIYzn+ipinQ8c/L/tP/+dR29d7LoFsj/AQAAAAAAAAAAAAAAAAAAAAB4GlzZdsa27UzwGPy0LyHwn+NBGjT/0yKSdGbfZv4fsvXNLUm6F+45c2x+sV/cL3qPfodzETHF+Mfu5qyN4Moj5cjKj+aBH3+wX5xyW/IlKTvxsiQZybrrKRRv2ytvFZaXlMePb12mlA7H5yQjz4Tjv3dXpxOf64z395+QlxdC8Zpk5KcdqYkpu25ke/+fLyn15tuFrviU209Efrv3SQEAAAAAYMQ01dL3/F3TBrV73zKSL7kfExmyKBn5u//5/WLf8/NY5oXYpI8eAAAAAIDHwWp+WtElatTdgmn2K6RkYNMICrGOmriI9O2c6KqJX7flqdAR3nY8CfHuYPJ/j+ub4FW9S1TwjxTOwFtN/h1VZLjxBMfv1kRiw09T5FDcBXAYborKLcJj3YOfdypU384LA7dz5B9Iqyb42Cgx4HWW1d7tRK9ZCfGeGjsy3AJ47qtv/xrdG+T1U38FfHJz5yPTsA/kNpPSVXB20dsUH/svHgAAAAD3rp30BzVvhJvDNxIJ3yyHv9wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBCY/lKv67CpI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFL8FwAA//8GuPOT")
creat(0x0, 0x182)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x169142, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
munmap(&(0x7f00000f7000/0x1000)=nil, 0x1000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_generic(0x10, 0x3, 0x10)
gettid()
bpf$PROG_LOAD(0x5, &(0x7f0000002380)={0x1f, 0xc, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x7d}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fcntl$setlease(r0, 0x400, 0x1)
fchown(r0, 0x0, 0xffffffffffffffff)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x54643, 0x0)
ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0x3)

10.276721984s ago: executing program 9 (id=1332):
syz_mount_image$hfsplus(&(0x7f0000000180), &(0x7f0000000500)='./file2\x00', 0x80408a, &(0x7f0000000540)=ANY=[], 0x11, 0x6c1, &(0x7f000000abc0)="$eJzs3c9vHGcZB/DvrNc/NpVct03TgCrVNFJBRCRxrBTCJQEhFKQKVUGCs9U4jRUnDY6L0h6IC0hInDjwB7SHcIETCCEhIUUqZ7hVcLI4VULqpae0Qgza2dn12t21N3FiO/D5WLPzvPPOvvPMs/NjdyVrA/zfunA8zbtp5cLxV2612+t35pfX78xf68SN5SSTSRpJszNLcT0p3k/OpzPlc+2F9XDFsO38aunsxQ8+Xv+w02pmY7z2Q2t4gs1R9mKtnjKbZKye78Km8V57sPEmN8KiV5l2wY51Cwf7bTxJuckPj2z0DFKO9TWGnu/A46Po3Df7dM7/meRQkqnuDW2t09nY+wx3NMK16Be9aO3R5gIAAAAHwpP3bie3Mr3feQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjpP79/6KeGt14NkX39/8n+n5jf2Kf0x1u+8ymusHdxl4kAwAAAAAAAACP1gv38puLZTndbZdFGt8fqxuHq8cn8mZuZjErOZFbWchqVrOSuSQzfQNN3FpYXV2Zy4udZ35aluWQZ54e+MzTIybc2v0+AwAAAAAAAMD/kHP1/Ce5kOl9zgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYpkrHOrJoOd+OZNJpJppJMtNdbS/7WjR9nd/c7AQAAAHhY/vHvsjKg68l7uZdbme62y6L6zH+k+tw/lTdzPatZymqWs5hL1XcBnU/9jfU788vrd+avtafPjvteayP+/fSOGVYjpvPdw+AtH63WaOVylqolJ/Ja3shyLqVRPbPtaDefwXm981F77HMdZZnJUWp3qZ639/yX9fxgmKkqMt6ryKl2bkWnjk9tX4lvfLSrLc2l0fvm5/B91Pzctlsp/tM9Qg91lyRPfGfnmo/f187sytZKnO47+o5sX4nki3/47Q+uLF+/eqVYO35wDqNBXhi8ePKfG9eQmfqMTfVl4GLm+yrx3MiVuHzzgFdiqOamViPP9uIL+Xa+l+OZzatZyVJ+lIWsZjGz+VYVLdTHc/txZvtKnd/UenWnnCbq12VsS05feLIz3y6nF6vnTmcp380buZTFvFz9nc5cvpozOZOzfa/wsyOc9Y0BZ/0fhyd/7Et10L5z/LyeHwztuj7VV9f+a+5M1de/pJGyvrM8/dCujT3Nz9dB+5X4ad85uP96lZhK7y7Rze6ZbgXGB1biveqycnP5+tWVKws3toxbrA3e3kvZvPsH50LSPl6e7l0jNh8d7b5nBvbNVX2He32NrX2/bvX6djpTJ+r3cJ8d6XTV99zAvvmq72hfX/v91lSSxXxalmXn/VbXM3tcVQBGdujLhyZa/2r9tfVu62etK61Xpr45+bXJ5ycy/pfxrzdPjb3UeL74Xd7Nj7PzJ3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBHN996++rC8vLiypagLMvbQ7oeSZBmsmnJn//Ut071W2NJRh+wvfb5RlItaaYO7i+x2w+2O+88aBH+Xr8me1LwhxJMDT1+tgaflGV5MHIeJShre771RvZ937vBvl6WgD1wcvXajZM333r7K0vXFl5ffH3x+tkzZ86eOnvm5fmTl5eWp/Y7PeARqu711fuc/c4EAAAAAAAAAAAAGNVo/5xT9JY0k9z3//YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7MKF42neTZG5UydOtdvrd+aX21M33ljzkySNJMVsUryfnE9nykzfcMWw7awlFz/4eP3DTqtZT9X6jd3vxVo9ZTbJWD0fYGrQwvL2sPGKapwbw8cbUdGrTLtgx7qFg/323wAAAP//yAscyg==")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
setxattr$security_ima(&(0x7f0000000100)='.\x00', &(0x7f0000000680), &(0x7f0000000080)=ANY=[], 0x700, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

9.515965114s ago: executing program 1 (id=1333):
syz_mount_image$ext4(&(0x7f00000002c0)='ext2\x00', &(0x7f0000000300)='./file2\x00', 0x86835d, &(0x7f0000000340)={[{@nojournal_checksum}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}, {@nouid32}, {@usrjquota}, {@nodelalloc}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x3}}], [{@context={'context', 0x3d, 'system_u'}}, {@subj_user={'subj_user', 0x3d, '\'^'}}, {@dont_measure}]}, 0x6, 0x47a, &(0x7f00000009c0)="$eJzs28tvFVUYAPBvpi/k1Yr4AFGrxNj4aGlBZeEGo4kLjBpd4LK2hRAKNbQmQohUY3BjYkh0bVya+Be4c2PUlYlb3bkgGKJsQFc1M3cGbi93Sgu3t4X7+yUD58yc6TlfZ87MmTnTADrWYPZPErE5In6PiP5adnGBwdp/Vy+fmfj38pmJJBYW3v47yctduXxmoixa7repyAylEemnSVHJYrOnTh8bn56eOlnkR+aOvz8ye+r0c0ePjx+ZOjJ1Ymz//n17R198Yez5lsSZxXVl50czu3a89u751ycOnX/v5++y9m4uttfH0SqDWeD/LOQatz3Z6srW2Ja6dNJdUejAn21qDcvVFRHZ4erJ+39/dMX1g9cfr36ypo0DVlV2b+qr3jy/ANzFklj5Pn2r0RCgzcobffb8Wy5tGnqsC5cO1B6AsrivFkttS3ekRZmehufbVhqMiEPz/32dLbFK7yEAAOp9PvHVwXi22fgvjQfqyp3fUJtDGYiIeyNiW0TcFxHbI+L+iLzsgxHxUGVNbzVd2zg1dOP4J714y8EtQzb+e6mY21o8/itHfzHQVeS25PH3JIePTk/tiYitETEUPX1ZfnSJOn545bcvqrbVj/+yJau/HAsW7bjY3fCCbnJ8bjwflLbApY8jdnY3iz+5NhOQRMSOiNi5sh+9tUwcffrbXVWFbh7/EqrmmVZg4ZuIp2rHfz4a4i8lS89PjmyI6ak9I+VZcWMLf/n13JtV9d9W/C2QHf+Ni8//xiIDSf187ezK6zj3x2eVzzS3ev73Ju/k16PeYt2H43NzJ0cjepODeX7R+rHr+5b5snwW/9Du5v1/W7FPFv/DEZGdxI9ExKMR8VjR9scj4omI2L1E/D+9XL1tPRz/yabXv2vnf8PxX3mi69iP31fVv7zjvy9PDRVr8utfldP51wex3Abe9i8QAAAA7gBp/g18kg5fS6fp8HDtG/7tsTGdnpmde+bwzAcnJmvfyg9ET1q+6eqvex86msxnP+5CFPmx4l1xxHye31u8N/6y6548PzwxMz251sFDh9tU0f8zF7rWunXAqms2jzbWu8QOC03+og24IzX2/3Rx9uwb7WwM0FYt+I4GuEPdpP+n7WoH0H7u/9C5mvX/sw15cwFwd3L/h86l/0PnKvu/F33Qedz/oSPdzt/1S9ylib7lFI50PTS1RYkY/Kt7HTSjzYmpiKgss9ZXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4PwAA//9tb/Nj")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6(0xa, 0x2, 0x3a)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x102, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getdents(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000040)=0x2, 0x4)

9.471666167s ago: executing program 9 (id=1334):
r0 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x18, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0xa}, 0x20)

7.713291975s ago: executing program 1 (id=1335):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000240)=0x203)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r2, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

7.632035001s ago: executing program 7 (id=1336):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f00000000c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000300), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000080)='THAWED\x00', 0x7)

7.559371037s ago: executing program 7 (id=1337):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xec, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1000, 0x6, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x3}}}}}]}}]}}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x7, {[@main=@item_012={0x0, 0x0, 0x8}, @global=@item_4={0x3, 0x1, 0x0, "9e39baea"}, @global=@item_012={0x0, 0x1, 0x3}]}}, 0x0}, 0x0)

7.512591671s ago: executing program 9 (id=1338):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0xb, 0x0, 0x1000, &(0x7f0000ff7000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_SREGS(r2, 0x8138ae83, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7.116050472s ago: executing program 9 (id=1339):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)=@generic={&(0x7f0000000080)='./file0\x00'}, 0x18)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$packet(0x11, 0x2, 0x300)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})

5.587778862s ago: executing program 39 (id=1305):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004}, 0x0)
r0 = open(0x0, 0x80140, 0x2)
fcntl$setlease(r0, 0x400, 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_type(r2, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000280), 0x9)
r4 = openat$cgroup_procs(r2, 0x0, 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000c40), 0x12)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = epoll_create1(0x0)
r7 = epoll_create1(0x0)
close(r6)
syz_open_dev$usbfs(&(0x7f0000000000), 0x75, 0x82000)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000c85000)={0x8000200d})
r8 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12)
ioctl$VHOST_VDPA_SET_GROUP_ASID(r8, 0x4008af7c, &(0x7f00000000c0)={0x1, 0xfffff3e5})

3.648644073s ago: executing program 7 (id=1341):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@i_version}, {@nogrpid}, {@bh}]}, 0x1, 0x51d, &(0x7f0000000200)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==")
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x1a1043, 0xc5)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f00000003c0)={0xd8, 0x0, 0x200})
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x2, 0xfffffffffdffffff})

3.409223003s ago: executing program 1 (id=1342):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
r0 = syz_usb_connect(0x3, 0x36, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="bcea"])
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x86080)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000240)={{{@in=@loopback, @in=@local}}, {{}, 0x0, @in6=@empty}}, &(0x7f0000000000)=0xe8)

2.983989075s ago: executing program 7 (id=1343):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x34, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x5b}]}, 0x34}, 0x1, 0x0, 0x0, 0x11}, 0x40)

2.80049677s ago: executing program 1 (id=1344):
r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
preadv(r0, 0x0, 0x0, 0x5, 0x200)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
syz_open_procfs(0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00')
fchdir(r4)
exit(0xffff)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)

1.751781102s ago: executing program 1 (id=1345):
r0 = getpgrp(0x0)
prlimit64(r0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
rt_tgsigqueueinfo(r0, r1, 0xd, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
userfaultfd(0x1)
prlimit64(0x0, 0xe, 0x0, 0x0)
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe2(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r6, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x800)
fcntl$setstatus(r7, 0x4, 0x2200)
splice(r5, 0x0, r8, 0x0, 0x10003, 0x0)

0s ago: executing program 1 (id=1346):
landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x5, 0x3, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000008000000f4ffffff080000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x0, 0x0}, 0x10)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)

kernel console output (not intermixed with test programs):

10261] FAT-fs (loop7): Directory bread(block 70) failed
[  403.395179][T10261] FAT-fs (loop7): Directory bread(block 71) failed
[  403.408371][T10261] FAT-fs (loop7): Directory bread(block 72) failed
[  403.420783][T10261] FAT-fs (loop7): Directory bread(block 73) failed
[  403.601124][T10266] loop2: detected capacity change from 0 to 7
[  403.610907][T10266] Dev loop2: unable to read RDB block 7
[  403.617215][T10266]  loop2: AHDI p1 p2 p3
[  403.621778][T10266] loop2: partition table partially beyond EOD, truncated
[  403.628941][T10266] loop2: p1 start 1601398130 is beyond EOD, truncated
[  403.635816][T10266] loop2: p2 start 1702059890 is beyond EOD, truncated
[  404.202169][T10268] loop9: detected capacity change from 0 to 64
[  404.739817][T10274] loop6: detected capacity change from 0 to 32768
[  405.177791][T10278] netlink: 12 bytes leftover after parsing attributes in process `syz.1.954'.
[  405.254093][T10274] add_index: next_index = 0.  Resetting!
[  405.260322][T10274] find_entry called with index >= next_index
[  405.266969][T10274] find_entry called with index >= next_index
[  405.273059][T10274] find_entry called with index >= next_index
[  405.279075][T10274] find_entry called with index >= next_index
[  405.409602][T10280] loop1: detected capacity change from 0 to 1024
[  405.421648][T10070] Bluetooth: hci2: command tx timeout
[  405.449769][ T5812] usb 10-1: USB disconnect, device number 23
[  405.499547][T10280] hfsplus: request for non-existent node 33554434 in B*Tree
[  405.519389][T10280] hfsplus: request for non-existent node 33554434 in B*Tree
[  405.548397][T10280] hfsplus: request for non-existent node 33554434 in B*Tree
[  405.579205][T10280] hfsplus: request for non-existent node 33554434 in B*Tree
[  405.620330][T10290] tipc: Started in network mode
[  405.627798][T10290] tipc: Node identity 022154bdb17a, cluster identity 4711
[  405.635453][T10290] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  405.644165][T10290] syzkaller0: entered promiscuous mode
[  405.650173][T10290] syzkaller0: entered allmulticast mode
[  405.683957][ T1131] hfsplus: request for non-existent node 33554434 in B*Tree
[  405.696165][ T1131] hfsplus: request for non-existent node 33554434 in B*Tree
[  405.712945][T10290] tipc: Resetting bearer <eth:syzkaller0>
[  405.753336][T10289] tipc: Resetting bearer <eth:syzkaller0>
[  405.819972][T10289] tipc: Disabling bearer <eth:syzkaller0>
[  405.855785][T10297] loop6: detected capacity change from 0 to 128
[  405.872696][T10298] loop1: detected capacity change from 0 to 1024
[  405.880253][T10298] EXT4-fs: Ignoring removed nomblk_io_submit option
[  405.891705][T10298] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  405.913380][T10298] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  405.922642][T10298] System zones: 0-1, 3-36
[  405.938199][T10298] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  406.035568][T10197] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  406.144597][T10309] netlink: 12 bytes leftover after parsing attributes in process `syz.9.966'.
[  406.191205][T10311] netlink: 12 bytes leftover after parsing attributes in process `syz.1.964'.
[  406.367304][T10318] loop1: detected capacity change from 0 to 8192
[  406.376895][T10318] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  406.390654][T10318] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  406.400034][T10318] REISERFS (device loop1): using ordered data mode
[  406.407020][T10318] reiserfs: using flush barriers
[  406.415474][T10318] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  406.434992][T10318] REISERFS (device loop1): checking transaction log (loop1)
[  406.444218][T10318] REISERFS (device loop1): Using r5 hash to sort names
[  406.451673][T10318] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  406.501534][ T5758] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  406.639210][T10321] netlink: 12 bytes leftover after parsing attributes in process `syz.1.970'.
[  406.691743][ T5758] usb 10-1: Using ep0 maxpacket: 32
[  406.699483][ T5758] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  406.708057][ T5758] usb 10-1: config 0 has no interface number 0
[  406.731674][ T5758] usb 10-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=2c.d8
[  406.751127][ T5758] usb 10-1: New USB device strings: Mfr=193, Product=2, SerialNumber=3
[  406.756207][T10323] loop1: detected capacity change from 0 to 1024
[  406.759731][ T5758] usb 10-1: Product: syz
[  406.770273][ T5758] usb 10-1: Manufacturer: syz
[  406.775313][ T5758] usb 10-1: SerialNumber: syz
[  406.788521][ T5758] usb 10-1: config 0 descriptor??
[  406.797102][ T5758] usb 10-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  406.807679][ T5758] usb 10-1: selecting invalid altsetting 1
[  406.813932][ T5758] usb 10-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  406.840955][ T5758] usb 10-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  406.852612][ T5758] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  406.865944][T10323] hfsplus: request for non-existent node 33554434 in B*Tree
[  406.873583][T10323] hfsplus: request for non-existent node 33554434 in B*Tree
[  406.881006][ T5758] usb 10-1: media controller created
[  406.890218][T10323] hfsplus: request for non-existent node 33554434 in B*Tree
[  406.914442][T10323] hfsplus: request for non-existent node 33554434 in B*Tree
[  406.920896][ T5758] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  406.984512][   T49] hfsplus: request for non-existent node 33554434 in B*Tree
[  406.993404][   T49] hfsplus: request for non-existent node 33554434 in B*Tree
[  407.006069][T10313] netlink: 12 bytes leftover after parsing attributes in process `syz.9.968'.
[  407.086735][ T5758] usb 10-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  407.102641][ T5758] zl10353_read_register: readreg error (reg=127, ret==-32)
[  407.485774][T10326] loop6: detected capacity change from 0 to 32768
[  407.576720][T10070] Bluetooth: hci2: command tx timeout
[  407.879263][T10341] netlink: 'syz.1.977': attribute type 11 has an invalid length.
[  408.168798][T10313] usb 10-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  408.193549][ T5758] usb 10-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  408.761498][ T5758] usb 10-1: USB disconnect, device number 24
[  409.450283][T10344] loop1: detected capacity change from 0 to 8192
[  409.560521][T10344] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  409.591786][T10344] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  409.605266][T10344] REISERFS (device loop1): using ordered data mode
[  409.612068][T10344] reiserfs: using flush barriers
[  409.652836][T10344] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  409.842910][T10344] REISERFS (device loop1): checking transaction log (loop1)
[  409.950942][T10354] loop9: detected capacity change from 0 to 1024
[  409.984416][T10344] REISERFS (device loop1): Using r5 hash to sort names
[  410.045364][T10344] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  410.075016][T10354] hfsplus: request for non-existent node 33554434 in B*Tree
[  410.084446][T10354] hfsplus: request for non-existent node 33554434 in B*Tree
[  410.150646][T10354] hfsplus: request for non-existent node 33554434 in B*Tree
[  410.202429][T10354] hfsplus: request for non-existent node 33554434 in B*Tree
[  410.324372][  T131] hfsplus: request for non-existent node 33554434 in B*Tree
[  410.341475][  T131] hfsplus: request for non-existent node 33554434 in B*Tree
[  410.596824][T10371] lo speed is unknown, defaulting to 1000
[  410.902319][ T1193] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  411.171489][ T1193] usb 2-1: Using ep0 maxpacket: 32
[  411.259957][ T1193] usb 2-1: config 0 has no interfaces?
[  411.294090][ T1193] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=96.8f
[  411.304217][ T1193] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.312490][ T1193] usb 2-1: Product: syz
[  411.317339][ T1193] usb 2-1: Manufacturer: syz
[  411.322278][ T1193] usb 2-1: SerialNumber: syz
[  411.432696][ T1193] usb 2-1: config 0 descriptor??
[  411.525878][T10380] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  411.540819][T10380] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  411.729667][T10374] loop6: detected capacity change from 0 to 32768
[  411.825935][ T5812] usb 2-1: USB disconnect, device number 2
[  412.046962][ T5758] usb 8-1: new high-speed USB device number 35 using dummy_hcd
[  412.659252][T10386] netlink: 12 bytes leftover after parsing attributes in process `syz.6.990'.
[  412.684914][ T5758] usb 8-1: Using ep0 maxpacket: 32
[  412.720749][ T5758] usb 8-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  412.749379][ T5758] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.783489][ T5758] usb 8-1: config 0 descriptor??
[  412.902930][T10389] loop6: detected capacity change from 0 to 8192
[  412.916822][T10389] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  412.936496][T10389] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  412.965728][T10389] REISERFS (device loop6): using ordered data mode
[  412.986684][T10389] reiserfs: using flush barriers
[  412.995022][T10389] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  413.019201][T10389] REISERFS (device loop6): checking transaction log (loop6)
[  413.036386][T10389] REISERFS (device loop6): Using r5 hash to sort names
[  413.044056][T10389] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  413.065814][ T5758] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  413.086078][ T5758] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  413.112019][ T5758] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  413.120272][ T5758] usb 8-1: media controller created
[  413.127677][T10392] loop1: detected capacity change from 0 to 1024
[  413.181235][ T5758] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  413.182120][T10392] hfsplus: request for non-existent node 33554434 in B*Tree
[  413.202172][T10392] hfsplus: request for non-existent node 33554434 in B*Tree
[  413.210826][T10392] hfsplus: request for non-existent node 33554434 in B*Tree
[  413.218426][T10392] hfsplus: request for non-existent node 33554434 in B*Tree
[  413.258050][   T34] hfsplus: request for non-existent node 33554434 in B*Tree
[  413.268118][   T34] hfsplus: request for non-existent node 33554434 in B*Tree
[  413.288490][ T5758] az6027: usb out operation failed. (-71)
[  413.309204][ T5758] az6027: usb out operation failed. (-71)
[  413.324409][ T5758] stb0899_attach: Driver disabled by Kconfig
[  413.330521][ T5758] az6027: no front-end attached
[  413.330521][ T5758] 
[  413.361966][ T5758] az6027: usb out operation failed. (-71)
[  413.367765][ T5758] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  413.407172][ T5758] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input15
[  413.447958][ T5758] dvb-usb: schedule remote query interval to 400 msecs.
[  413.459737][ T5758] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  413.518376][ T5758] usb 8-1: USB disconnect, device number 35
[  413.529739][T10403] netlink: 12 bytes leftover after parsing attributes in process `syz.6.996'.
[  413.703556][ T5758] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  414.003264][T10400] loop1: detected capacity change from 0 to 32768
[  414.024161][T10400] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.995 (10400)
[  414.056149][T10400] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  414.076759][T10400] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  414.113542][T10400] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  414.131829][T10400] BTRFS info (device loop1): use zstd compression, level 3
[  414.139099][T10400] BTRFS info (device loop1): using free space tree
[  414.234260][T10419] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1000'.
[  414.263867][T10400] BTRFS info (device loop1): enabling ssd optimizations
[  414.286365][T10400] BTRFS info (device loop1): auto enabling async discard
[  414.354015][T10409] loop9: detected capacity change from 0 to 32768
[  414.417890][T10407] loop6: detected capacity change from 0 to 32768
[  414.450694][T10407] BTRFS warning: duplicate device /dev/loop6 devid 1 generation 8 scanned by syz.6.998 (10407)
[  414.586387][T10197] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  414.590065][T10429] loop7: detected capacity change from 0 to 8192
[  414.613640][T10429] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  414.653691][T10429] REISERFS (device loop7): found reiserfs format "3.5" with non-standard journal
[  414.663458][T10429] REISERFS (device loop7): using ordered data mode
[  414.670014][T10429] reiserfs: using flush barriers
[  414.685319][T10429] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  414.709423][T10429] REISERFS (device loop7): checking transaction log (loop7)
[  414.718415][T10429] REISERFS (device loop7): Using r5 hash to sort names
[  414.757208][T10429] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage.
[  415.721154][T10441] loop1: detected capacity change from 0 to 1024
[  415.807879][T10441] hfsplus: request for non-existent node 33554434 in B*Tree
[  415.838271][T10441] hfsplus: request for non-existent node 33554434 in B*Tree
[  415.922438][T10441] hfsplus: request for non-existent node 33554434 in B*Tree
[  416.027625][T10441] hfsplus: request for non-existent node 33554434 in B*Tree
[  416.585375][ T1131] hfsplus: request for non-existent node 33554434 in B*Tree
[  416.595539][ T1131] hfsplus: request for non-existent node 33554434 in B*Tree
[  416.681532][ T5819] usb 8-1: new high-speed USB device number 36 using dummy_hcd
[  416.690571][T10448] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1007'.
[  416.799996][T10450] loop1: detected capacity change from 0 to 512
[  416.831860][T10450] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.846103][T10450] ext4 filesystem being mounted at /22/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  416.887971][ T5819] usb 8-1: Using ep0 maxpacket: 16
[  416.903454][ T5819] usb 8-1: config 0 has an invalid interface number: 96 but max is 0
[  416.922926][ T5819] usb 8-1: config 0 has no interface number 0
[  416.929198][ T5819] usb 8-1: config 0 interface 96 altsetting 7 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  416.959872][T10450] EXT4-fs error (device loop1): ext4_xattr_block_get:600: inode #15: comm syz.1.1008: corrupted xattr block 33: invalid ea_ino
[  416.975155][ T5819] usb 8-1: config 0 interface 96 has no altsetting 0
[  416.994426][ T5819] usb 8-1: New USB device found, idVendor=0ccd, idProduct=004f, bcdDevice=5b.af
[  417.010689][ T5819] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.024804][T10450] EXT4-fs (loop1): Remounting filesystem read-only
[  417.031719][ T5819] usb 8-1: Product: syz
[  417.035918][ T5819] usb 8-1: Manufacturer: syz
[  417.040552][ T5819] usb 8-1: SerialNumber: syz
[  417.046405][   T28] kauditd_printk_skb: 25 callbacks suppressed
[  417.046418][   T28] audit: type=1800 audit(1765682953.081:269): pid=10450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1008" name="file1" dev="loop1" ino=15 res=0 errno=0
[  417.080400][ T5819] usb 8-1: config 0 descriptor??
[  417.098952][T10197] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.127216][ T1118] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  417.142902][ T5819] em28xx 8-1:0.96: New device syz syz @ 480 Mbps (0ccd:004f, interface 96, class 96)
[  417.160357][ T1118] Quota error (device loop1): write_blk: dquota write failed
[  417.168022][ T5819] em28xx 8-1:0.96: Video interface 96 found:
[  417.175633][ T1118] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[  417.192287][ T1118] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  417.209029][ T1118] Quota error (device loop1): write_blk: dquota write failed
[  417.216564][ T1118] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list
[  417.229298][ T1118] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  417.240038][ T1118] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  417.248584][T10458] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1010'.
[  417.402653][T10460] loop1: detected capacity change from 0 to 1024
[  417.410256][T10460] EXT4-fs: Ignoring removed nomblk_io_submit option
[  417.419111][T10460] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  417.435165][ T5819] em28xx 8-1:0.96: unknown em28xx chip ID (0)
[  417.435316][T10460] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  417.449799][T10460] System zones: 0-1, 3-36
[  417.457882][T10460] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  417.539486][T10197] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.542354][ T5819] em28xx 8-1:0.96: reading from i2c device at 0xa0 failed (error=-5)
[  417.572677][ T5819] em28xx 8-1:0.96: board has no eeprom
[  417.623855][T10468] lo speed is unknown, defaulting to 1000
[  417.631677][ T5758] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[  417.641690][ T5819] em28xx 8-1:0.96: Identified as Terratec Cinergy A Hybrid XS (card=34)
[  417.650162][ T5819] em28xx 8-1:0.96: 
[  417.650162][ T5819] 
[  417.650162][ T5819] The support for this board weren't valid yet.
[  417.650162][ T5819] Please send a report of having this working
[  417.650162][ T5819] not to V4L mailing list (and/or to other addresses)
[  417.650162][ T5819] 
[  417.679727][ T5819] em28xx 8-1:0.96: analog set to bulk mode.
[  417.699263][ T5812] em28xx 8-1:0.96: Registering V4L2 extension
[  417.725156][ T5819] usb 8-1: USB disconnect, device number 36
[  417.738869][ T5819] em28xx 8-1:0.96: Disconnecting em28xx
[  417.797384][ T5812] em28xx 8-1:0.96: Config register raw data: 0xffffffed
[  417.805201][ T5812] em28xx 8-1:0.96: AC97 chip type couldn't be determined
[  417.814355][ T5812] em28xx 8-1:0.96: No AC97 audio processor
[  417.821910][ T5758] usb 7-1: Using ep0 maxpacket: 16
[  417.832932][ T5812] usb 8-1: Decoder not found
[  417.835750][ T5758] usb 7-1: config 0 has no interfaces?
[  417.837553][ T5812] em28xx 8-1:0.96: failed to create media graph
[  417.849459][ T5758] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  417.849505][ T5812] em28xx 8-1:0.96: V4L2 device video103 deregistered
[  417.858831][ T5758] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.888490][ T5812] em28xx 8-1:0.96: Remote control support is not available for this card.
[  417.891398][ T5758] usb 7-1: config 0 descriptor??
[  417.911779][ T5819] em28xx 8-1:0.96: Closing input extension
[  417.941806][   T27] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  417.955499][ T5819] em28xx 8-1:0.96: Freeing device
[  418.126853][ T5758] usb 7-1: USB disconnect, device number 42
[  418.141447][   T27] usb 2-1: Using ep0 maxpacket: 32
[  418.172718][   T27] usb 2-1: config 0 has no interfaces?
[  418.183649][   T27] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=96.8f
[  418.193079][   T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.201109][   T27] usb 2-1: Product: syz
[  418.206537][   T27] usb 2-1: Manufacturer: syz
[  418.211279][   T27] usb 2-1: SerialNumber: syz
[  418.218358][   T27] usb 2-1: config 0 descriptor??
[  418.230646][T10474] loop7: detected capacity change from 0 to 32768
[  418.579392][ T5758] usb 2-1: USB disconnect, device number 3
[  419.029421][T10480] loop9: detected capacity change from 0 to 1024
[  419.087294][T10480] hfsplus: request for non-existent node 33554434 in B*Tree
[  419.117471][T10480] hfsplus: request for non-existent node 33554434 in B*Tree
[  419.143498][T10480] hfsplus: request for non-existent node 33554434 in B*Tree
[  419.169233][T10480] hfsplus: request for non-existent node 33554434 in B*Tree
[  419.244600][ T1131] hfsplus: request for non-existent node 33554434 in B*Tree
[  419.252159][ T1131] hfsplus: request for non-existent node 33554434 in B*Tree
[  419.390863][T10485] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1017'.
[  420.271597][T10497] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  420.280376][T10497] syzkaller0: entered promiscuous mode
[  420.288793][T10497] syzkaller0: entered allmulticast mode
[  420.344420][T10497] tipc: Resetting bearer <eth:syzkaller0>
[  420.378618][T10499] loop9: detected capacity change from 0 to 512
[  420.390879][T10499] EXT4-fs: Ignoring removed bh option
[  420.400333][T10499] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem
[  420.417991][T10499] EXT4-fs (loop9): 1 truncate cleaned up
[  420.430785][T10499] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  420.458696][T10500] netlink: 'syz.9.1021': attribute type 1 has an invalid length.
[  420.489718][T10500] 8021q: adding VLAN 0 to HW filter on device bond1
[  420.511783][ T1193] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  420.564266][T10499] bond1: (slave gretap1): making interface the new active one
[  420.579725][T10499] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  420.581522][ T5819] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  420.706399][ T9020] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  420.715886][ T1193] usb 2-1: Using ep0 maxpacket: 16
[  420.730143][ T1193] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  420.754255][ T1193] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  420.778471][ T1193] usb 2-1: config 0 has no interface number 0
[  420.793060][ T1193] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  420.802315][ T5819] usb 7-1: Using ep0 maxpacket: 16
[  420.804164][ T5819] usb 7-1: config 0 has no interfaces?
[  420.821726][ T1193] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.828542][ T5819] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  420.835545][ T1193] usb 2-1: Product: syz
[  420.851398][ T5819] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.853612][ T1193] usb 2-1: Manufacturer: syz
[  420.872026][ T1193] usb 2-1: SerialNumber: syz
[  420.879540][ T1193] usb 2-1: config 0 descriptor??
[  420.880182][ T5819] usb 7-1: config 0 descriptor??
[  420.915312][ T1193] usb 2-1: Found UVC 0.00 device syz (046d:08d3)
[  421.031813][T10510] loop7: detected capacity change from 0 to 32768
[  421.044760][ T1193] usb 2-1: No valid video chain found.
[  421.277445][ T5771] usb 7-1: USB disconnect, device number 43
[  421.303229][T10493] fuse: Bad value for 'rootmode'
[  421.471835][ T5812] tipc: Node number set to 3049299692
[  421.488347][ T1193] usb 2-1: USB disconnect, device number 4
[  422.246568][T10517] block device autoloading is deprecated and will be removed.
[  422.382946][T10523] lo speed is unknown, defaulting to 1000
[  422.440523][T10528] loop6: detected capacity change from 0 to 1024
[  422.691596][ T5812] usb 8-1: new high-speed USB device number 37 using dummy_hcd
[  422.755195][T10538] loop2: detected capacity change from 0 to 7
[  423.083346][T10538] Dev loop2: unable to read RDB block 7
[  423.089196][T10538]  loop2: AHDI p1 p2 p3
[  423.093558][T10538] loop2: partition table partially beyond EOD, truncated
[  423.101232][T10538] loop2: p1 start 1601398130 is beyond EOD, truncated
[  423.108423][T10538] loop2: p2 start 1702059890 is beyond EOD, truncated
[  423.140465][   T49] hfsplus: b-tree write err: -5, ino 4
[  423.893160][ T5812] usb 8-1: Using ep0 maxpacket: 32
[  423.909404][ T5812] usb 8-1: config 0 has no interfaces?
[  423.991516][ T5812] usb 8-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=96.8f
[  424.011937][ T5812] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.020003][ T5812] usb 8-1: Product: syz
[  424.061802][ T5812] usb 8-1: Manufacturer: syz
[  424.081301][ T5812] usb 8-1: SerialNumber: syz
[  424.172925][ T5812] usb 8-1: config 0 descriptor??
[  424.516504][ T1193] usb 8-1: USB disconnect, device number 37
[  424.552476][ T5771] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[  424.643482][T10552] loop9: detected capacity change from 0 to 32768
[  424.751445][ T5771] usb 7-1: Using ep0 maxpacket: 32
[  424.760908][ T5771] usb 7-1: too many configurations: 17, using maximum allowed: 8
[  424.787413][ T5771] usb 7-1: config 0 has an invalid interface number: 2 but max is 0
[  424.801482][ T5771] usb 7-1: config 0 has no interface number 0
[  424.809466][ T5771] usb 7-1: config 0 has an invalid interface number: 2 but max is 0
[  424.817975][ T5771] usb 7-1: config 0 has no interface number 0
[  424.827332][ T5771] usb 7-1: config 0 has an invalid interface number: 2 but max is 0
[  424.835729][ T5771] usb 7-1: config 0 has no interface number 0
[  424.844470][ T5771] usb 7-1: config 0 has an invalid interface number: 2 but max is 0
[  424.853110][ T5771] usb 7-1: config 0 has no interface number 0
[  424.864369][ T5771] usb 7-1: config 0 has an invalid interface number: 2 but max is 0
[  424.874863][ T5771] usb 7-1: config 0 has no interface number 0
[  424.882747][ T5771] usb 7-1: config 0 has an invalid interface number: 2 but max is 0
[  424.900933][ T5771] usb 7-1: config 0 has no interface number 0
[  424.910245][ T5771] usb 7-1: config 0 has an invalid interface number: 2 but max is 0
[  424.923319][ T5771] usb 7-1: config 0 has no interface number 0
[  424.931221][ T5771] usb 7-1: config 0 has an invalid interface number: 2 but max is 0
[  424.942975][ T5771] usb 7-1: config 0 has no interface number 0
[  424.956773][ T5771] usb 7-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  424.970220][ T5771] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.982991][ T5771] usb 7-1: Product: syz
[  424.987221][ T5771] usb 7-1: Manufacturer: syz
[  424.997719][ T5771] usb 7-1: SerialNumber: syz
[  425.023021][ T5771] usb 7-1: config 0 descriptor??
[  425.030407][ T5771] etas_es58x 7-1:0.2: Starting syz syz (Serial Number syz)
[  425.392177][T10560] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1038'.
[  425.540634][T10562] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1039'.
[  425.654562][ T5812] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  425.691674][ T5771] etas_es58x 7-1:0.2: could not parse product info: 'à …'
[  425.724224][T10567] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  425.756998][T10567] syzkaller0: entered promiscuous mode
[  425.772304][T10567] syzkaller0: entered allmulticast mode
[  425.848359][T10567] tipc: Resetting bearer <eth:syzkaller0>
[  425.867904][T10566] tipc: Resetting bearer <eth:syzkaller0>
[  425.930822][T10566] tipc: Disabling bearer <eth:syzkaller0>
[  425.948419][T10553] overlayfs: missing 'workdir'
[  425.994049][T10553] loop6: detected capacity change from 0 to 1024
[  426.001283][T10553] EXT4-fs: Ignoring removed nomblk_io_submit option
[  426.008862][T10553] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  426.021429][ T5812] usb 2-1: Using ep0 maxpacket: 16
[  426.031107][ T5812] usb 2-1: config 0 has no interfaces?
[  426.036847][ T5812] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  426.052617][ T5812] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.060741][T10553] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  426.091045][T10553] System zones: 0-1, 3-36
[  426.116095][T10573] loop2: detected capacity change from 0 to 7
[  426.125156][T10573] Dev loop2: unable to read RDB block 7
[  426.130761][T10573]  loop2: AHDI p1 p2 p3
[  426.137132][T10573] loop2: partition table partially beyond EOD, truncated
[  426.144427][T10573] loop2: p1 start 1601398130 is beyond EOD, truncated
[  426.151221][T10573] loop2: p2 start 1702059890 is beyond EOD, truncated
[  426.348176][ T5812] usb 2-1: config 0 descriptor??
[  426.740402][T10553] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.781243][ T5812] usb 2-1: USB disconnect, device number 5
[  426.916835][T10581] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1045'.
[  427.302493][ T5771] usb 8-1: new high-speed USB device number 38 using dummy_hcd
[  427.603337][ T5771] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  427.711113][ T5771] usb 8-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  427.781523][ T5771] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.815822][ T5771] usb 8-1: config 0 descriptor??
[  427.962466][T10589] netlink: 300 bytes leftover after parsing attributes in process `syz.9.1048'.
[  427.992732][ T8003] usb 7-1: USB disconnect, device number 44
[  428.011088][ T8003] etas_es58x 7-1:0.2: Disconnecting syz syz
[  428.046055][T10553] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  428.261979][ T5771] lenovo 0003:17EF:6047.0009: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.7-1/input0
[  428.455895][T10583] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1046'.
[  428.638636][ T5883] usb 8-1: USB disconnect, device number 38
[  428.724473][T10592] loop9: detected capacity change from 0 to 32768
[  428.900147][T10595] loop6: detected capacity change from 0 to 32768
[  428.930818][T10595] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  428.958555][T10595] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  428.989601][T10600] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1051'.
[  429.114254][T10595] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  429.162375][ T5758] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  429.200077][ T5758] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  429.852975][ T5758] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 652ms
[  429.895108][ T5758] gfs2: fsid=syz:syz.0: jid=0: Done
[  429.909295][T10595] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  430.272454][T10618] loop2: detected capacity change from 0 to 7
[  430.294683][T10618] Dev loop2: unable to read RDB block 7
[  430.300331][T10618]  loop2: AHDI p1 p2 p3
[  430.304644][T10618] loop2: partition table partially beyond EOD, truncated
[  430.311892][T10618] loop2: p1 start 1601398130 is beyond EOD, truncated
[  430.318700][T10618] loop2: p2 start 1702059890 is beyond EOD, truncated
[  431.131601][ T5758] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[  431.321931][ T5758] usb 10-1: Using ep0 maxpacket: 16
[  431.343763][ T5758] usb 10-1: config 0 has no interfaces?
[  431.360387][ T5758] usb 10-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  431.480996][ T5758] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.493793][ T5758] usb 10-1: config 0 descriptor??
[  431.530510][T10627] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1058'.
[  431.653603][T10630] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1060'.
[  431.716059][T10543] usb 10-1: USB disconnect, device number 25
[  431.931131][T10641] loop6: detected capacity change from 0 to 1024
[  431.941059][T10641] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  431.961405][T10641] EXT4-fs error (device loop6): ext4_ext_check_inode:520: inode #2: comm syz.6.1059: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  431.979750][T10641] EXT4-fs (loop6): Remounting filesystem read-only
[  431.986633][T10641] EXT4-fs (loop6): get root inode failed
[  431.992486][T10641] EXT4-fs (loop6): mount failed
[  432.093215][T10637] loop6: detected capacity change from 0 to 2048
[  432.104444][T10637] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  432.115313][T10637] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  432.142746][T10637] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  432.214426][T10640] loop7: detected capacity change from 0 to 32768
[  432.308922][T10646] loop9: detected capacity change from 0 to 512
[  433.328664][T10653] loop2: detected capacity change from 0 to 7
[  433.352438][T10653] Dev loop2: unable to read RDB block 7
[  433.358900][T10653]  loop2: AHDI p1 p2 p3
[  433.363168][T10653] loop2: partition table partially beyond EOD, truncated
[  433.370352][T10653] loop2: p1 start 1601398130 is beyond EOD, truncated
[  433.377216][T10653] loop2: p2 start 1702059890 is beyond EOD, truncated
[  433.397156][ T5812] usb 10-1: new full-speed USB device number 26 using dummy_hcd
[  433.760059][T10644] loop6: detected capacity change from 0 to 32768
[  433.803187][ T5812] usb 10-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  433.838401][ T5812] usb 10-1: config 0 interface 0 has no altsetting 0
[  433.875040][ T5812] usb 10-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  433.904915][ T5812] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.963207][ T5812] usb 10-1: config 0 descriptor??
[  433.989106][T10646] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  434.392860][T10655] loop7: detected capacity change from 0 to 32768
[  434.424178][T10655] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  434.434411][ T5812] samsung 0003:0419:0600.000A: hidraw0: USB HID v0.04 Device [HID 0419:0600] on usb-dummy_hcd.9-1/input0
[  434.479303][T10655] XFS (loop7): Ending clean mount
[  434.599270][ T7895] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  434.672211][ T5812] usb 10-1: USB disconnect, device number 26
[  434.832420][T10662] loop1: detected capacity change from 0 to 32768
[  434.862015][T10662] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.1070 (10662)
[  434.905890][T10662] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  434.926781][T10662] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  434.951666][T10662] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  434.969758][T10662] BTRFS info (device loop1): use zstd compression, level 3
[  434.997640][T10662] BTRFS info (device loop1): using free space tree
[  435.094516][T10662] BTRFS info (device loop1): enabling ssd optimizations
[  435.106603][T10693] netlink: 300 bytes leftover after parsing attributes in process `syz.6.1069'.
[  435.108973][T10662] BTRFS info (device loop1): auto enabling async discard
[  435.701579][ T5812] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[  435.856949][T10197] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  435.871295][T10701] loop9: detected capacity change from 0 to 1024
[  435.880771][T10701] EXT4-fs: Ignoring removed nomblk_io_submit option
[  435.898811][ T5812] usb 7-1: Using ep0 maxpacket: 16
[  435.905689][T10701] EXT4-fs: Ignoring removed i_version option
[  435.913722][ T5812] usb 7-1: config 0 has no interfaces?
[  435.920990][ T5812] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  435.930341][T10701] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  435.955989][ T5812] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.978953][T10701] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  436.002379][ T5812] usb 7-1: config 0 descriptor??
[  436.006433][T10701] System zones: 0-1, 3-36
[  436.075324][T10701] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  436.077412][T10705] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1076'.
[  436.101819][T10705] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1076'.
[  436.274626][ T5812] usb 7-1: USB disconnect, device number 45
[  436.340926][ T9020] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  436.351959][T10705] loop7: detected capacity change from 0 to 4096
[  436.409789][T10705] ntfs3: loop7: Mark volume as dirty due to NTFS errors
[  436.445419][T10705] ntfs3: loop7: Failed to load $Extend (-22).
[  436.471463][T10705] ntfs3: loop7: Failed to initialize $Extend.
[  436.827151][T10716] 9pnet_fd: Insufficient options for proto=fd
[  437.431686][T10718] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1078'.
[  437.722237][T10730] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1082'.
[  438.501512][T10710] loop9: detected capacity change from 0 to 40427
[  438.540418][T10710] F2FS-fs (loop9): invalid crc value
[  438.561233][T10710] F2FS-fs (loop9): Ignore s_resuid=980643439, s_resgid=0 w/o reserve_root
[  438.592512][T10710] F2FS-fs (loop9): Found nat_bits in checkpoint
[  438.704297][T10710] F2FS-fs (loop9): Start checkpoint disabled!
[  438.716012][T10744] lo speed is unknown, defaulting to 1000
[  438.729561][T10710] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  438.789382][T10710] F2FS-fs (loop9): Ignore s_resuid=980643439, s_resgid=0 w/o reserve_root
[  438.825528][T10732] loop1: detected capacity change from 0 to 32768
[  438.833766][T10732] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.1081 (10732)
[  438.858895][T10732] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  438.870499][T10732] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  438.880577][T10732] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  438.891787][T10732] BTRFS info (device loop1): use zstd compression, level 3
[  438.899058][T10732] BTRFS info (device loop1): using free space tree
[  438.928871][T10732] BTRFS info (device loop1): enabling ssd optimizations
[  438.936321][T10732] BTRFS info (device loop1): auto enabling async discard
[  438.961731][ T5758] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  439.055316][T10197] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  439.114218][T10543] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[  439.148666][ T5758] usb 7-1: Using ep0 maxpacket: 32
[  439.184720][ T5758] usb 7-1: config 0 has no interfaces?
[  439.191980][  T788] usb 8-1: new high-speed USB device number 39 using dummy_hcd
[  439.242788][ T5758] usb 7-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=96.8f
[  439.252310][ T5758] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.260342][ T5758] usb 7-1: Product: syz
[  439.268183][ T5758] usb 7-1: Manufacturer: syz
[  439.289565][ T5758] usb 7-1: SerialNumber: syz
[  439.296922][ T5758] usb 7-1: config 0 descriptor??
[  439.311490][T10543] usb 10-1: Using ep0 maxpacket: 16
[  439.331306][T10543] usb 10-1: unable to get BOS descriptor or descriptor too short
[  439.355330][T10543] usb 10-1: config 9 has an invalid interface number: 142 but max is 0
[  439.364189][T10543] usb 10-1: config 9 has no interface number 0
[  439.376762][T10543] usb 10-1: New USB device found, idVendor=061d, idProduct=c1a0, bcdDevice=12.f4
[  439.386436][T10543] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.394639][T10543] usb 10-1: Product: syz
[  439.399044][T10543] usb 10-1: Manufacturer: syz
[  439.405948][  T788] usb 8-1: Using ep0 maxpacket: 16
[  439.418476][T10543] usb 10-1: SerialNumber: syz
[  439.425385][  T788] usb 8-1: config 0 has no interfaces?
[  439.430934][  T788] usb 8-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  439.453572][  T788] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.482650][  T788] usb 8-1: config 0 descriptor??
[  439.488475][T10767] loop1: detected capacity change from 0 to 4096
[  439.624258][  T788] usb 7-1: USB disconnect, device number 46
[  439.728113][ T5883] usb 8-1: USB disconnect, device number 39
[  439.763596][T10775] loop1: detected capacity change from 0 to 16
[  439.781220][T10775] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  439.804979][T10543] quatech2 10-1:9.142: Quatech 2nd gen USB to Serial Driver converter detected
[  439.823529][T10543] usb 10-1: qt2_attach - failed to power on unit: -71
[  439.830885][T10543] quatech2: probe of 10-1:9.142 failed with error -71
[  439.845092][T10543] usb 10-1: USB disconnect, device number 27
[  439.909335][T10779] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1091'.
[  440.161884][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  440.168376][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  440.313044][T10781] loop1: detected capacity change from 0 to 32768
[  440.327929][T10781] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.1092 (10781)
[  440.377633][T10781] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  440.582241][T10781] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  440.703900][T10781] BTRFS info (device loop1): using free space tree
[  441.018686][T10781] BTRFS info (device loop1): enabling ssd optimizations
[  441.035965][T10781] BTRFS info (device loop1): auto enabling async discard
[  441.162637][T10197] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  441.586204][T10783] loop6: detected capacity change from 0 to 32768
[  441.644192][T10783] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 scanned by syz.6.1093 (10783)
[  441.694484][T10806] loop9: detected capacity change from 0 to 256
[  441.726847][T10810] loop2: detected capacity change from 0 to 7
[  441.741793][T10810] Dev loop2: unable to read RDB block 7
[  441.747465][T10810]  loop2: AHDI p1 p2 p3
[  441.752036][T10810] loop2: partition table partially beyond EOD, truncated
[  441.760009][T10810] loop2: p1 start 1601398130 is beyond EOD, truncated
[  441.766863][T10810] loop2: p2 start 1702059890 is beyond EOD, truncated
[  441.781550][T10806] exfat: Deprecated parameter 'namecase'
[  441.901733][T10783] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  442.074438][T10783] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  442.301965][T10783] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  442.339823][T10783] BTRFS info (device loop6): use zstd compression, level 3
[  442.374132][T10806] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  442.400256][T10783] BTRFS info (device loop6): using free space tree
[  442.474664][T10812] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  442.557851][T10783] BTRFS info (device loop6): enabling ssd optimizations
[  442.579049][T10783] BTRFS info (device loop6): auto enabling async discard
[  442.765370][ T6497] BTRFS info (device loop6): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  442.918514][T10842] loop7: detected capacity change from 0 to 256
[  442.926382][T10842] exfat: Deprecated parameter 'namecase'
[  442.945352][T10842] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d)
[  442.981427][ T1193] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[  443.009106][T10543] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  443.151203][T10850] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1103'.
[  443.178223][ T1193] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  443.201485][ T1193] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  443.202526][T10543] usb 2-1: Using ep0 maxpacket: 16
[  443.227740][ T1193] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  443.229935][T10543] usb 2-1: config 0 has no interfaces?
[  443.245505][ T1193] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  443.251457][T10543] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  443.277138][ T1193] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  443.281661][T10543] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.314791][ T1193] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  443.319122][T10543] usb 2-1: config 0 descriptor??
[  443.336279][ T1193] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  443.350304][ T1193] usb 10-1: Product: syz
[  443.360711][ T1193] usb 10-1: Manufacturer: syz
[  443.379964][ T1193] cdc_wdm 10-1:1.0: skipping garbage
[  443.391685][ T1193] cdc_wdm 10-1:1.0: skipping garbage
[  443.422661][ T1193] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  443.428718][ T1193] cdc_wdm 10-1:1.0: Unknown control protocol
[  443.609341][T10838] loop9: detected capacity change from 0 to 256
[  443.654545][T10838] FAT-fs (loop9): Directory bread(block 64) failed
[  443.680632][T10838] FAT-fs (loop9): Directory bread(block 65) failed
[  443.711154][T10838] FAT-fs (loop9): Directory bread(block 66) failed
[  443.737744][ T1193] usb 2-1: USB disconnect, device number 6
[  443.748967][T10838] FAT-fs (loop9): Directory bread(block 67) failed
[  443.774929][T10838] FAT-fs (loop9): Directory bread(block 68) failed
[  443.781907][T10838] FAT-fs (loop9): Directory bread(block 69) failed
[  443.786753][T10847] loop7: detected capacity change from 0 to 40427
[  443.796283][T10838] FAT-fs (loop9): Directory bread(block 70) failed
[  443.798263][T10847] F2FS-fs (loop7): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  443.804069][T10838] FAT-fs (loop9): Directory bread(block 71) failed
[  443.819320][T10847] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[  443.829030][T10847] F2FS-fs (loop7): Unrecognized mount option "resgid=0x00000000000000000xffffffffffffffff0x0000000000000000ÿÿ" or missing value
[  443.855078][T10838] FAT-fs (loop9): Directory bread(block 72) failed
[  443.862005][T10838] FAT-fs (loop9): Directory bread(block 73) failed
[  443.873595][T10857] loop2: detected capacity change from 0 to 7
[  443.992181][T10857] Dev loop2: unable to read RDB block 7
[  443.997996][T10857]  loop2: AHDI p1 p2 p3
[  444.002449][T10857] loop2: partition table partially beyond EOD, truncated
[  444.010901][T10857] loop2: p1 start 1601398130 is beyond EOD, truncated
[  444.018025][T10857] loop2: p2 start 1702059890 is beyond EOD, truncated
[  445.399492][T10870] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  445.450662][T10870] cramfs: wrong magic
[  445.925564][T10543] usb 10-1: USB disconnect, device number 28
[  446.232876][T10880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  446.243607][T10880] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.253496][T10880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  446.277718][T10880] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.307035][T10880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  446.331660][T10880] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.351413][T10880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  446.376329][T10880] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.390465][T10868] loop7: detected capacity change from 0 to 40427
[  446.401543][T10880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  446.413616][T10884] loop6: detected capacity change from 0 to 1024
[  446.420929][T10884] EXT4-fs: inline encryption not supported
[  446.426424][T10880] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.450100][T10880] batadv_slave_0: entered promiscuous mode
[  446.452715][T10868] F2FS-fs (loop7): build fault injection attr: rate: 690, type: 0x7ffff
[  446.478474][T10880] batman_adv: batadv0: Adding interface: macsec1
[  446.481493][T10884] EXT4-fs: Ignoring removed bh option
[  446.487535][T10868] F2FS-fs (loop7): invalid crc value
[  446.493137][T10884] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  446.504540][T10880] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  446.533631][T10880] batman_adv: batadv0: Interface activated: macsec1
[  446.543383][T10868] F2FS-fs (loop7): Found nat_bits in checkpoint
[  446.553269][T10884] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  446.606806][T10868] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  446.666446][T10875] loop1: detected capacity change from 0 to 32768
[  446.681878][T10875] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.1112 (10875)
[  446.704255][T10875] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  446.723363][T10875] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  446.742834][T10875] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  446.758187][T10875] BTRFS info (device loop1): use zstd compression, level 3
[  446.765739][T10875] BTRFS info (device loop1): using free space tree
[  446.818845][T10875] BTRFS info (device loop1): enabling ssd optimizations
[  446.827341][T10875] BTRFS info (device loop1): auto enabling async discard
[  446.941502][ T5758] usb 8-1: new high-speed USB device number 40 using dummy_hcd
[  446.975638][T10197] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  447.017434][ T5883] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  447.159942][ T5758] usb 8-1: Using ep0 maxpacket: 16
[  447.189318][ T5758] usb 8-1: unable to read config index 0 descriptor/start: -61
[  447.200833][ T5758] usb 8-1: can't read configurations, error -61
[  447.241574][ T5883] usb 10-1: Using ep0 maxpacket: 16
[  447.298438][ T5883] usb 10-1: config 0 has no interfaces?
[  447.304483][ T5883] usb 10-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  447.321525][ T5883] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.342682][ T5883] usb 10-1: config 0 descriptor??
[  447.361504][ T5758] usb 8-1: new high-speed USB device number 41 using dummy_hcd
[  447.386521][ T6497] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  447.428722][T10912] loop1: detected capacity change from 0 to 512
[  447.437332][T10912] EXT4-fs: Ignoring removed nomblk_io_submit option
[  447.470746][T10915] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1118'.
[  447.498068][T10912] EXT4-fs error (device loop1): ext4_xattr_inode_iget:440: comm syz.1.1117: Parent and EA inode have the same ino 15
[  447.561608][ T5758] usb 8-1: Using ep0 maxpacket: 16
[  447.570170][ T5758] usb 8-1: unable to read config index 0 descriptor/start: -61
[  447.577147][ T5883] usb 10-1: USB disconnect, device number 29
[  447.595762][ T5758] usb 8-1: can't read configurations, error -61
[  447.639299][ T5758] usb usb8-port1: attempt power cycle
[  447.683625][T10912] EXT4-fs error (device loop1): ext4_xattr_inode_iget:440: comm syz.1.1117: Parent and EA inode have the same ino 15
[  447.706335][T10912] EXT4-fs (loop1): 1 orphan inode deleted
[  447.714673][T10912] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  447.722531][   T28] audit: type=1326 audit(1765682983.741:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10918 comm="syz.6.1120" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc5e618f749 code=0x0
[  447.735592][T10912] fuse: Bad value for 'fd'
[  447.838567][T10197] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.131462][ T5758] usb 8-1: new high-speed USB device number 42 using dummy_hcd
[  448.150227][ T7895] syz-executor: attempt to access beyond end of device
[  448.150227][ T7895] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  448.178564][ T7895] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  448.351663][ T5758] usb 8-1: device not accepting address 42, error -71
[  448.588830][T10932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1124'.
[  448.696861][T10934] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1125'.
[  448.891555][T10939] netlink: 300 bytes leftover after parsing attributes in process `syz.6.1127'.
[  448.967752][T10936] loop1: detected capacity change from 0 to 8192
[  449.035984][T10941] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1128'.
[  449.226054][T10949] FAULT_INJECTION: forcing a failure.
[  449.226054][T10949] name failslab, interval 1, probability 0, space 0, times 0
[  449.245583][T10949] CPU: 0 PID: 10949 Comm: syz.1.1131 Not tainted syzkaller #0
[  449.253191][T10949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  449.263278][T10949] Call Trace:
[  449.266581][T10949]  <TASK>
[  449.269532][T10949]  dump_stack_lvl+0x16c/0x230
[  449.274252][T10949]  ? show_regs_print_info+0x20/0x20
[  449.279502][T10949]  ? load_image+0x3b0/0x3b0
[  449.284038][T10949]  ? __might_sleep+0xe0/0xe0
[  449.288662][T10949]  ? __lock_acquire+0x7c80/0x7c80
[  449.293720][T10949]  should_fail_ex+0x39d/0x4d0
[  449.298434][T10949]  should_failslab+0x9/0x20
[  449.302976][T10949]  slab_pre_alloc_hook+0x59/0x310
[  449.308023][T10949]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  449.313761][T10949]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  449.319497][T10949]  __kmem_cache_alloc_node+0x53/0x260
[  449.324885][T10949]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  449.330620][T10949]  __kmalloc+0xa4/0x240
[  449.334793][T10949]  tomoyo_realpath_from_path+0xe3/0x5d0
[  449.340366][T10949]  tomoyo_path_number_perm+0x1ea/0x590
[  449.345848][T10949]  ? tomoyo_path_number_perm+0x1ba/0x590
[  449.351503][T10949]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  449.356975][T10949]  ? ksys_write+0x1c1/0x250
[  449.361529][T10949]  ? __fget_files+0x28/0x4d0
[  449.366157][T10949]  security_file_ioctl+0x70/0xa0
[  449.371125][T10949]  __se_sys_ioctl+0x48/0x170
[  449.375734][T10949]  do_syscall_64+0x55/0xb0
[  449.380162][T10949]  ? clear_bhb_loop+0x40/0x90
[  449.384854][T10949]  ? clear_bhb_loop+0x40/0x90
[  449.389539][T10949]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  449.395435][T10949] RIP: 0033:0x7f24d9b8f749
[  449.399871][T10949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.419486][T10949] RSP: 002b:00007f24daa47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  449.427923][T10949] RAX: ffffffffffffffda RBX: 00007f24d9de5fa0 RCX: 00007f24d9b8f749
[  449.435909][T10949] RDX: 0000200000000500 RSI: 00000000c008ae09 RDI: 0000000000000003
[  449.443903][T10949] RBP: 00007f24daa47090 R08: 0000000000000000 R09: 0000000000000000
[  449.451889][T10949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.459881][T10949] R13: 00007f24d9de6038 R14: 00007f24d9de5fa0 R15: 00007ffd0f041cf8
[  449.467900][T10949]  </TASK>
[  449.483765][T10949] ERROR: Out of memory at tomoyo_realpath_from_path.
[  449.528480][T10953] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  449.619171][T10950] loop9: detected capacity change from 0 to 1024
[  449.631858][T10950] EXT4-fs: Ignoring removed nomblk_io_submit option
[  449.645190][T10950] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  449.666589][T10950] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  449.675024][T10950] System zones: 0-1, 3-36
[  449.681627][T10950] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  449.921724][ T8003] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  450.071701][ T5758] usb 8-1: new high-speed USB device number 44 using dummy_hcd
[  450.132407][ T8003] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  450.151090][ T8003] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  450.161155][ T8003] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  450.206335][ T8003] usb 2-1: config 0 interface 0 has no altsetting 0
[  450.321677][ T5758] usb 8-1: Using ep0 maxpacket: 32
[  450.338570][ T5758] usb 8-1: config 0 has an invalid interface number: 225 but max is 0
[  450.366442][ T5758] usb 8-1: config 0 has no interface number 0
[  450.415290][ T8003] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  450.571355][ T5758] usb 8-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=7e.79
[  450.605590][ T8003] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  450.750679][ T5758] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.797169][ T8003] usb 2-1: config 0 interface 0 has no altsetting 0
[  450.834549][ T5758] usb 8-1: Product: syz
[  450.838793][ T5758] usb 8-1: Manufacturer: syz
[  450.876668][ T5758] usb 8-1: SerialNumber: syz
[  450.886898][ T8003] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  450.931785][ T8003] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  450.949832][ T5758] usb 8-1: config 0 descriptor??
[  451.000174][ T8003] usb 2-1: config 0 interface 0 has no altsetting 0
[  451.019681][ T8003] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  451.030052][ T8003] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  451.061428][ T8003] usb 2-1: config 0 interface 0 has no altsetting 0
[  451.080321][ T8003] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  451.110091][ T8003] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  451.139912][T10967] loop6: detected capacity change from 0 to 4096
[  451.141505][ T8003] usb 2-1: config 0 interface 0 has no altsetting 0
[  451.149880][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  451.176486][ T8003] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  451.197364][ T8003] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  451.221705][ T8003] usb 2-1: config 0 interface 0 has no altsetting 0
[  451.229893][ T8003] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  451.251658][ T8003] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  451.286915][ T8003] usb 2-1: config 0 interface 0 has no altsetting 0
[  451.313674][ T8003] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  451.319707][T10967] loop6: detected capacity change from 0 to 4096
[  451.341669][ T8003] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  451.341761][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  451.371756][ T8003] usb 2-1: config 0 interface 0 has no altsetting 0
[  451.395668][ T8003] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  451.396764][ T9020] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.420294][ T8003] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  451.433063][T10960] loop7: detected capacity change from 0 to 64
[  451.441475][ T8003] usb 2-1: Product: syz
[  451.445885][ T8003] usb 2-1: Manufacturer: syz
[  451.450583][ T8003] usb 2-1: SerialNumber: syz
[  451.486182][ T8003] usb 2-1: config 0 descriptor??
[  451.525257][ T8003] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  451.618562][T10969] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1136'.
[  451.623228][T10967] loop6: detected capacity change from 0 to 4096
[  451.636977][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  451.740590][ T5758] mos7840 8-1:0.225: required endpoints missing
[  451.747214][  T788] usb 2-1: USB disconnect, device number 7
[  451.750871][  T788] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  451.766716][ T5758] usb 8-1: USB disconnect, device number 44
[  451.866315][T10971] lo speed is unknown, defaulting to 1000
[  451.879171][T10967] loop6: detected capacity change from 0 to 4096
[  451.889350][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  452.032827][T10967] loop6: detected capacity change from 0 to 4096
[  452.039832][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  452.138310][T10967] loop6: detected capacity change from 0 to 4096
[  452.145329][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  452.156681][T10543] usb 10-1: new high-speed USB device number 30 using dummy_hcd
[  452.241552][T10967] loop6: detected capacity change from 0 to 4096
[  452.248506][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  452.338965][T10975] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1138'.
[  452.351739][T10543] usb 10-1: Using ep0 maxpacket: 32
[  452.363037][T10543] usb 10-1: config 0 has no interfaces?
[  452.368842][T10967] loop6: detected capacity change from 0 to 4096
[  452.371697][T10543] usb 10-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=96.8f
[  452.382272][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  452.391448][T10543] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.418539][T10543] usb 10-1: Product: syz
[  452.428636][T10543] usb 10-1: Manufacturer: syz
[  452.444673][T10543] usb 10-1: SerialNumber: syz
[  452.456330][T10543] usb 10-1: config 0 descriptor??
[  452.649525][T10967] loop6: detected capacity change from 0 to 4096
[  452.662419][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  452.873486][  T788] usb 10-1: USB disconnect, device number 30
[  452.876202][T10987] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  452.921185][T10967] loop6: detected capacity change from 0 to 4096
[  452.929318][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  452.977885][T10989] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1142'.
[  453.071204][T10967] loop6: detected capacity change from 0 to 4096
[  453.079814][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  453.230165][T10967] loop6: detected capacity change from 0 to 4096
[  453.237587][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  453.251448][T10543] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  453.360288][T10967] loop6: detected capacity change from 0 to 4096
[  453.372821][T10967] ntfs: (device loop6): parse_options(): Invalid mft_zone_multiplier option argument: 0xfffffffffffffgff
[  453.472028][T10543] usb 2-1: config 201 has an invalid interface number: 249 but max is 0
[  453.518324][T10543] usb 2-1: config 201 has no interface number 0
[  453.719563][T10543] usb 2-1: config 201 interface 249 altsetting 4 has an invalid endpoint with address 0xF1, skipping
[  453.731131][T10543] usb 2-1: config 201 interface 249 altsetting 4 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  453.851003][T10543] usb 2-1: config 201 interface 249 has no altsetting 0
[  453.902772][T10543] usb 2-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df
[  453.913307][T10543] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.921467][T10543] usb 2-1: Product: syz
[  453.926271][T10543] usb 2-1: Manufacturer: syz
[  453.931021][T10543] usb 2-1: SerialNumber: syz
[  454.051240][T11008] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1148'.
[  454.222053][T10991] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  454.408131][T11011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.418807][T11014] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  454.429352][T11011] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.447823][T11014] syzkaller0: entered promiscuous mode
[  454.454592][T11014] syzkaller0: entered allmulticast mode
[  454.480884][T11014] tipc: Resetting bearer <eth:syzkaller0>
[  454.501955][T11012] tipc: Resetting bearer <eth:syzkaller0>
[  454.603207][T11012] tipc: Disabling bearer <eth:syzkaller0>
[  454.656049][T11016] loop6: detected capacity change from 0 to 256
[  454.667234][T11016] exfat: Deprecated parameter 'utf8'
[  454.685988][T11016] exfat: Deprecated parameter 'utf8'
[  454.706452][T11016] exfat: Deprecated parameter 'utf8'
[  454.764562][T11016] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  455.034333][T11004] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  455.139383][T11022] loop2: detected capacity change from 0 to 7
[  455.146684][T11022] Dev loop2: unable to read RDB block 7
[  455.152589][T11022]  loop2: AHDI p1 p2 p3
[  455.156901][T11022] loop2: partition table partially beyond EOD, truncated
[  455.164306][T11022] loop2: p1 start 1601398130 is beyond EOD, truncated
[  455.171800][T11022] loop2: p2 start 1702059890 is beyond EOD, truncated
[  456.085743][T10543] ath6kl: Failed to submit usb control message: -71
[  456.111221][T10543] ath6kl: unable to send the bmi data to the device: -71
[  456.121644][T10543] ath6kl: Unable to send get target info: -71
[  456.128986][T10543] ath6kl: Failed to init ath6kl core: -71
[  456.165240][T10543] ath6kl_usb: probe of 2-1:201.249 failed with error -71
[  456.246339][T11028] loop9: detected capacity change from 0 to 4096
[  456.256484][T10543] usb 2-1: USB disconnect, device number 8
[  456.271843][T11028] ntfs: (device loop9): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  456.325382][T11028] ntfs: (device loop9): ntfs_read_locked_inode(): Corrupt standard information attribute in inode.
[  456.341262][T11034] FAULT_INJECTION: forcing a failure.
[  456.341262][T11034] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.361721][T11028] ntfs: (device loop9): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  456.391468][T11028] ntfs: (device loop9): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  456.406190][T11034] CPU: 0 PID: 11034 Comm: syz.7.1157 Not tainted syzkaller #0
[  456.413719][T11034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  456.423819][T11034] Call Trace:
[  456.427137][T11034]  <TASK>
[  456.430097][T11034]  dump_stack_lvl+0x16c/0x230
[  456.434845][T11034]  ? show_regs_print_info+0x20/0x20
[  456.440087][T11034]  ? load_image+0x3b0/0x3b0
[  456.444638][T11034]  ? __might_fault+0xaa/0x120
[  456.449344][T11034]  ? __lock_acquire+0x7c80/0x7c80
[  456.454410][T11034]  ? __kmem_cache_free+0xba/0x1f0
[  456.459481][T11034]  should_fail_ex+0x39d/0x4d0
[  456.464212][T11034]  _copy_from_user+0x2f/0xe0
[  456.468855][T11034]  kvm_arch_dev_ioctl+0x2c8/0x7e0
[  456.473922][T11034]  ? kvm_get_filtered_xcr0+0x60/0x60
[  456.479278][T11034]  kvm_dev_ioctl+0x124/0x1640
[  456.484003][T11034]  ? __fget_files+0x28/0x4d0
[  456.488681][T11034]  ? kvm_resume+0x1e0/0x1e0
[  456.493332][T11034]  ? bpf_lsm_file_ioctl+0x9/0x10
[  456.498406][T11034]  ? security_file_ioctl+0x80/0xa0
[  456.503570][T11034]  ? kvm_resume+0x1e0/0x1e0
[  456.508122][T11034]  __se_sys_ioctl+0xfd/0x170
[  456.512763][T11034]  do_syscall_64+0x55/0xb0
[  456.517227][T11034]  ? clear_bhb_loop+0x40/0x90
[  456.521938][T11034]  ? clear_bhb_loop+0x40/0x90
[  456.526638][T11034]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  456.532633][T11034] RIP: 0033:0x7fca7cf8f749
[  456.537063][T11034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  456.556680][T11034] RSP: 002b:00007fca7de7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  456.565106][T11034] RAX: ffffffffffffffda RBX: 00007fca7d1e5fa0 RCX: 00007fca7cf8f749
[  456.573091][T11034] RDX: 0000200000000500 RSI: 00000000c008ae09 RDI: 0000000000000003
[  456.581075][T11034] RBP: 00007fca7de7b090 R08: 0000000000000000 R09: 0000000000000000
[  456.589055][T11034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  456.597042][T11034] R13: 00007fca7d1e6038 R14: 00007fca7d1e5fa0 R15: 00007fff364100b8
[  456.605040][T11034]  </TASK>
[  456.608150][    C0] vkms_vblank_simulate: vblank timer overrun
[  456.636053][T11028] ntfs: volume version 3.1.
[  456.685382][T11016] comedi comedi0: dt2814: a I/O base address must be specified
[  457.130137][   T28] audit: type=1326 audit(1765682993.101:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11026 comm="syz.9.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f322e78f749 code=0x7ffc0000
[  457.341187][   T28] audit: type=1326 audit(1765682993.101:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11026 comm="syz.9.1155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f322e78f749 code=0x7ffc0000
[  457.639668][ T5083] Bluetooth: hci3: command 0x0406 tx timeout
[  458.874412][T11070] loop2: detected capacity change from 0 to 7
[  458.881760][T11070] Dev loop2: unable to read RDB block 7
[  458.887384][T11070]  loop2: AHDI p1 p2 p3
[  458.891642][T11070] loop2: partition table partially beyond EOD, truncated
[  458.898797][T11070] loop2: p1 start 1601398130 is beyond EOD, truncated
[  458.905676][T11070] loop2: p2 start 1702059890 is beyond EOD, truncated
[  459.288769][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.672738][T11077] FAULT_INJECTION: forcing a failure.
[  459.672738][T11077] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  459.714222][T11077] CPU: 1 PID: 11077 Comm: syz.1.1167 Not tainted syzkaller #0
[  459.721763][T11077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  459.731861][T11077] Call Trace:
[  459.735185][T11077]  <TASK>
[  459.738143][T11077]  dump_stack_lvl+0x16c/0x230
[  459.742855][T11077]  ? show_regs_print_info+0x20/0x20
[  459.748095][T11077]  ? load_image+0x3b0/0x3b0
[  459.752643][T11077]  ? __lock_acquire+0x7c80/0x7c80
[  459.757708][T11077]  ? mark_lock+0x94/0x320
[  459.762065][T11077]  should_fail_ex+0x39d/0x4d0
[  459.766793][T11077]  prepare_alloc_pages+0x1e2/0x5f0
[  459.771940][T11077]  __alloc_pages+0x127/0x460
[  459.776563][T11077]  ? zone_statistics+0x170/0x170
[  459.781535][T11077]  ? do_wp_page+0x826/0x3630
[  459.786147][T11077]  ? do_wp_page+0x1024/0x3630
[  459.790845][T11077]  __folio_alloc+0x10/0x20
[  459.795285][T11077]  vma_alloc_folio+0x47a/0x8f0
[  459.800095][T11077]  do_wp_page+0x128e/0x3630
[  459.804635][T11077]  ? folio_put+0xd0/0xd0
[  459.808919][T11077]  ? do_raw_spin_lock+0x121/0x2c0
[  459.813963][T11077]  ? __rwlock_init+0x150/0x150
[  459.818745][T11077]  ? handle_mm_fault+0xd1/0x4920
[  459.823697][T11077]  handle_mm_fault+0x12d4/0x4920
[  459.828656][T11077]  ? handle_mm_fault+0xd1/0x4920
[  459.833628][T11077]  ? numa_migrate_prep+0x350/0x350
[  459.838760][T11077]  ? follow_page_pte+0xc0b/0x1a70
[  459.843812][T11077]  ? pmd_lock+0x60/0x60
[  459.847990][T11077]  __get_user_pages+0x5ea/0x1470
[  459.852956][T11077]  ? populate_vma_page_range+0x370/0x370
[  459.858609][T11077]  ? __gup_longterm_locked+0x20e8/0x2b80
[  459.864266][T11077]  ? down_read_killable+0x1d0/0x340
[  459.869484][T11077]  __gup_longterm_locked+0x2247/0x2b80
[  459.874981][T11077]  ? pin_user_pages_remote+0x210/0x210
[  459.880460][T11077]  ? mark_lock+0x94/0x320
[  459.884810][T11077]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  459.890810][T11077]  ? sanity_check_pinned_pages+0x136d/0x1500
[  459.896815][T11077]  internal_get_user_pages_fast+0x217f/0x2730
[  459.902931][T11077]  ? get_user_pages_fast_only+0xa0/0xa0
[  459.908496][T11077]  ? stack_trace_save+0x9c/0xe0
[  459.913361][T11077]  ? stack_trace_snprint+0xf0/0xf0
[  459.918484][T11077]  ? __stack_depot_save+0x1f/0x630
[  459.923616][T11077]  ? pin_user_pages_fast+0x89/0xe0
[  459.928741][T11077]  iov_iter_extract_pages+0x393/0x790
[  459.934139][T11077]  extract_iter_to_sg+0xc0b/0x1eb0
[  459.939286][T11077]  ? sg_zero_buffer+0x830/0x830
[  459.944163][T11077]  ? __asan_memset+0x22/0x40
[  459.948768][T11077]  af_alg_get_rsgl+0x428/0x820
[  459.953565][T11077]  skcipher_recvmsg+0x391/0xd70
[  459.958438][T11077]  ? skcipher_sendmsg+0xf0/0xf0
[  459.963304][T11077]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  459.968599][T11077]  ? security_socket_recvmsg+0x89/0xb0
[  459.974068][T11077]  ? skcipher_sendmsg+0xf0/0xf0
[  459.978927][T11077]  ____sys_recvmsg+0x29e/0x5b0
[  459.983718][T11077]  ? __sys_recvmsg_sock+0x50/0x50
[  459.988807][T11077]  ? import_iovec+0x73/0xa0
[  459.993336][T11077]  ___sys_recvmsg+0x1b6/0x510
[  459.998036][T11077]  ? __sys_recvmsg+0x270/0x270
[  460.002816][T11077]  ? ksys_write+0x1c1/0x250
[  460.007344][T11077]  ? __fget_files+0x44a/0x4d0
[  460.012048][T11077]  __x64_sys_recvmsg+0x1f2/0x2c0
[  460.017002][T11077]  ? ___sys_recvmsg+0x510/0x510
[  460.021880][T11077]  ? lockdep_hardirqs_on+0x98/0x150
[  460.027095][T11077]  do_syscall_64+0x55/0xb0
[  460.031526][T11077]  ? clear_bhb_loop+0x40/0x90
[  460.036221][T11077]  ? clear_bhb_loop+0x40/0x90
[  460.040919][T11077]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  460.046824][T11077] RIP: 0033:0x7f24d9b8f749
[  460.051253][T11077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  460.070867][T11077] RSP: 002b:00007f24daa47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  460.079295][T11077] RAX: ffffffffffffffda RBX: 00007f24d9de5fa0 RCX: 00007f24d9b8f749
[  460.087282][T11077] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  460.095267][T11077] RBP: 00007f24daa47090 R08: 0000000000000000 R09: 0000000000000000
[  460.103252][T11077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  460.111234][T11077] R13: 00007f24d9de6038 R14: 00007f24d9de5fa0 R15: 00007ffd0f041cf8
[  460.119233][T11077]  </TASK>
[  460.259105][T11084] netlink: 300 bytes leftover after parsing attributes in process `syz.6.1170'.
[  460.321443][   T28] kauditd_printk_skb: 3 callbacks suppressed
[  460.321458][   T28] audit: type=1326 audit(1765682996.331:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.9.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f322e78f749 code=0x7fc00000
[  460.384932][T11088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1171'.
[  460.428283][T11089] loop6: detected capacity change from 0 to 4096
[  460.439079][   T28] audit: type=1326 audit(1765682996.331:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.9.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f322e78f749 code=0x7fc00000
[  460.469852][T11090] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  460.856244][T11101] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1175'.
[  461.053497][   T28] audit: type=1326 audit(1765682997.021:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.9.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f322e78f749 code=0x7fc00000
[  461.155905][T11103] loop2: detected capacity change from 0 to 7
[  461.213708][   T28] audit: type=1326 audit(1765682997.071:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.9.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f322e78f749 code=0x7fc00000
[  461.236632][   T28] audit: type=1326 audit(1765682997.071:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.9.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f322e78f749 code=0x7fc00000
[  461.296273][T11103] Dev loop2: unable to read RDB block 7
[  461.302131][T11103]  loop2: AHDI p1 p2 p3
[  461.306447][T11103] loop2: partition table partially beyond EOD, truncated
[  461.314770][T11103] loop2: p1 start 1601398130 is beyond EOD, truncated
[  461.321974][T11103] loop2: p2 start 1702059890 is beyond EOD, truncated
[  461.870430][   T28] audit: type=1326 audit(1765682997.071:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.9.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f322e78f749 code=0x7fc00000
[  461.892949][   T28] audit: type=1326 audit(1765682997.071:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11078 comm="syz.9.1169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f322e78f749 code=0x7fc00000
[  462.063861][T11108] loop7: detected capacity change from 0 to 2048
[  462.084616][T11108] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024)
[  462.119208][T11112] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  462.298736][T11114] FAULT_INJECTION: forcing a failure.
[  462.298736][T11114] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  462.316115][T11114] CPU: 0 PID: 11114 Comm: syz.9.1180 Not tainted syzkaller #0
[  462.323629][T11114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  462.333714][T11114] Call Trace:
[  462.337018][T11114]  <TASK>
[  462.339982][T11114]  dump_stack_lvl+0x16c/0x230
[  462.344729][T11114]  ? show_regs_print_info+0x20/0x20
[  462.349966][T11114]  ? load_image+0x3b0/0x3b0
[  462.354507][T11114]  ? __lock_acquire+0x7c80/0x7c80
[  462.359572][T11114]  ? mark_lock+0x94/0x320
[  462.363942][T11114]  should_fail_ex+0x39d/0x4d0
[  462.368673][T11114]  prepare_alloc_pages+0x1e2/0x5f0
[  462.373843][T11114]  __alloc_pages+0x127/0x460
[  462.378485][T11114]  ? zone_statistics+0x170/0x170
[  462.383467][T11114]  ? do_wp_page+0x826/0x3630
[  462.388096][T11114]  ? do_wp_page+0x1024/0x3630
[  462.392817][T11114]  __folio_alloc+0x10/0x20
[  462.397275][T11114]  vma_alloc_folio+0x47a/0x8f0
[  462.402103][T11114]  do_wp_page+0x128e/0x3630
[  462.406679][T11114]  ? folio_put+0xd0/0xd0
[  462.410976][T11114]  ? do_raw_spin_lock+0x121/0x2c0
[  462.411473][T11120] netlink: 300 bytes leftover after parsing attributes in process `syz.6.1183'.
[  462.416023][T11114]  ? __rwlock_init+0x150/0x150
[  462.429912][T11114]  ? handle_mm_fault+0xd1/0x4920
[  462.434899][T11114]  handle_mm_fault+0x12d4/0x4920
[  462.439884][T11114]  ? handle_mm_fault+0xd1/0x4920
[  462.444873][T11114]  ? numa_migrate_prep+0x350/0x350
[  462.450006][T11114]  ? follow_page_pte+0xc0b/0x1a70
[  462.455058][T11114]  ? pmd_lock+0x60/0x60
[  462.459252][T11114]  __get_user_pages+0x5ea/0x1470
[  462.464230][T11114]  ? populate_vma_page_range+0x370/0x370
[  462.469876][T11114]  ? __gup_longterm_locked+0x20e8/0x2b80
[  462.475522][T11114]  ? down_read_killable+0x1d0/0x340
[  462.480735][T11114]  __gup_longterm_locked+0x2247/0x2b80
[  462.486225][T11114]  ? pin_user_pages_remote+0x210/0x210
[  462.491696][T11114]  ? mark_lock+0x94/0x320
[  462.496041][T11114]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  462.502040][T11114]  ? sanity_check_pinned_pages+0x136d/0x1500
[  462.508043][T11114]  internal_get_user_pages_fast+0x217f/0x2730
[  462.514154][T11114]  ? get_user_pages_fast_only+0xa0/0xa0
[  462.519713][T11114]  ? stack_trace_save+0x9c/0xe0
[  462.524613][T11114]  ? stack_trace_snprint+0xf0/0xf0
[  462.529744][T11114]  ? __stack_depot_save+0x1f/0x630
[  462.534865][T11114]  ? pin_user_pages_fast+0x89/0xe0
[  462.539992][T11114]  iov_iter_extract_pages+0x393/0x790
[  462.545393][T11114]  extract_iter_to_sg+0xc0b/0x1eb0
[  462.550534][T11114]  ? sg_zero_buffer+0x830/0x830
[  462.555432][T11114]  ? __asan_memset+0x22/0x40
[  462.560047][T11114]  af_alg_get_rsgl+0x428/0x820
[  462.564867][T11114]  skcipher_recvmsg+0x391/0xd70
[  462.569766][T11114]  ? skcipher_sendmsg+0xf0/0xf0
[  462.574647][T11114]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  462.579954][T11114]  ? security_socket_recvmsg+0x89/0xb0
[  462.585434][T11114]  ? skcipher_sendmsg+0xf0/0xf0
[  462.590297][T11114]  ____sys_recvmsg+0x29e/0x5b0
[  462.595094][T11114]  ? __sys_recvmsg_sock+0x50/0x50
[  462.600146][T11114]  ? import_iovec+0x73/0xa0
[  462.604679][T11114]  ___sys_recvmsg+0x1b6/0x510
[  462.609375][T11114]  ? __sys_recvmsg+0x270/0x270
[  462.614160][T11114]  ? ksys_write+0x1c1/0x250
[  462.618686][T11114]  ? __fget_files+0x44a/0x4d0
[  462.623394][T11114]  __x64_sys_recvmsg+0x1f2/0x2c0
[  462.628349][T11114]  ? ___sys_recvmsg+0x510/0x510
[  462.633225][T11114]  ? lockdep_hardirqs_on+0x98/0x150
[  462.638443][T11114]  do_syscall_64+0x55/0xb0
[  462.642867][T11114]  ? clear_bhb_loop+0x40/0x90
[  462.647558][T11114]  ? clear_bhb_loop+0x40/0x90
[  462.652252][T11114]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  462.658157][T11114] RIP: 0033:0x7f322e78f749
[  462.662581][T11114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.682197][T11114] RSP: 002b:00007f322f5ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  462.690623][T11114] RAX: ffffffffffffffda RBX: 00007f322e9e5fa0 RCX: 00007f322e78f749
[  462.698621][T11114] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  462.706626][T11114] RBP: 00007f322f5ca090 R08: 0000000000000000 R09: 0000000000000000
[  462.714622][T11114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  462.722604][T11114] R13: 00007f322e9e6038 R14: 00007f322e9e5fa0 R15: 00007ffd2bbfe868
[  462.730640][T11114]  </TASK>
[  463.551576][T11131] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1187'.
[  463.705706][T11135] lo speed is unknown, defaulting to 1000
[  464.081661][ T8003] usb 10-1: new high-speed USB device number 31 using dummy_hcd
[  464.325769][ T8003] usb 10-1: Using ep0 maxpacket: 16
[  464.334625][ T8003] usb 10-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  464.391754][ T8003] usb 10-1: config 0 interface 0 has no altsetting 0
[  464.407237][ T8003] usb 10-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  464.434091][ T8003] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.470725][ T8003] usb 10-1: config 0 descriptor??
[  464.485853][ T8003] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[  464.719767][T11146] loop7: detected capacity change from 0 to 32768
[  464.730686][T11146] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop7 scanned by syz.7.1191 (11146)
[  464.834993][T11146] BTRFS info (device loop7): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  464.851132][T11146] BTRFS info (device loop7): using blake2b (blake2b-256-generic) checksum algorithm
[  464.861104][T11146] BTRFS info (device loop7): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  464.870983][T11146] BTRFS info (device loop7): use zstd compression, level 3
[  464.878375][T11146] BTRFS info (device loop7): using free space tree
[  465.390075][T11146] BTRFS info (device loop7): enabling ssd optimizations
[  465.507855][T11146] BTRFS info (device loop7): auto enabling async discard
[  465.680327][T11174] netlink: 300 bytes leftover after parsing attributes in process `syz.1.1195'.
[  465.722643][T11176] loop6: detected capacity change from 0 to 8
[  465.741269][T11176] Major/Minor mismatch, trying to mount newer 4.1025 filesystem
[  465.763961][T11176] Please update your kernel
[  465.848062][ T7895] BTRFS info (device loop7): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  465.859256][T11178] loop1: detected capacity change from 0 to 1024
[  465.872899][T11178] EXT4-fs: Ignoring removed nomblk_io_submit option
[  465.885484][T11178] EXT4-fs: Ignoring removed bh option
[  465.894123][T11178] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  465.941020][T11178] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  465.973580][T11178] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  465.999803][T11182] lo speed is unknown, defaulting to 1000
[  466.290293][ T1193] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  466.396586][T11186] loop7: detected capacity change from 0 to 128
[  466.403943][T11186] EXT4-fs: Ignoring removed nomblk_io_submit option
[  466.413866][T11186] EXT4-fs (loop7): Test dummy encryption mode enabled
[  466.425180][T11186] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  466.447195][T11186] ext4 filesystem being mounted at /205/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  466.481398][ T1193] usb 7-1: Using ep0 maxpacket: 32
[  466.489384][ T1193] usb 7-1: config 0 has no interfaces?
[  466.503831][ T1193] usb 7-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=96.8f
[  466.521548][ T1193] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.539827][ T1193] usb 7-1: Product: syz
[  466.544532][ T1193] usb 7-1: Manufacturer: syz
[  466.549165][ T1193] usb 7-1: SerialNumber: syz
[  466.556727][T11178] loop1: detected capacity change from 0 to 32768
[  466.565780][ T1193] usb 7-1: config 0 descriptor??
[  466.591020][T11178] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  466.619926][T11186] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  466.675152][ T7895] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  466.702485][T11178] XFS (loop1): Corruption warning: Metadata has LSN (1:384) ahead of current LSN (1:256). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  466.720053][ T5758] usb 10-1: USB disconnect, device number 31
[  466.728407][T11178] XFS (loop1): log mount/recovery failed: error -22
[  466.788085][T11178] XFS (loop1): log mount failed
[  467.009096][ T8003] usb 7-1: USB disconnect, device number 47
[  467.291497][T10543] usb 8-1: new high-speed USB device number 45 using dummy_hcd
[  467.336792][T11209] loop9: detected capacity change from 0 to 64
[  467.503434][T10543] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  467.515519][T10543] usb 8-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  467.579191][T10543] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  467.619781][T10543] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.647646][T10543] usb 8-1: Product: syz
[  467.651941][T10543] usb 8-1: Manufacturer: syz
[  467.656707][T10543] usb 8-1: SerialNumber: syz
[  468.956912][T11217] loop2: detected capacity change from 0 to 7
[  469.278493][T11217] Dev loop2: unable to read RDB block 7
[  469.284370][T11217]  loop2: AHDI p1 p2 p3
[  469.288621][T11217] loop2: partition table partially beyond EOD, truncated
[  469.295839][T11217] loop2: p1 start 1601398130 is beyond EOD, truncated
[  469.303862][T11217] loop2: p2 start 1702059890 is beyond EOD, truncated
[  469.592317][T11222] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  469.610413][T11222] syzkaller0: entered promiscuous mode
[  469.628722][T11222] syzkaller0: entered allmulticast mode
[  469.640157][T11224] loop6: detected capacity change from 0 to 1024
[  469.692156][T10543] cdc_ncm 8-1:1.0: bind() failure
[  469.695361][T11222] tipc: Resetting bearer <eth:syzkaller0>
[  469.731535][T10543] cdc_ncm: probe of 8-1:1.1 failed with error -71
[  469.745243][T11221] tipc: Resetting bearer <eth:syzkaller0>
[  469.751651][T10543] cdc_mbim: probe of 8-1:1.1 failed with error -71
[  469.759086][T11224] hfsplus: xattr searching failed
[  469.765032][T10543] usbtest: probe of 8-1:1.1 failed with error -71
[  469.816829][T10543] usb 8-1: USB disconnect, device number 45
[  469.842792][T11221] tipc: Disabling bearer <eth:syzkaller0>
[  470.512645][T11230] FAULT_INJECTION: forcing a failure.
[  470.512645][T11230] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  470.560702][T11230] CPU: 0 PID: 11230 Comm: syz.9.1210 Not tainted syzkaller #0
[  470.568355][T11230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  470.578430][T11230] Call Trace:
[  470.581745][T11230]  <TASK>
[  470.584698][T11230]  dump_stack_lvl+0x16c/0x230
[  470.589419][T11230]  ? show_regs_print_info+0x20/0x20
[  470.594643][T11230]  ? load_image+0x3b0/0x3b0
[  470.599173][T11230]  ? __lock_acquire+0x7c80/0x7c80
[  470.604219][T11230]  ? mark_lock+0x94/0x320
[  470.608568][T11230]  should_fail_ex+0x39d/0x4d0
[  470.613269][T11230]  prepare_alloc_pages+0x1e2/0x5f0
[  470.618413][T11230]  __alloc_pages+0x127/0x460
[  470.623032][T11230]  ? zone_statistics+0x170/0x170
[  470.628001][T11230]  ? do_wp_page+0x826/0x3630
[  470.632622][T11230]  ? do_wp_page+0x1024/0x3630
[  470.637333][T11230]  __folio_alloc+0x10/0x20
[  470.641773][T11230]  vma_alloc_folio+0x47a/0x8f0
[  470.646572][T11230]  do_wp_page+0x128e/0x3630
[  470.651118][T11230]  ? folio_put+0xd0/0xd0
[  470.655383][T11230]  ? do_raw_spin_lock+0x121/0x2c0
[  470.660431][T11230]  ? __rwlock_init+0x150/0x150
[  470.665231][T11230]  ? handle_mm_fault+0xd1/0x4920
[  470.670194][T11230]  handle_mm_fault+0x12d4/0x4920
[  470.675156][T11230]  ? handle_mm_fault+0xd1/0x4920
[  470.680141][T11230]  ? numa_migrate_prep+0x350/0x350
[  470.685277][T11230]  ? follow_page_pte+0xc0b/0x1a70
[  470.690337][T11230]  ? pmd_lock+0x60/0x60
[  470.694558][T11230]  __get_user_pages+0x5ea/0x1470
[  470.699535][T11230]  ? populate_vma_page_range+0x370/0x370
[  470.705192][T11230]  ? __gup_longterm_locked+0x20e8/0x2b80
[  470.710850][T11230]  ? down_read_killable+0x1d0/0x340
[  470.716072][T11230]  __gup_longterm_locked+0x2247/0x2b80
[  470.721572][T11230]  ? pin_user_pages_remote+0x210/0x210
[  470.727049][T11230]  ? mark_lock+0x94/0x320
[  470.731402][T11230]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  470.737406][T11230]  ? sanity_check_pinned_pages+0x136d/0x1500
[  470.743417][T11230]  internal_get_user_pages_fast+0x217f/0x2730
[  470.749530][T11230]  ? get_user_pages_fast_only+0xa0/0xa0
[  470.755143][T11230]  ? stack_trace_save+0x9c/0xe0
[  470.760017][T11230]  ? stack_trace_snprint+0xf0/0xf0
[  470.765154][T11230]  ? __stack_depot_save+0x1f/0x630
[  470.770282][T11230]  ? pin_user_pages_fast+0x89/0xe0
[  470.775416][T11230]  iov_iter_extract_pages+0x393/0x790
[  470.780820][T11230]  extract_iter_to_sg+0xc0b/0x1eb0
[  470.785967][T11230]  ? sg_zero_buffer+0x830/0x830
[  470.790851][T11230]  ? __asan_memset+0x22/0x40
[  470.795470][T11230]  af_alg_get_rsgl+0x428/0x820
[  470.800273][T11230]  skcipher_recvmsg+0x391/0xd70
[  470.805175][T11230]  ? skcipher_sendmsg+0xf0/0xf0
[  470.810064][T11230]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  470.815367][T11230]  ? security_socket_recvmsg+0x89/0xb0
[  470.820929][T11230]  ? skcipher_sendmsg+0xf0/0xf0
[  470.825796][T11230]  ____sys_recvmsg+0x29e/0x5b0
[  470.830584][T11230]  ? __sys_recvmsg_sock+0x50/0x50
[  470.835637][T11230]  ? import_iovec+0x73/0xa0
[  470.840179][T11230]  ___sys_recvmsg+0x1b6/0x510
[  470.844886][T11230]  ? __sys_recvmsg+0x270/0x270
[  470.849685][T11230]  ? ksys_write+0x1c1/0x250
[  470.854224][T11230]  ? __fget_files+0x44a/0x4d0
[  470.858934][T11230]  __x64_sys_recvmsg+0x1f2/0x2c0
[  470.863892][T11230]  ? ___sys_recvmsg+0x510/0x510
[  470.868773][T11230]  ? lockdep_hardirqs_on+0x98/0x150
[  470.873995][T11230]  do_syscall_64+0x55/0xb0
[  470.878427][T11230]  ? clear_bhb_loop+0x40/0x90
[  470.883127][T11230]  ? clear_bhb_loop+0x40/0x90
[  470.887830][T11230]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  470.893746][T11230] RIP: 0033:0x7f322e78f749
[  470.898174][T11230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.917799][T11230] RSP: 002b:00007f322f5ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  470.926233][T11230] RAX: ffffffffffffffda RBX: 00007f322e9e5fa0 RCX: 00007f322e78f749
[  470.934222][T11230] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  470.942216][T11230] RBP: 00007f322f5ca090 R08: 0000000000000000 R09: 0000000000000000
[  470.950207][T11230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.958193][T11230] R13: 00007f322e9e6038 R14: 00007f322e9e5fa0 R15: 00007ffd2bbfe868
[  470.966195][T11230]  </TASK>
[  471.058682][T11220] loop1: detected capacity change from 0 to 32768
[  471.065791][T11232] loop7: detected capacity change from 0 to 1024
[  471.074737][T11220] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.1206 (11220)
[  471.102207][T11232] hfsplus: request for non-existent node 33554434 in B*Tree
[  471.109855][T11232] hfsplus: request for non-existent node 33554434 in B*Tree
[  471.129433][T11220] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  471.131190][T11232] hfsplus: request for non-existent node 33554434 in B*Tree
[  471.151437][T11220] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  471.173326][T11220] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  471.183363][T11220] BTRFS info (device loop1): use zstd compression, level 3
[  471.191561][T11220] BTRFS info (device loop1): using free space tree
[  471.199245][T11232] hfsplus: request for non-existent node 33554434 in B*Tree
[  471.208321][T11234] loop9: detected capacity change from 0 to 8
[  471.232427][T11234] squashfs: Unknown parameter ' žð-ùËòöè€Ó8/'
[  471.305908][T11247] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  471.321131][T11247] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  471.351752][T11220] BTRFS info (device loop1): enabling ssd optimizations
[  471.365590][T11220] BTRFS info (device loop1): auto enabling async discard
[  471.376954][ T9369] hfsplus: request for non-existent node 33554434 in B*Tree
[  471.392585][ T9369] hfsplus: request for non-existent node 33554434 in B*Tree
[  471.730686][T10197] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  471.832570][T11254] loop9: detected capacity change from 0 to 32768
[  472.741825][ T8003] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[  472.757157][T11260] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1217'.
[  473.101759][ T8003] usb 7-1: Using ep0 maxpacket: 32
[  473.596019][ T8003] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  473.614917][ T8003] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.638302][ T8003] usb 7-1: config 0 descriptor??
[  473.730766][T11271] can: request_module (can-proto-5) failed.
[  473.969934][ T8003] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  474.001766][ T8003] usb 7-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  474.132827][ T8003] usb 7-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  474.173911][T11280] loop9: detected capacity change from 0 to 64
[  474.341708][  T788] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  474.551451][  T788] usb 2-1: Using ep0 maxpacket: 16
[  474.574749][  T788] usb 2-1: config 0 has no interfaces?
[  474.580917][  T788] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  474.606512][  T788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.827834][  T788] usb 2-1: config 0 descriptor??
[  475.089170][  T788] usb 2-1: USB disconnect, device number 9
[  475.219747][T11293] loop9: detected capacity change from 0 to 8192
[  475.231126][T11293] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  475.245151][T11293] REISERFS (device loop9): found reiserfs format "3.5" with non-standard journal
[  475.254657][T11293] REISERFS (device loop9): using ordered data mode
[  475.261187][T11293] reiserfs: using flush barriers
[  475.267715][T11293] REISERFS (device loop9): journal params: device loop9, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  475.284674][T11293] REISERFS (device loop9): checking transaction log (loop9)
[  475.294924][T11293] REISERFS (device loop9): Using r5 hash to sort names
[  475.302305][T11293] REISERFS (device loop9): Created .reiserfs_priv - reserved for xattr storage.
[  475.430137][T11296] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1227'.
[  475.486819][T11298] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1228'.
[  475.549035][T11300] loop9: detected capacity change from 0 to 256
[  475.557612][T11300] exFAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  475.568598][T11300] exFAT-fs (loop9): Medium has reported failures. Some data may be lost.
[  475.583647][T11300] exFAT-fs (loop9): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  477.049012][T11310] binder: 11309:11310 ioctl 40046205 0 returned -22
[  477.203080][   T28] audit: type=1326 audit(1765683013.231:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  477.227129][   T28] audit: type=1326 audit(1765683013.231:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  477.281479][   T28] audit: type=1326 audit(1765683013.251:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  477.332026][   T28] audit: type=1326 audit(1765683013.251:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  477.359316][T11314] loop9: detected capacity change from 0 to 2048
[  477.379223][   T28] audit: type=1326 audit(1765683013.271:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  477.404249][T11316] loop7: detected capacity change from 0 to 1764
[  477.415437][T11314] UDF-fs: warning (device loop9): udf_load_vrs: No anchor found
[  477.431540][T11314] UDF-fs: Scanning with blocksize 512 failed
[  477.446760][   T28] audit: type=1326 audit(1765683013.271:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  477.476341][   T28] audit: type=1326 audit(1765683013.271:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  477.479152][T11314] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  477.503347][   T28] audit: type=1326 audit(1765683013.271:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  477.605807][   T28] audit: type=1326 audit(1765683013.271:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11311 comm="syz.7.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  482.441233][T11330] loop9: detected capacity change from 0 to 2048
[  484.571468][ T5840] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  484.781603][ T5840] usb 2-1: Using ep0 maxpacket: 32
[  484.812817][ T5840] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  484.854550][ T5840] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5
[  484.881202][ T5840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.911432][ T5840] usb 2-1: Product: syz
[  484.915758][ T5840] usb 2-1: Manufacturer: syz
[  484.920384][ T5840] usb 2-1: SerialNumber: syz
[  484.934368][ T5840] usb 2-1: config 0 descriptor??
[  484.940236][T11333] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  484.954787][ T5840] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  486.861943][ T5840] usb 2-1: USB disconnect, device number 10
[  488.386180][T11353] loop6: detected capacity change from 0 to 512
[  488.492746][T11353] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e01c, mo2=0002]
[  488.500841][T11353] System zones: 1-12
[  488.562811][T11353] EXT4-fs error (device loop6): dx_probe:823: inode #2: comm syz.6.1246: Directory hole found for htree index block 0
[  488.632415][T11353] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -117
[  488.640845][T11353] EXT4-fs error (device loop6): dx_probe:823: inode #2: comm syz.6.1246: Directory hole found for htree index block 0
[  488.687671][T11353] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117
[  488.712749][T11353] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  489.179565][ T6497] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  489.519841][T11364] loop1: detected capacity change from 0 to 1024
[  489.740336][T11371] loop7: detected capacity change from 0 to 256
[  489.761589][T11371] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d)
[  489.778462][T11371] exFAT-fs (loop7): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  489.810270][T11373] loop6: detected capacity change from 0 to 512
[  489.820710][T11371] syz.7.1245: attempt to access beyond end of device
[  489.820710][T11371] loop7: rw=524288, sector=280, nr_sectors = 128 limit=256
[  489.826231][T11373] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  489.848577][T11371] syz.7.1245: attempt to access beyond end of device
[  489.848577][T11371] loop7: rw=524288, sector=408, nr_sectors = 256 limit=256
[  489.853168][T11376] loop1: detected capacity change from 0 to 512
[  489.863694][T11371] syz.7.1245: attempt to access beyond end of device
[  489.863694][T11371] loop7: rw=0, sector=280, nr_sectors = 8 limit=256
[  489.885115][T11373] EXT4-fs error (device loop6): ext4_init_orphan_info:619: comm syz.6.1251: orphan file block 0: bad magic
[  489.894328][   T28] audit: type=1800 audit(1765683025.911:289): pid=11371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.1245" name="file1" dev="loop7" ino=1048656 res=0 errno=0
[  489.913838][T11373] EXT4-fs (loop6): mount failed
[  489.929676][T11376] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  490.026722][T11376] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm syz.1.1252: Invalid inode table block 1433565978 in block_group 0
[  490.057761][T11376] EXT4-fs warning (device loop1): ext4_group_add:1747: Error opening resize inode
[  491.945629][T10197] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  493.992427][T11395] input: syz1 as /devices/virtual/input/input16
[  494.516372][T11402] loop7: detected capacity change from 0 to 256
[  494.549576][T11402] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  494.582841][T11402] exFAT-fs (loop7): Medium has reported failures. Some data may be lost.
[  494.631176][T11402] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  494.928601][T11407] loop6: detected capacity change from 0 to 512
[  494.981635][T11407] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  495.022770][T11407] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  495.081752][T11407] EXT4-fs error (device loop6): ext4_get_branch:178: inode #11: block 4294967295: comm syz.6.1263: invalid block
[  495.135249][T11411] loop9: detected capacity change from 0 to 512
[  495.143248][T11407] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1263: invalid indirect mapped block 4294967295 (level 1)
[  495.150706][T11411] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  495.181690][T11411] EXT4-fs (loop9): couldn't mount as ext2 due to feature incompatibilities
[  495.210872][T11407] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1263: invalid indirect mapped block 4294967295 (level 1)
[  495.252266][T11407] EXT4-fs (loop6): 2 truncates cleaned up
[  495.259522][T11407] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  495.280187][T11415] loop7: detected capacity change from 0 to 512
[  495.288604][T11415] EXT4-fs: Ignoring removed bh option
[  495.508308][T11415] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  495.530064][T11415] ext4 filesystem being mounted at /223/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  495.649297][ T7895] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  497.704902][T11430] loop1: detected capacity change from 0 to 512
[  499.431208][T11409] EXT4-fs error (device loop6): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  501.102998][ T6497] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  501.493375][T11443] loop7: detected capacity change from 0 to 256
[  501.500701][T11443] exfat: Deprecated parameter 'namecase'
[  501.506857][T11443] exfat: Deprecated parameter 'namecase'
[  501.530672][T11443] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xbc8dc3cd, utbl_chksum : 0xe619d30d)
[  501.587692][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  501.951456][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  502.914201][T11457] loop7: detected capacity change from 0 to 4096
[  502.922918][T11457] EXT4-fs: Ignoring removed mblk_io_submit option
[  502.953978][T11457] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  502.964504][T11463] loop1: detected capacity change from 0 to 512
[  502.971700][T11457] EXT4-fs (loop7): Test dummy encryption mode enabled
[  503.002519][T11461] loop9: detected capacity change from 0 to 512
[  503.011427][T11461] EXT4-fs: Ignoring removed oldalloc option
[  503.018011][T11457] Quota error (device loop7): v2_read_file_info: Block with free entry 5 out of range (1, 5).
[  503.030377][T11457] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  504.691622][T11461] EXT4-fs (loop9): 1 truncate cleaned up
[  504.715842][T11457] EXT4-fs (loop7): mount failed
[  504.734752][T11461] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  505.143599][T11472] loop6: detected capacity change from 0 to 8
[  505.238312][T11472] SQUASHFS error: Failed to read block 0x4de: -5
[  505.256600][ T9020] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  505.257500][T11472] SQUASHFS error: Failed to read block 0x4de: -5
[  505.298997][   T28] audit: type=1800 audit(1765683041.326:290): pid=11472 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1282" name="file1" dev="loop6" ino=5 res=0 errno=0
[  507.230393][  T788] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[  507.450615][  T788] usb 8-1: Using ep0 maxpacket: 32
[  507.476777][  T788] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[  507.496698][  T788] usb 8-1: config 0 has no interface number 0
[  507.511845][  T788] usb 8-1: config 0 interface 184 has no altsetting 0
[  507.536909][  T788] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  507.550257][  T788] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.575182][  T788] usb 8-1: Product: syz
[  507.606954][  T788] usb 8-1: Manufacturer: syz
[  507.611869][  T788] usb 8-1: SerialNumber: syz
[  507.628407][  T788] usb 8-1: config 0 descriptor??
[  507.636282][  T788] smsc75xx v1.0.0
[  507.821162][T11483] xt_CT: You must specify a L4 protocol and not use inversions on it
[  510.164348][  T788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  510.228930][  T788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  510.268923][  T788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  510.294217][  T788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  512.068772][T11496] binder: 11493:11496 ioctl c0306201 200000000300 returned -11
[  512.098262][  T788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  512.130170][T11496] binder: 11493:11496 ioctl c0306201 200000000240 returned -11
[  512.168426][  T788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  512.217932][  T788] smsc75xx: probe of 8-1:0.184 failed with error -71
[  512.278564][  T788] usb 8-1: USB disconnect, device number 46
[  512.867817][  T788] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[  513.063204][  T788] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  513.095254][  T788] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  513.124837][  T788] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  513.147682][  T788] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  513.160344][  T788] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.180367][  T788] usb 8-1: config 0 descriptor??
[  513.187048][T11500] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  513.595467][T11506] loop1: detected capacity change from 0 to 1024
[  513.627154][T11506] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  513.640923][  T788] plantronics 0003:047F:FFFF.000B: unknown main item tag 0xd
[  513.665313][  T788] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  513.668123][T11506] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  513.710747][T11506] EXT4-fs (loop1): orphan cleanup on readonly fs
[  513.718434][  T788] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  513.763760][T11506] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.1293: Freeing blocks not in datazone - block = 0, count = 4096
[  513.825265][T11506] EXT4-fs (loop1): 1 orphan inode deleted
[  513.862625][T11506] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  514.098500][T11511] loop9: detected capacity change from 0 to 512
[  514.958125][ T5771] usb 8-1: USB disconnect, device number 47
[  515.009876][T11511] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  515.022645][T11511] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  515.134610][ T9020] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  515.167782][T10197] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  521.154115][ T5883] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  521.403299][ T5883] usb 2-1: Using ep0 maxpacket: 8
[  521.434251][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  521.445633][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  521.455980][ T5883] usb 2-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice= 0.00
[  521.486332][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.519011][ T5883] usb 2-1: config 0 descriptor??
[  521.963646][ T5883] apple 0003:05AC:0274.000C: unbalanced delimiter at end of report description
[  521.984053][ T5883] apple 0003:05AC:0274.000C: parse failed
[  521.989953][ T5883] apple: probe of 0003:05AC:0274.000C failed with error -22
[  523.247537][   T28] audit: type=1326 audit(1765683058.384:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11550 comm="syz.7.1306" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x0
[  523.292395][T10543] usb 2-1: USB disconnect, device number 11
[  523.381831][T11557] syzkaller0: entered promiscuous mode
[  523.388059][T11557] syzkaller0: entered allmulticast mode
[  523.730963][T10070] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  524.318045][T11564] loop9: detected capacity change from 0 to 2021
[  524.539730][T11564] Alternate GPT is invalid, using primary GPT.
[  525.321547][T11564]  loop9: p1 p2 p3
[  525.415774][T11573] loop1: detected capacity change from 0 to 1024
[  525.486334][T11575] loop7: detected capacity change from 0 to 1024
[  525.494443][T11575] EXT4-fs: Ignoring removed orlov option
[  525.509403][T11575] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  525.684444][ T7895] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  527.832910][ T9369] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  527.901329][ T5812] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[  528.127540][ T5812] usb 8-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  528.146361][ T5812] usb 8-1: config 0 interface 0 has no altsetting 0
[  528.159764][ T5812] usb 8-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00
[  528.179818][ T5812] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.201018][ T5812] usb 8-1: config 0 descriptor??
[  528.293716][ T9369] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  528.971367][ T5812] hid-rmi 0003:17EF:6085.000D: hidraw0: USB HID v0.00 Device [HID 17ef:6085] on usb-dummy_hcd.7-1/input0
[  529.060505][ T9369] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  529.150980][  T788] usb 8-1: USB disconnect, device number 48
[  529.254378][ T9369] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  529.391752][T11605] loop9: detected capacity change from 0 to 256
[  529.430501][T11605] exfat: Unknown parameter '[v!~'
[  529.492127][T11607] loop1: detected capacity change from 0 to 1024
[  529.531029][ T9369] tipc: Left network mode
[  530.270075][   T28] audit: type=1326 audit(1765683066.298:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.325769][   T28] audit: type=1326 audit(1765683066.298:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.384567][   T28] audit: type=1326 audit(1765683066.318:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.417825][ T1099] hfsplus: found bad thread record in catalog
[  530.443258][   T28] audit: type=1326 audit(1765683066.318:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.478743][   T28] audit: type=1326 audit(1765683066.328:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.516678][   T28] audit: type=1326 audit(1765683066.328:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.542176][   T28] audit: type=1326 audit(1765683066.328:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.565612][   T28] audit: type=1326 audit(1765683066.338:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.612461][T11615] loop1: detected capacity change from 0 to 16
[  530.632107][T11615] erofs: (device loop1): mounted with root inode @ nid 36.
[  530.635688][   T28] audit: type=1326 audit(1765683066.348:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.668799][   T28] audit: type=1326 audit(1765683066.348:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.7.1325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca7cf8f749 code=0x7ffc0000
[  530.728549][ T5771] usb 8-1: new full-speed USB device number 49 using dummy_hcd
[  530.802628][T11620] loop1: detected capacity change from 0 to 1024
[  530.819515][T11620] EXT4-fs: Ignoring removed orlov option
[  530.825328][T11620] EXT4-fs: Ignoring removed mblk_io_submit option
[  530.872600][T11620] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a814c018, mo2=0002]
[  530.904870][T11620] System zones: 0-1, 3-12
[  530.910447][ T5771] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25402, setting to 64
[  530.958058][T11624] loop9: detected capacity change from 0 to 128
[  530.964645][ T5771] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  530.982387][ T5771] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  531.014572][T11620] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  531.033002][ T5771] usb 8-1: config 0 descriptor??
[  531.248101][T11612] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  531.258703][ T5771] hub 8-1:0.0: USB hub found
[  531.277321][T10197] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.943485][ T5771] hub 8-1:0.0: 1 port detected
[  532.028675][T11630] ipt_REJECT: ECHOREPLY no longer supported.
[  532.608939][T11633] loop9: detected capacity change from 0 to 1024
[  532.757750][T11635] loop1: detected capacity change from 0 to 512
[  532.759246][ T6226] usb 8-1: reset full-speed USB device number 49 using dummy_hcd
[  532.773745][   T12] hfsplus: b-tree write err: -5, ino 8
[  534.738685][ T9369] hsr_slave_0: left promiscuous mode
[  534.744900][ T9369] hsr_slave_1: left promiscuous mode
[  534.777061][ T9369] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  534.784637][ T9369] batman_adv: batadv0: Removing interface: batadv_slave_0
[  534.799761][ T9369] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  534.816625][ T9369] batman_adv: batadv0: Removing interface: batadv_slave_1
[  534.837276][ T9369] bridge_slave_1: left allmulticast mode
[  534.843064][ T9369] bridge_slave_1: left promiscuous mode
[  534.854857][ T9369] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.874564][ T9369] bridge_slave_0: left allmulticast mode
[  534.880629][ T9369] bridge_slave_0: left promiscuous mode
[  534.897088][ T9369] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.962125][ T9369] veth1_macvtap: left promiscuous mode
[  534.969471][ T9369] veth0_macvtap: left promiscuous mode
[  534.976676][ T9369] veth1_vlan: left promiscuous mode
[  534.982476][ T9369] veth0_vlan: left promiscuous mode
[  536.697912][ T1193] usb 8-1: USB disconnect, device number 49
[  537.045409][ T1193] usb 8-1: new high-speed USB device number 50 using dummy_hcd
[  537.250991][ T1193] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  537.278618][ T1193] usb 8-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00
[  537.288977][ T5083] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  537.297658][ T1193] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.306516][ T5083] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  537.314677][ T5083] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  537.343560][ T5083] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  537.344272][ T1193] usb 8-1: config 0 descriptor??
[  537.366030][ T5083] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  537.375875][ T5083] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  537.432308][ T8003] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  537.476171][ T8003] dvb_usb_az6027: probe of 7-1:0.0 failed with error -110
[  537.520900][ T8003] usb 7-1: USB disconnect, device number 48
[  537.807220][ T1193] wacom 0003:056A:00EC.000E: hidraw0: USB HID v10.00 Device [HID 056a:00ec] on usb-dummy_hcd.7-1/input0
[  537.988407][ T1193] usb 8-1: USB disconnect, device number 50
[  538.395526][ T9369] team0 (unregistering): Port device team_slave_1 removed
[  538.626147][ T9369] team0 (unregistering): Port device team_slave_0 removed
[  538.748626][T11659] loop7: detected capacity change from 0 to 512
[  538.799422][T11659] EXT4-fs: Ignoring removed i_version option
[  538.804980][ T9369] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  538.853102][T11659] EXT4-fs: Ignoring removed bh option
[  538.918124][T11659] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  538.932108][T11659] ext4 filesystem being mounted at /242/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  538.942974][ T9369] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  539.061490][   T28] kauditd_printk_skb: 13 callbacks suppressed
[  539.061503][   T28] audit: type=1804 audit(1765683075.083:315): pid=11665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.1341" name="/newroot/242/bus/bus" dev="loop7" ino=18 res=1 errno=0
[  539.236486][ T7895] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.594181][ T5083] Bluetooth: hci4: command tx timeout
[  542.183972][ T5083] Bluetooth: hci4: command tx timeout
[  542.443218][ T6776] ==================================================================
[  542.451332][ T6776] BUG: KASAN: slab-use-after-free in __mutex_lock+0x6cb/0xcc0
[  542.458823][ T6776] Read of size 8 at addr ffff888077f1c0a0 by task khidpd_10000008/6776
[  542.467079][ T6776] 
[  542.469406][ T6776] CPU: 1 PID: 6776 Comm: khidpd_10000008 Not tainted syzkaller #0
[  542.477305][ T6776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  542.487367][ T6776] Call Trace:
[  542.490652][ T6776]  <TASK>
[  542.493594][ T6776]  dump_stack_lvl+0x16c/0x230
[  542.498292][ T6776]  ? __lock_acquire+0x7c80/0x7c80
[  542.503327][ T6776]  ? show_regs_print_info+0x20/0x20
[  542.508628][ T6776]  ? load_image+0x3b0/0x3b0
[  542.513149][ T6776]  ? __virt_addr_valid+0x469/0x540
[  542.518268][ T6776]  print_report+0xac/0x220
[  542.522721][ T6776]  ? __mutex_lock+0x6cb/0xcc0
[  542.527403][ T6776]  kasan_report+0x117/0x150
[  542.531917][ T6776]  ? __mutex_lock+0x6cb/0xcc0
[  542.536597][ T6776]  __mutex_lock+0x6cb/0xcc0
[  542.541109][ T6776]  ? __mutex_lock+0x4e8/0xcc0
[  542.545906][ T6776]  ? l2cap_unregister_user+0x6a/0x1a0
[  542.551318][ T6776]  ? mutex_lock_nested+0x20/0x20
[  542.556266][ T6776]  ? __wake_up+0x11f/0x190
[  542.560703][ T6776]  ? __wake_up_bit+0x1e0/0x1e0
[  542.565484][ T6776]  ? _raw_spin_unlock+0x40/0x40
[  542.570434][ T6776]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  542.576427][ T6776]  l2cap_unregister_user+0x6a/0x1a0
[  542.581658][ T6776]  hidp_session_thread+0x3c8/0x410
[  542.586791][ T6776]  ? hidp_session_get+0x80/0x80
[  542.591653][ T6776]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  542.597559][ T6776]  ? hidp_session_thread+0x410/0x410
[  542.602857][ T6776]  ? hidp_session_thread+0x410/0x410
[  542.608186][ T6776]  ? __kthread_parkme+0x7a/0x1c0
[  542.613353][ T6776]  ? __kthread_parkme+0x162/0x1c0
[  542.618423][ T6776]  kthread+0x2fa/0x390
[  542.622520][ T6776]  ? hidp_session_get+0x80/0x80
[  542.627395][ T6776]  ? kthread_blkcg+0xd0/0xd0
[  542.632009][ T6776]  ret_from_fork+0x48/0x80
[  542.636446][ T6776]  ? kthread_blkcg+0xd0/0xd0
[  542.641053][ T6776]  ret_from_fork_asm+0x11/0x20
[  542.645937][ T6776]  </TASK>
[  542.648964][ T6776] 
[  542.651300][ T6776] Allocated by task 6497:
[  542.655627][ T6776]  kasan_set_track+0x4e/0x70
[  542.660313][ T6776]  __kasan_kmalloc+0x8f/0xa0
[  542.664907][ T6776]  __kmalloc+0xb4/0x240
[  542.669071][ T6776]  hci_alloc_dev_priv+0x28/0x2060
[  542.674113][ T6776]  vhci_create_device+0x11b/0x650
[  542.679156][ T6776]  vhci_write+0x3b5/0x470
[  542.683493][ T6776]  vfs_write+0x43b/0x940
[  542.687754][ T6776]  ksys_write+0x147/0x250
[  542.692105][ T6776]  do_syscall_64+0x55/0xb0
[  542.696541][ T6776]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  542.702462][ T6776] 
[  542.704800][ T6776] Freed by task 11549:
[  542.708870][ T6776]  kasan_set_track+0x4e/0x70
[  542.713467][ T6776]  kasan_save_free_info+0x2e/0x50
[  542.718502][ T6776]  ____kasan_slab_free+0x126/0x1e0
[  542.723622][ T6776]  slab_free_freelist_hook+0x130/0x1b0
[  542.729095][ T6776]  __kmem_cache_free+0xba/0x1f0
[  542.733958][ T6776]  bt_host_release+0x82/0x90
[  542.738555][ T6776]  device_release+0x96/0x1c0
[  542.743150][ T6776]  kobject_put+0x221/0x470
[  542.747573][ T6776]  vhci_release+0x15d/0x1a0
[  542.752104][ T6776]  __fput+0x234/0x970
[  542.756112][ T6776]  task_work_run+0x1ce/0x250
[  542.760720][ T6776]  do_exit+0x90b/0x23c0
[  542.764896][ T6776]  do_group_exit+0x21b/0x2d0
[  542.769502][ T6776]  get_signal+0x12fc/0x1400
[  542.774042][ T6776]  arch_do_signal_or_restart+0x9c/0x7b0
[  542.779602][ T6776]  exit_to_user_mode_loop+0x70/0x110
[  542.784919][ T6776]  exit_to_user_mode_prepare+0xf6/0x180
[  542.790477][ T6776]  syscall_exit_to_user_mode+0x1a/0x50
[  542.795945][ T6776]  do_syscall_64+0x61/0xb0
[  542.800363][ T6776]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  542.806269][ T6776] 
[  542.808599][ T6776] Last potentially related work creation:
[  542.814311][ T6776]  kasan_save_stack+0x3e/0x60
[  542.818995][ T6776]  __kasan_record_aux_stack+0xaf/0xc0
[  542.824377][ T6776]  insert_work+0x3d/0x310
[  542.828712][ T6776]  __queue_work+0xc39/0x1020
[  542.833305][ T6776]  queue_work_on+0x121/0x1e0
[  542.837994][ T6776]  l2cap_chan_send+0x3a3/0x2580
[  542.842877][ T6776]  l2cap_sock_sendmsg+0x1ae/0x2c0
[  542.847934][ T6776]  sock_sendmsg+0x225/0x370
[  542.852548][ T6776]  hidp_process_transmit+0x190/0x380
[  542.857844][ T6776]  hidp_session_run+0x138b/0x1490
[  542.862872][ T6776]  hidp_session_thread+0x28d/0x410
[  542.867986][ T6776]  kthread+0x2fa/0x390
[  542.872070][ T6776]  ret_from_fork+0x48/0x80
[  542.876493][ T6776]  ret_from_fork_asm+0x11/0x20
[  542.881261][ T6776] 
[  542.883594][ T6776] Second to last potentially related work creation:
[  542.890176][ T6776]  kasan_save_stack+0x3e/0x60
[  542.894859][ T6776]  __kasan_record_aux_stack+0xaf/0xc0
[  542.900241][ T6776]  insert_work+0x3d/0x310
[  542.904572][ T6776]  __queue_work+0xd2c/0x1020
[  542.909163][ T6776]  queue_work_on+0x121/0x1e0
[  542.913756][ T6776]  process_scheduled_works+0xa45/0x15b0
[  542.919306][ T6776]  worker_thread+0xa55/0xfc0
[  542.923903][ T6776]  kthread+0x2fa/0x390
[  542.928063][ T6776]  ret_from_fork+0x48/0x80
[  542.932487][ T6776]  ret_from_fork_asm+0x11/0x20
[  542.937264][ T6776] 
[  542.939589][ T6776] The buggy address belongs to the object at ffff888077f1c000
[  542.939589][ T6776]  which belongs to the cache kmalloc-8k of size 8192
[  542.953664][ T6776] The buggy address is located 160 bytes inside of
[  542.953664][ T6776]  freed 8192-byte region [ffff888077f1c000, ffff888077f1e000)
[  542.967550][ T6776] 
[  542.969877][ T6776] The buggy address belongs to the physical page:
[  542.976311][ T6776] page:ffffea0001dfc600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77f18
[  542.986460][ T6776] head:ffffea0001dfc600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  542.995391][ T6776] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  543.003814][ T6776] page_type: 0xffffffff()
[  543.008150][ T6776] raw: 00fff00000000840 ffff888017842280 0000000000000000 dead000000000001
[  543.016740][ T6776] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  543.025328][ T6776] page dumped because: kasan: bad access detected
[  543.031745][ T6776] page_owner tracks the page as allocated
[  543.037464][ T6776] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5767, tgid 5767 (syz-executor), ts 80997167741, free_ts 80995713386
[  543.058840][ T6776]  post_alloc_hook+0x1cd/0x210
[  543.063617][ T6776]  get_page_from_freelist+0x195c/0x19f0
[  543.069173][ T6776]  __alloc_pages+0x1e3/0x460
[  543.073774][ T6776]  alloc_slab_page+0x5d/0x170
[  543.078463][ T6776]  new_slab+0x87/0x2e0
[  543.082540][ T6776]  ___slab_alloc+0xc6d/0x1300
[  543.087231][ T6776]  __kmem_cache_alloc_node+0x1a2/0x260
[  543.092699][ T6776]  __kmalloc_node+0xa4/0x230
[  543.097301][ T6776]  kvmalloc_node+0x70/0x180
[  543.101813][ T6776]  wg_packet_queue_init+0xb7/0x310
[  543.106936][ T6776]  wg_newlink+0x41a/0x720
[  543.111272][ T6776]  rtnl_newlink+0x14d0/0x2020
[  543.115956][ T6776]  rtnetlink_rcv_msg+0x7c7/0xf10
[  543.120899][ T6776]  netlink_rcv_skb+0x216/0x480
[  543.125677][ T6776]  netlink_unicast+0x751/0x8d0
[  543.130453][ T6776]  netlink_sendmsg+0x8c1/0xbe0
[  543.135243][ T6776] page last free stack trace:
[  543.139919][ T6776]  free_unref_page_prepare+0x7ce/0x8e0
[  543.145390][ T6776]  free_unref_page+0x32/0x2e0
[  543.150080][ T6776]  __slab_free+0x35e/0x410
[  543.154507][ T6776]  qlist_free_all+0x75/0xe0
[  543.159021][ T6776]  kasan_quarantine_reduce+0x143/0x160
[  543.164494][ T6776]  __kasan_slab_alloc+0x22/0x80
[  543.169347][ T6776]  slab_post_alloc_hook+0x6e/0x4d0
[  543.174468][ T6776]  kmem_cache_alloc_node+0x150/0x330
[  543.179762][ T6776]  __alloc_skb+0x108/0x2c0
[  543.184196][ T6776]  netlink_ack+0x376/0x1110
[  543.188701][ T6776]  netlink_rcv_skb+0x29a/0x480
[  543.193466][ T6776]  netlink_unicast+0x751/0x8d0
[  543.198245][ T6776]  netlink_sendmsg+0x8c1/0xbe0
[  543.203012][ T6776]  __sys_sendto+0x46a/0x620
[  543.207521][ T6776]  __x64_sys_sendto+0xde/0xf0
[  543.212207][ T6776]  do_syscall_64+0x55/0xb0
[  543.216626][ T6776] 
[  543.218955][ T6776] Memory state around the buggy address:
[  543.224607][ T6776]  ffff888077f1bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  543.232675][ T6776]  ffff888077f1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  543.240736][ T6776] >ffff888077f1c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  543.248799][ T6776]                                ^
[  543.253911][ T6776]  ffff888077f1c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  543.261969][ T6776]  ffff888077f1c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  543.270050][ T6776] ==================================================================
[  543.279887][ T6776] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  543.287144][ T6776] CPU: 1 PID: 6776 Comm: khidpd_10000008 Not tainted syzkaller #0
[  543.294980][ T6776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  543.305071][ T6776] Call Trace:
[  543.308380][ T6776]  <TASK>
[  543.311340][ T6776]  dump_stack_lvl+0x16c/0x230
[  543.316061][ T6776]  ? show_regs_print_info+0x20/0x20
[  543.321307][ T6776]  ? load_image+0x3b0/0x3b0
[  543.325858][ T6776]  panic+0x2c0/0x710
[  543.329781][ T6776]  ? bpf_jit_dump+0xd0/0xd0
[  543.334330][ T6776]  ? _raw_spin_unlock_irqrestore+0xa9/0x110
[  543.340256][ T6776]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  543.346171][ T6776]  ? _raw_spin_unlock+0x40/0x40
[  543.351045][ T6776]  ? print_memory_metadata+0x314/0x400
[  543.356533][ T6776]  ? __mutex_lock+0x6cb/0xcc0
[  543.361229][ T6776]  check_panic_on_warn+0x84/0xa0
[  543.366200][ T6776]  ? __mutex_lock+0x6cb/0xcc0
[  543.370901][ T6776]  end_report+0x6f/0x140
[  543.375175][ T6776]  kasan_report+0x128/0x150
[  543.379705][ T6776]  ? __mutex_lock+0x6cb/0xcc0
[  543.384425][ T6776]  __mutex_lock+0x6cb/0xcc0
[  543.388968][ T6776]  ? __mutex_lock+0x4e8/0xcc0
[  543.393681][ T6776]  ? l2cap_unregister_user+0x6a/0x1a0
[  543.399083][ T6776]  ? mutex_lock_nested+0x20/0x20
[  543.404043][ T6776]  ? __wake_up+0x11f/0x190
[  543.408481][ T6776]  ? __wake_up_bit+0x1e0/0x1e0
[  543.413262][ T6776]  ? _raw_spin_unlock+0x40/0x40
[  543.418128][ T6776]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  543.424137][ T6776]  l2cap_unregister_user+0x6a/0x1a0
[  543.429371][ T6776]  hidp_session_thread+0x3c8/0x410
[  543.434510][ T6776]  ? hidp_session_get+0x80/0x80
[  543.439378][ T6776]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  543.445294][ T6776]  ? hidp_session_thread+0x410/0x410
[  543.450602][ T6776]  ? hidp_session_thread+0x410/0x410
[  543.455903][ T6776]  ? __kthread_parkme+0x7a/0x1c0
[  543.460875][ T6776]  ? __kthread_parkme+0x162/0x1c0
[  543.465934][ T6776]  kthread+0x2fa/0x390
[  543.470022][ T6776]  ? hidp_session_get+0x80/0x80
[  543.474895][ T6776]  ? kthread_blkcg+0xd0/0xd0
[  543.479505][ T6776]  ret_from_fork+0x48/0x80
[  543.483954][ T6776]  ? kthread_blkcg+0xd0/0xd0
[  543.488568][ T6776]  ret_from_fork_asm+0x11/0x20
[  543.493367][ T6776]  </TASK>
[  543.496720][ T6776] Kernel Offset: disabled
[  543.501052][ T6776] Rebooting in 86400 seconds..