last executing test programs:

18m5.396909848s ago: executing program 32 (id=44):
syz_mount_image$erofs(&(0x7f00000012c0), &(0x7f0000000240)='./file0\x00', 0x2000401, &(0x7f0000000000)=ANY=[], 0x1, 0x22f, &(0x7f0000001080)="$eJzsmL9uE0EQxr/dO59tAgiaFDQURCIIYsfnJk0EQUKiQkgJ/yqwyBEFOzFyDolYQiiioYGOAomGghegiEQqCjpeIBIUgIQEEi4oaNIcmt31ee3D+HJJx/yK1bc7s7sz470pDIZh/lu+fvn9+en5mYUzAA5iAnmz/t0BhNBaWv6fXtw//Xz2wss3H1+/Xz38cGvwPNoSRf0LhX/c7wJ4N+fgUXxTvHuHxISZLECS/kH6CiROmfVrECgZfQsSV40OIHDD6LuWbpJ/qXRnuRGUbjcbiySmaajQ4NNQHYyvsyGwaOZR5EBY9rX1dr3WaAQtS7jG9hdTJhFfVh9P1C8HD505mUMcXxRRFa8/ebxB825tpnX9FBVIVEwSVQjMm/UZ5Lu10SWx8j/m9s53Evkns915q3zJMCrJghazv/alWCQ8aHF0Kts5k5TOuaTpCLLEg/5dOfRMVMn9SXno01HCHf0Wz5ofdHdXjNEDuJQ2i2dFAHvKK58qwt1m0SfGO1sfkqZvo7ZHYvQVIv37KaSNufshZq9qEe263EvFhgW2van7R/RK4KTVn1yrf5TDlXvltfX21PJKbSlYClZ9v5of0zbViMpqTPS9Xn8uqv50wDo/N8TXkx4e1MKwVdGjJzwUEYYtX81967OZ32z+vGm2hbgI4ISeUNv04hOdxB3C0z5S+ZKaTDoxDMMwDMMwDMMwDMMwDMNk4jiE+heU2D6EWA/gX1befwIAAP//gpVaLg==")
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000380)={0x20, r5, 0x1, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x8, 0x2, 0x0, 0x1, [{0x4}]}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40080c1}, 0x800)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x6000)

17m57.936267787s ago: executing program 33 (id=52):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r1, 0x0, 0x0, 0xfffffe04, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x141, 0x0, 0x4}, 0x18)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f002, 0x4})

17m38.29119672s ago: executing program 34 (id=72):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000080000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)

17m33.375521822s ago: executing program 35 (id=76):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

15m39.276415226s ago: executing program 36 (id=191):
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000001000000000000000000001801", @ANYBLOB="0000000000000008a7080000a4cab77c7b8af8ff00000000bfa200000000000207020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000500)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0100000004000000040000000800000000"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000015", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000004c0)='fsi_master_gpio_clock_zeros\x00', r5, 0x0, 0x4006}, 0x18)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52", 0xc)
r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$USBDEVFS_CLEAR_HALT(r6, 0x80045515, &(0x7f00000003c0)={0x3, 0x1})
r7 = accept4$alg(r0, 0x0, 0x0, 0x0)
io_setup(0x42, &(0x7f0000000100)=<r8=>0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r6, 0x40045402, 0x0)
io_submit(r8, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r7, &(0x7f0000000000)='e', 0x3f}])

14m6.625013714s ago: executing program 37 (id=235):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wg0\x00'})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)

13m43.844147103s ago: executing program 5 (id=272):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)

13m42.226257708s ago: executing program 5 (id=275):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
io_setup(0x8, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0xa02000000000000, 0x60, 0x0, 0x0)
request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000002780)={'syz', 0x3}, &(0x7f00000027c0)=',*[\\/&)\x00', 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))

13m40.09537297s ago: executing program 5 (id=276):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18)
r5 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0, 0xdc0450e999c92311, 0x1})
io_uring_enter(r5, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

13m38.214477884s ago: executing program 5 (id=279):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
fstat(r0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYBLOB, @ANYRES32=0x0], 0x50)
ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454cc, 0xffffffffffffffff)
bpf$BPF_GET_MAP_INFO(0x3, 0x0, 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)=ANY=[])
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f00000000c0), 0x18)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x1)
r3 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000080))
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0)
r5 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, 0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r6, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x3, 0x0})
io_uring_enter(r5, 0x47ba, 0x1c5c, 0x20, 0x0, 0xfffffffe)
mq_timedsend(r4, 0x0, 0x0, 0x6, 0x0)

13m36.047702328s ago: executing program 5 (id=283):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'vcan0\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916360000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000007b650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18487b6feb89752cd600000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bbff4bbe0000000000000000000000000044585397feaadda3fcc64e7b0c08f7ac5c64cb190f1712a3b10fc34eb758705f1751d8c8b712eb39d2b8ad44f129c2c9aedb15"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xffffffffffffffff)
keyctl$chown(0x4, r3, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newnexthop={0x58, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0x2c, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x81}, @NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x7fff}, @NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0xdc}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x4}, @NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x1}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
lsetxattr$security_capability(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180), &(0x7f0000000280)=@v2={0x2000000, [{0x4, 0x2}, {0x9, 0x9}]}, 0x14, 0x2)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000090)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={r3, 0x1, 0xe6}, &(0x7f0000000340)={'enc=', 'raw', ' hash=', {'sha256-mb\x00'}}, &(0x7f0000000040)='e', &(0x7f00000003c0)=""/230)

13m33.766863309s ago: executing program 38 (id=284):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r4, 0x29, 0x3b, &(0x7f0000000300)=ANY=[], 0x8)
connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)

13m33.746032457s ago: executing program 5 (id=289):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
add_key(0x0, 0x0, &(0x7f0000000000), 0x0, 0xfffffffffffffffc)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
open(0x0, 0x40000, 0x122)
syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)

13m18.20862498s ago: executing program 39 (id=289):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
add_key(0x0, 0x0, &(0x7f0000000000), 0x0, 0xfffffffffffffffc)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
open(0x0, 0x40000, 0x122)
syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)

11m53.97623788s ago: executing program 9 (id=380):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x8, 0x2002)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000400), 0x6001)
syz_open_dev$tty1(0xc, 0x4, 0x3)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r5, 0x84, 0x85, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006)

11m51.286513516s ago: executing program 9 (id=372):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = getpid()
io_uring_setup(0x30a7, &(0x7f0000000000)={0x0, 0x9dd9, 0x2000, 0x2, 0x373})
r3 = syz_pidfd_open(r2, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r5, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000640)=[{&(0x7f00000009c0)=""/4078, 0xfee}], 0x1}, 0x0)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)="67d8902400aa303e97380e901b1bdbdaf6", 0x11}], 0x1, 0x0, 0x0, 0x40010}, 0x0)
open_by_handle_at(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="15000000fe0000"], 0x56100)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4000)
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
add_key$keyring(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='\\\x00\x00', @ANYRES16, @ANYBLOB], 0x5c}, 0x1, 0x0, 0x0, 0x20000810}, 0x4000004)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x28000010)

11m45.757405879s ago: executing program 9 (id=387):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$pppl2tp(0x18, 0x1, 0x1)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)
r5 = syz_io_uring_setup(0x82e, 0x0, 0x0, &(0x7f0000000080))
epoll_create1(0x0)
socket$unix(0x1, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)

11m40.181362581s ago: executing program 9 (id=384):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11m38.128332254s ago: executing program 9 (id=397):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x43)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x56, 0x10)

11m36.244091931s ago: executing program 9 (id=391):
r0 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
r1 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x40000002})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r4, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xfd, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffc, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x6}}, {0x0, 0x13}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080), 0x7f03)

11m18.97746587s ago: executing program 40 (id=391):
r0 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
r1 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x40000002})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r4, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xfd, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffc, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x6}}, {0x0, 0x13}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080), 0x7f03)

9m42.723875267s ago: executing program 2 (id=520):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x0, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c000b001000010000000000000000000000000062d7af2dbf0372d3a25bdb64cd601c632817645e582691872bf766dd94ff0f3083694fe3e6917519a9aa769669d1403ed772cd3a23cc4ab0e4515552e1c80991ac4a0183d581418df6bedc81b091d41a0ff73dc5751cbb0f0c27e23dd1aa98", @ANYRES32, @ANYBLOB="00000000000000000a0001000000000000000000"], 0x2c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
removexattr(0x0, &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r3, 0x0, 0x0)
getsockname$l2tp6(r3, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x578410eb)
process_vm_readv(0x0, &(0x7f0000008400), 0x0, &(0x7f0000008640), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socket$kcm(0x29, 0x5, 0x0)
pipe(&(0x7f0000000040))
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

9m41.167518221s ago: executing program 2 (id=523):
write$nbd(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000200ffff0300000082b0cfc4337965941538be02000000000000000000007400a391793ba7f40000000000fdf700000000000000000000003e078b4ea9373c73f5f0d747c3d5b253355dc62ee6de97639a2541327d2576f482f67452af6c45419d074aedf0d2074848a66ba8f197463c961664"], 0x40)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000680)={0x0, 0x0, 0x3}, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
mkdir(&(0x7f00000002c0)='./bus\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x820009408200a5fe)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x150)
mknodat$loop(r1, 0x0, 0x2000, 0x1)
chdir(&(0x7f00000003c0)='./bus\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
read$dsp(0xffffffffffffffff, &(0x7f00000011c0)=""/4117, 0x200021d5)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x8008af26, &(0x7f0000000680))
linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x4, 0x0)
pread64(r0, &(0x7f00000008c0)=""/249, 0xf9, 0x2)
ioctl$COMEDI_SETWSUBD(0xffffffffffffffff, 0x6411)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0)
unshare(0x2c020400)
msgget$private(0x0, 0x240)
msgsnd(0x0, 0x0, 0x2000, 0x0)

9m39.627073427s ago: executing program 2 (id=525):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
clock_adjtime(0x0, &(0x7f0000000040)={0x37db, 0xf423f, 0xfffffffffffffffc, 0x0, 0x0, 0x9, 0x0, 0x1, 0x3, 0x80000, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x5c43, 0x1, 0x6})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in6=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x2}, {@in=@local, 0x0, 0x33}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x60}, [@algo_auth={0x48, 0x1, {{'sha1\x00'}}}]}, 0x138}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})

9m36.610764244s ago: executing program 2 (id=538):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
write$FUSE_INTERRUPT(r0, &(0x7f0000000080)={0x10}, 0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xdc}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_socket_connect_nvme_tcp()
recvmsg$inet_nvme(r3, 0x0, 0x101)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
read$FUSE(r4, &(0x7f00000034c0)={0x2020}, 0x2020)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000004c40)={@remote}, 0x14)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$nbd(r6, &(0x7f00000003c0)=ANY=[], 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)

9m34.610632521s ago: executing program 2 (id=530):
ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, &(0x7f0000000300)={0xb0, 0x3, 0x2b, 0x8000, 0x9})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x40, &(0x7f00000005c0)={[{@nobh}, {@init_itable}, {@dax}, {@dax_inode}, {@resuid}, {@dioread_nolock}, {@data_ordered}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@jqfmt_vfsv1}]}, 0xfc, 0x564, &(0x7f0000002bc0)="$eJzs3c9rHFUcAPDvbLL9rU2hFPUggR6s1G6axB8VPNSjaLGg97ok01Cy6ZbspjSxYHuwFy9SBBEL4h/gyYvH4j/gX1HQQpES9OAlMpvZdNPdTbbJtkm7nw9M8t7M7L757sz38WbfLhvAwBrN/hQiXo2Ib5OIwy3bhiPfOLq63/LD61PZksTKymd/J5Hk65r7J/n/g3nllYj4/euIk4X2dmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sw7kxPvv/du32J98/y/P3x696Mz3xxf/v6X+0duJ3E2DuXbWuPYhhutldEYzV+TYpx9bMfxPjS2myQ7fQBsyVCe58XI+oDDMZRnPfDi+yoiVoABlch/GFDNcUDz3r5P98HPjQcfrt4Atcc/vPreSOxr3BsdWE7W3Rll97sjfWg/a+O3v+7czpbo3/sQAJu6cTMiTg8Pt/d/Sd7/bd3pHvZ5vA39Hzw7d7Pxz1udxj+FtfFPdBj/HOyQu1uxef4X7vehma6y8d8HHce/a5NWI0N57aXGmK+YXLxUSbO+7eWIOBHFvVl9o/mcM8v3Vtav+XWt1Dr+y5as/eZYMD+O+8N71z96ulwvbzfupgc3I17rOP5N1s5/0uH8Z6/H+R7bOJbeeb3bts3jf7pWfo54o+P5fzSjlWw8PznWuB7GmldFu39uHfujW/s9xF/sY7htsvN/YOP4R5LW+dpat2fqPm/0077/0m7btnr970k+b5T35Ouulev1+fGIPckn7esnHj22WW/un8V/4vjG/V+n639/RHzRNeL1bh291XXXnb7+s/inn+j8P3nh3sdf/tit/d7O/9uN0ol8TS/9X68HuJ3XDgAAAAAAAHabQkQciqRQWisXCqXS6uc7jsaBQqVaq5+8WF24PB2N78qORLHQnOk+3PJ5iPH887DN+sRj9cmIOBIR3w3tb9RLU9XK9E4HDwAAAAAAAAAAAAAAAAAAALvEwYh9nb7/n/lzaKePDnjq2n66QeLDwOj+0y35ln780hOwK3XPf+BFJ/9hcMl/GFzyHwaX/IfBJf9hcMl/GFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAPrq/Llz2bKy/PD6VFafvrq4MFu9emo6rc2W5hamSlPV+SulmWp1ppKWpqpzmz1fpVq9Mj4RC9fG6mmtPlZbXLowV124XL9waa48k15Ii88kKgAAAAAAAAAAAAAAAAAAAHi+1BaXZsuVSjqvoLClwvDuOAyFPhd2umcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEf+DwAA//9MBzmC")
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000004, 0x50, r0, 0x802e6000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000100)={0x4, 0x3, 0x7, 0x6, 0x7, "bca2eab1eaabc68a"})
capset(&(0x7f0000000340)={0x20080522}, 0x0)
ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000000)=0x8001)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x6e, 0xffffffffffffffff, 0x4}, 0x14)
mount(0x0, 0x0, 0x0, 0x5, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x5, 0x88ce, 0x3)
open(&(0x7f00000000c0)='./bus\x00', 0x64a42, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f0000000540)=ANY=[@ANYBLOB="03fa85d3d47331559fbae7be5871378e4bc25275e10100bd2495dec9a70ad813ea7f6f931cef21bc27fa1b58ebcda00557496cba0247131675c4594a03860d03dff24290ca6d1f9b0794aaa7f72d145c5569f16e"], 0x4)

9m29.92927528s ago: executing program 2 (id=534):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
socket$phonet_pipe(0x23, 0x5, 0x2)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r2, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0xc, &(0x7f0000000840)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
close(r0)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x502, 0x98)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newchain={0x54, 0x64, 0x1, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xd}, {0xf, 0xd}, {0x4, 0xd}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_ADDEND={0x8, 0x5, 0x5}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x8001}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1d04e}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x7}]}}]}, 0x54}}, 0x48010)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
fcntl$setlease(r4, 0x400, 0x1)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000000)='.\x00', 0x20400, 0x74)
unlinkat(r6, &(0x7f0000000080)='./file0\x00', 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan1\x00'})
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0x541b, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
close_range(r7, 0xffffffffffffffff, 0x0)

9m14.163188495s ago: executing program 41 (id=534):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
socket$phonet_pipe(0x23, 0x5, 0x2)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r2, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0xc, &(0x7f0000000840)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
close(r0)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x502, 0x98)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newchain={0x54, 0x64, 0x1, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xd}, {0xf, 0xd}, {0x4, 0xd}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_ADDEND={0x8, 0x5, 0x5}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x8001}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1d04e}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x7}]}}]}, 0x54}}, 0x48010)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
fcntl$setlease(r4, 0x400, 0x1)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000000)='.\x00', 0x20400, 0x74)
unlinkat(r6, &(0x7f0000000080)='./file0\x00', 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan1\x00'})
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0x541b, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
close_range(r7, 0xffffffffffffffff, 0x0)

8m16.16070101s ago: executing program 0 (id=613):
r0 = socket$xdp(0x2c, 0x3, 0x0)
syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x2818c90, &(0x7f0000001f80)=ANY=[@ANYRES16, @ANYRESOCT=r0, @ANYRES16=0x0, @ANYRES8, @ANYBLOB="f23bbc3902c074df86b7ffd3e50d797dc3efafa4ec03e9435f5d7eab3b8bf48d9d3cf3a4bddb373f71e537043f56b6922afc66ddc8ff3a1325d1e8254aee7a73190804b55481747debb2fafc3ce77b6203be205586dc47c1288fed020b042a4176b3867ff7e3b46f97d0985a707186f23b12db5e3f45318918de2ecefaa12ee02f1fc80682fd5c1a2d930f6c302120bd3cd26db93f52fd68913731cee8c5d9bd065d349fe63e7d566bf589c2b8567f4749543409b08d1b184050ef386fcc5fb7112c025cbd7dcb677ba96ebf8e925042f969a5d6b4db9e110e00f4c1338a8f04968de299006439c3c8ec504afa9d4214c88c558224b40448be70ad22e2090d1334f5ece3804311ac0fae30682be6f910fe43977cab3bf8c1e10d2875dcd253a83c09b980141c00b84dc2f211fce7eac715669e53d9b3902f424c4ba11406dbfaa38cabae10d73a1d11b90dae21b1adc05eb3796e17f07d2b29d38118cb33fa86491fdddf12790da03339c708446352b03be34128efa1122aec45340899a61382efe975d303825fc0f1e907cdc5fdbceefe9bc4df26c11b3a9dc9164711ab32b6dcbd2334d075c55b6c8f4bd8386dc976cddec946e3c2e866f36facc9ab9ae6806c174c848b097ea7f19751be7c0f971109c8afdfbcba52a8b3084768fed580f1338182d18cad27a8afbd8b2e42003b7e613aa4c23de3345ca29779ff0562fedc1740266d8ea4b4faa4b00894f245fcdda4bf959635e6a655cd8d99080c0d02ade89a97b2568e74064ae56ad5ce00a293fa5ac3dbebda99b76cd55b006a66ed2d319045495bce9f8f73d58255ace453cd07efc482bbc003495d4bed6567d70e9ffc1bec7b2e8bcf03e328a7662544b0be76f9c3c9e3fbbd6cfeb1e5029339f1efed2f88fe0427e1831024ec735f4f383e7e56c73ed33d958492d90e51bc4070d5f6035018619a3e06ec98c6522e8c0d3574fd13aa111837eeea599256dd62ae402a535dc12a98317f378cca1c3b328c219347758bcabd93968620654c60aaefc631d2ce32dc18d4803cc37478891e92bdc3a03bc1238915b9dfe08b73f41cbd42dc95d98b00ba3aa0512c59325584aa47304c4ad6fbaabcf54b93e8786052fc0d0aa61c5213014e22fe3b4d279b5c4ffb168d714b8ef59f82073ea79e5f5d043920ddf4c43f249d62a3bd1f569dac7ab6ba871369fd5f165dff20f7645fbaf788c3f4d244c6cd6d12f78db3184b60e70de2939898b7264cb0110b9d843878ecedc73079d7e5e3b30b2ef0c3e2e97e0106568b8261b1945624d05cc601793b49dbf651429f9869fe6438a30f6700de74c7ca2a04d7150e5ba73e9f8830036901cf8970716709dec667da6db091862912575551dc25241eb86a28b162d6ba2f13ea246b7c4d623cc21dc56b9463c24eb47c0a081b790e297d85808dee2b491c99ee62f5b1f5f3f853724a520a8523bcd56f7be7d50b37e9e481482ab9c3e1be938adcbd4de9202d0ffdf605cd3b04165f1cd0d6e07952ae8c9d526588f86306d6ba86d80c65a9012a46a44cfc1c4d827d995ffdf9b69d4e3f926de99e9bdc6673c5a031a8748140f91dbc24b99c8892f7e0f5a10eb25aba0d08b4eaaa5b979c48588a082b6c223aa09096c0264d0ed0a87a46ee262c2d96967be16c85db0be7488a0b65b17e9a20e08af02d48d7ac32969bd4de2f5123c9f952b172e6cd0850cb8facc0981857b8f32b04ef071209fdea75eb9ff3d8e2a99082d4d5d636e78950181bbf21e28ab61c0db4f610ab1f0019ac69807444c0d341b1def4b2fa8d32d2d246eeb6a4ae0f5e8fdfaa6bbaf28ff1b30e139032fe400a10a5391131f2496c8e92e6236ed8cfdbda8196268ffebdde7d6707557f6958bada1a3137595d97e3465e034edfc35dd5099a937310d8cef2e9b21077bf94d8a5ec63f1e1e6e5c49ebe2d6b8fd91123b95a83860f6f7c2ecb0661065bddb9fc4d50a1ebe214d26c525012a863e3b9de41b7f04ccaa7a54ef681153ca669a24364aa9d09798f2176eeb8311c7549255e19c6d4e3c5ae34d53d1941ca8a152cc53c4f4a894fe13edeffe08edac38d66baaa04d23e46af23eaf1b7102dde55cc459ed3738d052b4e45a7445050ef20ec91820da3c64089f3b52d060d4ec224afb9c9f000a2d5edb9a6dfef9e7411b1758c9c0e1b15ca68902f07b3582ffbd6575dd6a95bfc124cecafe7bfe2136c897bff631b17f2569ad9aebaa12b622488479b49b4b604dcd900813eb13bc63a7a22285acac944189d2ec34f3ddd80ebd567a0794e17c410f89066bc1d33cea965218a8a9ae05b45533037cf23e2e940fe54f8f8c5926c6b90b7a7e88fe71f99e6fd5fd80a9e8a0c1024d062581d4ead794237af1798699e793342a05b090da0ad3f5cc93db703b27ab9681a3ab54d6af8c7bebd16bf8a8014eec64227b8dca6f088f1656ef7be0a90da5b9a24992a63568546af4c12859801bc2b9fdb626cc57a9d24cfa6ffdfaf40ccdedb676a9e5ebfc867d87134cff3d7206f96998be95aaa6c39c42ea27f3df6cd43970d387521434811617a3d6c399461e3e07a9925384ca1e60997427453ca3f17b4d7c6f41d6a74f0eb030eefd4002a5b8290786149add85fb608d6988f93f50e3534c1e6e63a94cf92db3e0e04ebdee0a143f0d80d1ea839e66705bb72205720456689edc03957d4989d2a125a855e40dd083514db896be38adfe901443b6c91287fb6771e56c47bc6df5f1df364cafeeb948f77ab45d7184049aa0c7a7748252c526c80cd3485e4482c2f99e9983f572648a544277b1b8119409dcefafd43b9cca32d14ba60ecd5420659d9d2ddfd2dacadcdfc0e1d34c6fe9f98dd2d3e4fb3acb41808d667bd02cf6daf786ed1b6ba970c83dfe8831de12dac54f97e28ac5e89d76415fe866fa9890eb8f1607bd4cd2326e7fc0387fef21534b8841b5c7e529bf1a7777a04913fba7c2448a0a20fe65b0427b6150afcf7fe8fca4e79c8b5586190de3b85f867a24fb7abab86483ad4fed4a9d2985cc730ddadf00976951ae693f972ebae657b7fe3426317085fd03fdf277af6773b39baefb08f81ad33b319e2086a599d2325b49841e4c5da45bcaa436445f0f1417f1f45902477ba2228193cc8147b4d13e55066580dbb050bdd04435f2115e6eebe107f288874ed19d00e7b0931e6437c741446abad095fb1a42b49b4c3c7fab8bfc5e0e09166e9f7ae6085a3095668999b86bf7a7fa920d9bd6093cafb7a765154e3dd960937576081ef0fb5c2b8b615c38740867162f32839d1f54c5aedd8b042dbf8ec37d50e6deeee8541b40a068778d51780cdc3823bd76ff2bd514b5288cead3e28b95085d8871e2efd5e6cf2182961e6b95cd4886c80eb4dc5a28575dd71d468335fbe2699384cf2ed7939e5f2322bd1f137e8a2538bd2e13649ca16e06d28aa1b1a299dd779fb612d1fab38504c851626b7b7e147778416a61c9860eb2c25befea06481d88eb6a95a69b4077582dcbd6ed97359cf53f2df044a2c2b861011fa84b5f1367610d4d39ddc50e6c2a1189e28639902c95d2ca02299f54dcbb86b1480dc5c2b226bcc4de14f3ec357aeaa3be2fa4b5aad17b01e0d70ae60fef32fadf145cc43cdaaff2be11dbf3386a53ffe85cbb3f599f41441a7bf4e69952d88a284af9f86ad417b368fec3cfa0bb46f1f5afa327f60199b908269f3315b1b96bb32d25127bb92b3556e6af35cbadb7159a0a07f68841dbfba5f69874ecc4dd706e68fd48c34d3460634d4b01af8cf9532cba53e2717f8d1a58b0993bf9e81bc2ddde6d2f7c123560378bf559bbb3a89e398647621aff8c9334d5114d2835c639f36861c2a14ed09a499afc99006023a6e5759f12dd3893d5c31a25ce32bb4884d192d3730f0468895efad6f18d294681a5fbc93a351c688d7e288f2b6eebfea8d15be7d8095c3d0174f871574310e1c821ce0ac9c0b4ae6c2c41d88f9b3073d2be9152d643cb5810abb309562f840d7f5873702778631f0ef1d229dde7917c9b7b9a7f3cd316109908fbaa59ecfed3b44a78f8ca4ca0d62911d7eab4c7a343ce40c74ca41fb6a4b81d3ffdd077707c8a01be3777c706f567a4f272ab83d9b6dd742974fdfed4e183a30b0bd6a2c63570f5e4710c39be995febc4a97375a7f40f725f3df0f1c6453bf7d3b4b6eb88bb9923b4bd4c17c02d8610aff382ab23b074c66d33be6146c491585d51fc211ac16b4240f0d3a58124b7697b2d82b77c05e0ff6c4dadd7b992cc2d20f14314b5e144673b2658323ddc0c17be2e09be9c4cb51bcb3476585881052eec3f51b6109da142bec3779e1c3e37b50a0d39b8a57c5d364635731b2b2677e23b04aadb7b1a7a2adc1a4e30e971f361231b3711f66194b4e568af4568b7c1c1ba333aed8fdb6f21b52a9bd2b5d022b2a840770573b01bb2004baaf10965b44e05b4103fa246f1fde58ce7758ab8859f1815fdcfba7b4bae5e72744266f9a37980e5ab05e7c99f2a2f68ce8d40290c0fa7e195398b506dbbefdcebe05162025ebf845a3ecca9f9af258733f29b7f4d528716ca68a4f47eb658c729054305847ccfd5cf2062395a8ede53cc003d326a87e0c24ec0fe9b2fd43f99b410d9e187f4a47ccd1fa0cf22ab435ebf2d54c3eb7cb66ceb3b2088bf22c45a926a779e13881d07e9bd573a764b633d5f65d4fbb5da403967978c4a8119a47164b66eb687c2b1931da9dc5c61c2d56902abaef0e98218093756240fec1cfe5f2942a962c0fe38149850588807907e2fadcbbdf635ea40e5a216ec38bcbb098d33f80fb7551b33ff9397e73be1d9bcda1c6f9f6591f626855f40a385059340cbc0b2ddab5438986e4581cd39d3cf1e75fae76165fb85a35edd3c82734529996c4be4add931f7a9f1de940d3f9ae6a4aa298cc68a83da49745bfd729afac0fbc996ea97438c8d50679e4ae52ef62cedc08e2ffaaaaa86ef6b5998e73fbd73f3dc52a0e1c0e57593c77515066f8114554bc372ba39dd5c9e17f27503a04181d94450856280bbcf217d4863e6b9ac63d010726297fdaeb38b9fb30d7ddc00e37f219e963a7644033c4c5a7258f78cd21a8816f5eb161ff2f0445a89bfbd4bde008330cc4e6b2e1a736b1dfd47686717334681572ea58a8f1c31c3349d1d93d2d4f488064cc3151229a2abc2b49d8b6b7e712b5026376c6f287da839043472280f3fe537860757cd0ac160ca6b2dafe1ad8f0caa24c10c8743df804bf361eec937cdcb53af2337b5c8ee4c5d17e194fa54253ef1c4c09bda482107424418e1ab325fab22f27ac8899e69a3fe447488d04de34f21a32cd2a4a35e2748b620dd54af6212f519ae243b7c8a7141627659ecdcb259a2c9edc08d6738f0f075642b60e1312c24e4cc989ce0e856bf2efd5f77091d36ebf4bfe342e5ebd5fd68656ff53af915b5781c6a7e894ac01546c85adf374b21dbd894fe24d58b1d590d88cbcc6bdea8f0e7630ab46fcd53fb58e2589f2ccfa0958039d7e4776e963e76068b3b71d5b0f8f5323d9796f5ff2a6f1358f700345a6cf1f29d654b814a280d45a73fece3378a06ae0a2e02362774856607479111eb84387f997fc6422794ca473a9e30d6c1a61cf5bf349bec3fd8c40b025ce8d5898949d51d789b6b053885d49cae87881d4ea929ebcfd9dbb8fe8e25e2ae754ebf3a888470ff1eedba57834a07c99c1ea61ccd07557b02f8dff48299efebda9a49846b1533d78a49c6f3b4b7afe34928a6f77c0be57a8f45ccfe20004ac01b1acde2af68a6d2013ce5d94a19be5b409ff7de3f814d43aa7436bb1c5e825dc5b919105022a349d9e2e3a745044c4eab99ec039cbe0a91fc4a901b0452ea87e910ce6b26b0619250a19033dac8afd9956fcd5d3122c5e0a62dd962e876d140c0ad8fcae49889216ddc500d2638e8c63255047a55056c756349f6d8fe28b4aee98c2bed4b4a2e34eb901bfd3acedd2c574f4a1bcffe6752716d9508e5503fe122cb12f3d811a87013f9f25f3e25b5de80915da54b9af2e36aba71706"], 0x1, 0x1520, &(0x7f0000000440)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm9yWSZJIklySZIkSXJLSJrkSEJiyC1pSJLkMiSXISSXaUwa9/tdEpKkSZKQ3JL1/wh/p1Pndzq/0zl+nzPP9/PZn1nPu/ez9trv8+733Xu9M/Ntl6E1G9eq1pCI4F+C538kA0AsAAwEgKsAIACA8vHl48+tzy0x+V/bCftzPZh2uUfALieuf87G9c/ZuP45G9c/Z+P652xc/5yN65+zcf0Zy8k2Tit0NS85d+H5/5yMP///i2SXGfPl6jLXdgWI+aMpXP+cjev/Xyv4Ixtx/XM2rn9OFXu5B8D+D+DzPyfI9XfXcP1zNq4/YznZv3+OWbnLPcf9Py0QydnfgVzu1x9jjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsZzhpL9EAcDF9uUeF2OMMcYYY4wxxv48PtflHgFjjDHGGGOMMcb+/RAESFAQQAzkgljIDXEgAOBKyAtXQQSuhni4BvLBtZAfCkBBKAQJUBiKgAYDFghCKArFIArXQXG4HkpASSgFpcFBGUiEG6As3Ajl4CYoDzdDBbgFKkIluBUqw21QBW6HqnAHVIM7oTrUgJpQC+6C2nA31IF7oC7cC/XgPqgP90MDeAAawoPQCB6CxvAwNIFHoCk0g+bQAlr+r/Kfhx7wAvSEXpAMvaEPvAh9oR/0hwEwEF6CQfAyDIZXIAWGwFB4FYbBazAcXocR8AaMhDdhFLwFo2EMjIVxkArjYQK8DRPhHZgEk2EKTIU0mAbT4V2YATNhFrwHs+F9mANzYR7Mh3T4ADJgAWTCh7AQPoIsWASLYQkshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC2yFj2EbfALb4VPYATthF3wGu+HzfzL/xN/kd0VAQIECFSqMwRiMxViMwzjMg3kwL+bFCEYwHuMxH+bD/JgfC2JBTMAELIJF0KBByk1YFItiFKNYHItjCSyBpbAUOnSYiIlYFm/EclgOy2N5rIAVsCJWwkpYGStjFayCVbEqVsNqWB2rY02siXfhXdgb62AdrIt1sR7Wuzg9hQ2xITbCRtgYG2MTbIJNsSk2x+bYEltiK2yFrbE1tsW22A7bYXtsj0mYhB2wA3bEjtgJO2Fn7IxdsAt2xW7YLfv5XIAv4AvYC6uL3tgH+2BfTMnVHwfgAHwJB+HL+DK+gik4BIfiq/gqvobD8TiOwDdwJI7EKuItHI1jkMQ4TMVUnIATcCJOxEk4GSfjVEzDaTgdp+MMnIkz8T2cje/j+zgX5+J8TMd0zMAFmImZuBBPYBYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFL56sCgA/xZ24E1NwN+7GPbgH9+Je3If7MBuzcT/uxwMW8CAexEN4CA/jETyKR/AYHsPjeAJPYr8LXT2b8HWjT0quSgFxjhJKxIgYEStiRZyIE3lEHpFX5BURERHxIl7kE/lEfpFfFBQFRYJIEEVEEWGEESTCGAAQUREVxUVxUUKUEKVEKeGEE4kiUZQVZUU5UU6UFzeLCuIWUVFUEm1cZVFZVBFtXVVxh6gmqonqooaoKWqJWqK2qC3qiDqirqgr6ol6or64XzQQvbE/PijOVaaxGIJNxFBsKpoJeeFIWonh2Fq0EW3F4+INHIHtRSuXJJ4SHcRo7Cj+IsbgM6KzGIddxHOiq+gmuovnRQ/R2vUUvcQk7C36iKnYV/QT/cUAMQNriPdwdu6a4hWRIoaIoeJVMR9fE8PF62JEbxAjxZtilHhLjBZjxFgxTqSK8WKCeFtMFO+ISWKymCKmijQxTUwX74oZYqaYJd4Ts8X7Yo6YK+aJ+SJdfCAyxAKRKT4UC8VHIkssEovFErFULBPLxQqRG1aJ1WKNWCvWifVig9goNonNYovYKj4W28QnYrv4VOwQO8Uu8ZnYLT4Xe8QXYq/4UuwTX4ls8bXYL74RB8S34qD4ThwS34vD4og4Kn4Qx8SP4rg4IU6KU+K0+EmcET+Ls8ILkCiFlFLJQMbIXDJW5pZx8gqZRwYXnt2rZby8RuaT18r8soAsKAvJBFlYFpFaGmklyVAWlcVkVF4ni8vrZQlZUpaSpaWTZWSivEGWlTfKcvImWV7eLCvIW2RFWUneKivL22QVebuEyPl9VJc1ZE1ZS94lk+FuWUfeI+vKe2U9eZ+sL++XDeQDsqF8UDaSD8nG8mHZRD4im8pmsrlsIVvKR2Ur+ZhsLdvItvJx2U4+IdvLJ2WSfEp2kP7CS+QZ2Vk+K7vI52RX2U12lz/Ls9LLnrKXhN4g+8gXZV/ZT/aXA+RA+ZIcJF+Wg+UrMkUOkUPlq3KYfE0Ol6/LEfINOVK+KUfJt+RoOUaOleNkqhwvJ8i35UT5jpwkJ8spcqpMk9Nk/ws9zZLyH+a//Tv5g3/Z+wa5UW6Sm+UWuVV+LLfJT+R2uV3ukDvkLrlL7pa75R65R+6Ve+U+uU9myzvkfrlfHpAH5EF5UB6Sh+RheUSekj/IY/JHeVyekCfkKXlanpZnLjwHoFAJJZVSgYpRuVSsyq3i1BUqj7pS5VVXqYi6WsWra1Q+da3KrwqogqqQSlCFVRGllVFWkQpVUVVMRdV1F9+jVClVWjlVRiWqG/6ZfFVcXa9KqJK/yr84vuS/M76WqqVqpVqp1qq1aqvaqnaqnWqv2qsklaQ6qA6qo+qoOqlOqrPqrLqoLqqr6qq6q+6qh+qheqqeKlklqz7qRdVX9VP91QA1UL2kBqlBarAarFJUihqqhqphapgaroarEWqEGqlGqlFqlBqtRquxaqxKValqgpqgJqqJapKapKaoKSpNpanparqaoWaoWWqWmq1mqzlqjpqn5ql0la4yVIbKVJlqoVqostQitUgtUUvUMrVMrVAr1Cq1Sq1Ra9Q6tU5lqY1qo9qsNqutaqvaprap7Wq72qF2qF1ql9qtdqs9ao/aq/aqfWqfylbZar/arw6oA+qgOqgOqUPqsDqsjqqj6pg6po6r4+qkOqlOq9PqjDqjzqqz5y77AhGIQAUqiAligtggNogL4oI8QZ4gb5A3iASRID6ID/IF1wb5gwJBwaBQkBAUDooEOjCBDcSFokeD64LiwfVBiaBkUCooHbigTJAY3BCUDW4MygU3BeWDm4MKwS1BxaBScGtQObgtqBLcHlQN7giqBXcG1YMaQc2gVnBXUDu4O6gT3BPUDe4N6gX3BfWD+4MGwQNBw+DBoFHwUNA4eDhoEjwSNA2aBc2DFkHLP7V/748XeMz11L10su6t++gXdV/dT/fXA/RA/ZIepF/Wg/UrOkUP0UP1q3qYfk0P16/rEfoNPVK/qUfpt/RoPUaP1eN0qh6vJ+i39UT9jp6kJ+speqpO09P0dP2unqFn6ln6PT1bv6/n6Ll6np6v0/UHOkMv0Jn6Q71Qf6Sz9CK9WC/RS/UyvVyv0Cv1Kr1ar9Fr9Tq9Xm/QG/UmvVlv0Vv1x3qb/kRv15/qHXqn3qU/07v153qP/kLv1V/qfforna2/1vv1N/qA/lYf1N/pQ/p7fVgf0Uf1D/qY/lEf1yf0SX1Kn9Y/6TP6Z31W+3MX9+c+3o0yysSYGBNrYk2ciTN5TB6T1+Q1ERMx8Sbe5DP5TH6T3xQ0BU2CSTBFTBFzDhkyRU1REzVRU9wUNyVMCVPKlDLOOJNoEk1ZU9aUM+VMeVPeVDAVTEVT0dxqbjW3mdvM7eZ2c4e5w9xp7jQ1TA1Ty9QytU1tU8fUMXVNXVPP1DP1TX3TwDQwDU1D08g0Mo1NY9PENDFNTVPT3DQ3LU1L08q0Mq1Na9PWtDXtTDvT3rQ3SSbJdDAdTEfT0XQynUxn09l0MV1MV9PVdDfdTQ/Tw/Q0PU2ySTZ9TB/T1/Q1/U1/M9AMNIPMIDPYDDYpJsUMNUPNMDPMDDfDzQjzhhl57kLVvGVGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbDJNhMk2mWWgWmiyTZRabxWapWWqWm+VmpVlpVpvVZi2sNevNerPRbDSbzWaz1Ww128w2s91sNzvMDrPL7DK7zW6zx+wxe81es8/sM9km2+w3+80Bc8AcNAfNIXPIHDaHzVFz1Bwzx8xxc9ycNCfNaVPgwuelN7E2t42zV9g89kqb115l/zYuaAvZBFvYFrHa5rcFfhUba20JW9KWsqWts2Vsor3hN3FFW8neaivb22wVe7ut+pu4tr3b1rH32Lr2XlvL3vWruJ69z9a3D9sGiAC2mW1kW9jG9mHbxD5im9pmtrltYdvZJ2x7+6RNsk/ZDvbp38QZdoFdaVfZ1XaN3WF32pP2lD1gv7Wn7U+2p+1lB9qX7CD7sh1sX7Epdshv4pH2TTvKvmVH2zF2rB33m3iKnWrT7DQ73b5rZ9iZv4nT7Qd2ts20c+xcO8/O/yXOsGgz7Yd2of3IZtkAFtsldqldZpfbFf9/rEvsOrvebrDb7ad2s91it9qP7baLF8J2p91lP7O77ed2v/3G7rVf2n32oM22X/8Snzu+g/Y7e8h+bw/bI/ao/cEesz+qi9nnjv0H+7M9a70FQgKSpCigGMpFsZSb4ugKykNXUl66iiJ0NcXTNZSPrqX8VIAKUiFKoMJUhDQZskQUUlEqRlG6ji4OrxSVJkdlKJFuoLJ0I5Wjm6g83UwV6BaqSJVyX9iMbqeqdAdVozupOtWgmlSL7qLadDfVoXuoLt1L9eg+qk/3UwN6gBrSg9SIHqLG9DA1oUeoKTWj5tSCWtKj1Ioeo9bUhtrS49SOnqD29CQl0VPUgZ6mjvQX6kTPUGd6lrrQc9SVulF3ep560AvUk3pRMvWmPvQi9aV+1J8G0EB6iQbRyzSYXqEUGkJD6VUaRq/RcHqdRtAbNJLepFH0Fo2mMTSWxlEqjacJ9DZNpHdoEk2mKTSV0mgaTad3aQbNpFn0Hs2m92kOzaV5NJ/S6QPKoAWUSR/SQvqIsmgRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6mbfQJbadPaQftpF30Ge2mz2kPfUF76UvaR19RNn1N++kbOkDf0kH6zvei7+kwHaGj9AMdox/pOJ2gk3SKTtNPdIZ+prPkCUIMRShDFQZhTJgrjA1zh3HhFWGe8Mowb3hVGAmvDuPDa8J84bVh/rBAWDAsFCaEhcMioQ5NaEMKw7BoWCyMhteFxcPrwxJhybBUWDp0YZkwMbwhLBveGJYLbwrLhzeHFcJbwophpfDheyuHt4VVwtvDquEdYbXwzrB6WCOsGdYK7wprh3eHdcJ7wrrhvWG58L6wfnh/2CB8IGwYPhg2Ch8KG4cPh03CR8KmYbOwedgibBk+GrYKHwtbh23CtuHjYbvwibB9+GSYFD4Vdgif/mX9fQv+/vrksHfYJ3wxfDH0/h45Lzo/mh79IJoRXRDNjH4YXRj9KJoVXRRdHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH90Q9b5WLnDohJNOucDFuFwu1uV2ce4Kl8dd6fK6q1zEXe3i3TUun7vW5XcFXEFXyCW4wq6I084468iFrqgr5qLuOlfcXe9KuJKulCvtnCvjEl0L19K1dK3cY661a+Pausfd4+4J94R70j3pnnId3NOuo/uL6+SecZ3ds+5Z95zr6rq57u5518ONz3v+ZEt2fVwf19f1df1dfzfQDXSD3CA32A12KS7FDXVD3TA3zA13w90IN8KNdCPd3QpgtBvtxrqxLtWluglugpvoJrpJbpKb4qa4NJfmprvpboab4arMPL+XOW6Om+fmuXSX7jLcuWvGTLfQLXRZLsstdovdUrfULXfL3Uq30q12q91at9atd+vdRrfRbXab3Va31W1z29x2t93t8Fed79TtdnvcHrfX7XX73Fcu233t9rtv3AH3rTvovnOH3PfusDvijrof3DH3ozvuTriT7pQ77X5yZ9zP7qzzLjUyPjIh8nZkYuSdyKTI5MiUyNRIWmRaZHrk3ciMyMzIrMh7kdmR9yNzInMj8yLzI+mRDyIZkQWRzMiHkYWRjyJZkUWRxZElkaWRZRHvC28OfVFfzEf9db64v96X8CV9KV/aO1/GJ/obfFl/oy/nb/Ll/c2+gr/FV/SV/K3+Ed/UN/PNfQvf0j/qW/nHfGvfxrf1j/t2/gnf3j/pk/xTvoN/2nf0f/Gd/DO+s3/Wd/HP+a6+m+/un/c9/Au+p+/lk31v38e/6Pv6fr6/H+AH+pf8IP+yH+xf8Sl+iB/qX/XD/Gt+uH/dj/Bv+JExb/pRF2+RYZxP9eP9BP+2n+jf8ZP8ZD/FT/Vpfpqf7t/1M/xMP8u/52f79/0cP9fP8/N9uv/AZ/gFPtN/6Bf6j3yWX3RxUtkv9yv8Sr/Kr/Zr/Fq/zq/3G/xGv8lv9lv8Vv+x3+Y/8dv9p36H3+l3+c/8bv+53+O/8Hv9l36f/8pn+6/9fv+NP+C/9Qf9d/6Q/94f9kf8Uf+DP+Z/9Mf9CX/Sn/Kn/U/+jP/Zn+W/WWOMMcYY+0PGX2qKX685P53f+3dyxF9t3AcArtxSKPuv15+7olyb/3y7n0hoFwGAp3p1efDiUr16cnLyhW2zJATF5gJc/CbonBi4FC+CtvAEJEEbKPu74+8nup2mf9B/9GaAuL/KiYVL8aX+vwDA5N/p/9HHR2ZUCE/G/w/9zwUoUexSTm64FC+Ctr/Mr7SBcn9n/AVa/YPx5/4yFaD1X+XkgUvxpfEnwmPwNCT9akvGGGOMMcYYY+y8fuLWThfvPy/+xufv3Z8nqEs5ueBS/I/uzxljjDHGGGOMMXb5PdOt+5OPJiW16fTPN6r+r7L+cKMJ/Lt65sbvNrwHuPiIAoB/sUOAcw35nzyKTf+RfaVcOHX+dtXSUz6A/xul/DMal/mNiTHGGGOMMfanu3TR/+vH1eUaEGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlgP9J/6d2OU+RsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY+xy+38BAAD//3lG9tE=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x40103d0b, &(0x7f0000000180)={0x401, 0x6})
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="70000000020605a3cfc8647108024e0000000007120003006269746d61703a69702c6d616300000005000400010000000900020073797a3000000000240007800c00028008000140000000020c0001800800014000000004080008400000005c05000500020000000500010006"], 0x70}}, 0x8000)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2800000003060500000000000000000002000008050001003000"/40], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x29, 0x14, 0x0, 0x0)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x0, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
connect$rose(0xffffffffffffffff, &(0x7f00000000c0)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='rpc_buf_alloc\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000000000000000000000506654a872d19818989baa6e"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x24}, 0x94)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40046f41, &(0x7f0000000440)=0x1f)

8m11.070259958s ago: executing program 0 (id=627):
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b0000000000"], 0x48)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/fscreate\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)=0xfffffffd)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000200)=0x3, 0x4)
connect$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0xe062, 0x0)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0)
landlock_restrict_self(r4, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x1c, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)

7m54.577770138s ago: executing program 0 (id=632):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_mount_image$udf(&(0x7f0000000580), &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='\x00'], 0x1, 0x548, &(0x7f0000000640)="$eJzs3d1vFGUbx/HftbPbTpfnoct7VTRNDKG8VdotUoIHArXUhGgC1AMTTArdwkrf0hYDiMCxxyae6CEJJxo9hMR/AI0xHCgx0UQPPDOpB8Z4guaezuzMLgu7tS9L2++H0JmdvXZ3ZtLrnuu+Z2cqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHX3tyP4ua/RaAACA5fTGqZP78xz/AQBYU07T/wcAAADWCpOnn2Xa8cms7Qwez/FPFMcvXR7s66/+shaTKSUviHf//a7ufM+Blw/2RtMnv36xPaM3T50+0n5sYmxyqjA9XRhuHxwvnpsYLtT9Dgt9faXdwQ5oH7t4aXhkZLq9uzNf9vTl3G/N67bmDvf2dLZEsYN9/f2nEjHpzH/+9EfQw0M1TfI0INNPH35uHZJSWngu1Gg7llqL0i7/go0Y7OsPNmS0ODQ+4560VBiVLs+JpihHliEXF6RD2ufWtYmMxsJl5OlPmT4+PGu7JHlRHuwJTgzWfoP0MqxkFW49D0oa0ArIWeAp1SxPd2Qaa/W1u3HpDKAB0vL0kUwTNmt7gnrAHU9d2XzirfbXx0cmErGWCo+oK71/sJyoTfAU8+VpV1Dxz9reRq8MgGXVIk9nZfru1/eCcSUF49Kth3vfOf18coRpW433cbGdkl6qs0+eCccaLeX+Lf52AQAAAAAAAAAAAAAAAACwmvnm6TOZPnjODx4PxF+Qf/iP09jVA7CUzNM9mcZGZs0q7kvhJe7vUbLSr/1Z2vVv8Y9NTF6ZKp6/MFP1+ax/5Oz0zNTQuepPq0V+eA1WpNZ9DCqlw3s4AHXImKcfZLpbvB3/3uTMzf+/MvbWtbgt6Ain0eNku/G4+ap3rJjH9XF++LlcowwAwMKYefpapuNn24LjqikbHGipIYHVz9X/G2S6+ePtuN85V/8/UmbfeiVuF/ywmC/V9EGdv37ufpala4hf2JGcX4z6331u84K2GAAAuPq/WaYH2bbguBrV/5WHXxe3TqbuL7aHcakmVyH44fO54Kc/Uhwt7Hexx2XKrY9iFcRGA4qb4tguF3tdpt8vlMeuD2M3x7HdLvaMTHferx67JY7Nu9h3ZdqXa49isy62LYzdGsd2npsYHV6yHQw8xbLm6aFMv3w1YFEuz40DRPW/V4pNjv/frJiWRPX+mbd3VO0HVCyv+y7WNfoJucSym2F79YdMf99vC9qooF1LV2/XWmXa9u32MG6uTYluErgh+Bm3a70yfd9bHvu/MHZjHNtV72YBjeTy/xuZNt57UPqdD/M/TJU4Q5P5/2y6fBqfO6yS50+YX6z835BYlgvXKzvPfQGsNdNXrl4cGh0tTDHDDDPMlGYa3TIBWGqu/m+T6cY1s6gfG9b/4cO4///X9bj+P1QxLXnMub95nROspkb9vzGx7FDYa8mkJX9mbDKzRfKnr1zdVxwbOl84Xxg/kM/nu3p6ujJNUdc+nqt7zwErn8v/PpnSJ++XxufL+//Vx/+yFdOSBuX/puQ2lfVr6t4VwJrj8v9LmVJ3H5TOoz1p/C8a5+t4sXxa+qM6Dcr/zYlluXC9Wue5LwAAAAAAAAAAAAAAAAAAWCmy5ulTmZqP7rXo3hj1fP93uGJa0qDv/21NLBtepusa697JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICaUvI0KdPdV2fthlvQJu1MTgGsWv8GAAD//1llRoM=")
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x400000000080803, 0x0)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="700000001200050926bd7000fbdbdf250a0904004e224e66fbffffff240900000600000006000000fdffffff050000002100000002000000", @ANYRES32=0x0, @ANYBLOB="0a0000090010000006000000ffffffff2200010008911cfa0ae1"], 0x70}, 0x1, 0x0, 0x0, 0x26000001}, 0x800)
lstat(0x0, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)
sendmsg$inet(r0, &(0x7f0000000540)={&(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000000280)=[{0x0}], 0x1, &(0x7f0000000440)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x1c}, @rand_addr=0x64010101}}}], 0x20}, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000b00)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
fanotify_mark(0xffffffffffffffff, 0x101, 0x10, r5, 0x0)
write$P9_RGETLOCK(r4, &(0x7f0000000080)={0x21, 0x37, 0x2, {0x2, 0x2, 0x6, 0x0, 0x3, '.@&'}}, 0x21)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12014101afb4f2102505a0a4f12b01"], 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x7fff, 0x0, {0x3, 0x8000}, {0x4a, 0x1}, @period={0x5d, 0xa370, 0x3, 0x7f, 0x802, {0x2001, 0x3, 0x4, 0x4}, 0x0, 0x0}})
syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)

7m48.06270576s ago: executing program 0 (id=625):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r3, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$nl_route(r3, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x1c}}, 0x8000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000340)='sched_switch\x00', r4}, 0x18)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5)
r6 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa1000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r7 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xffffffff}, 0x48, 0xffffffffffffffff)
r8 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r9 = add_key$fscrypt_v1(&(0x7f0000000400), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x4, r9, r8, r8, 0x0)
keyctl$KEYCTL_MOVE(0x4, r7, r7, 0x0, 0x0)
fsmount(r6, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2010000, &(0x7f0000000180)=ANY=[])

7m44.018305483s ago: executing program 0 (id=636):
r0 = socket$inet6(0xa, 0x3, 0x5)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$RTC_UIE_ON(r1, 0x7003)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x2}, 0x94)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000140)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_ABS_SETUP(r3, 0x401c5504, &(0x7f0000000800)={0x0, {0xfffffff9, 0x0, 0x8, 0x3, 0x3, 0xbb}})
write$uinput_user_dev(r3, &(0x7f0000000240)={'syz0\x00', {0x9, 0x1, 0x2, 0x3}, 0x2, [0x5, 0x5, 0x81, 0x8, 0x4, 0x1000, 0x50000, 0x1, 0x10001, 0xffffa103, 0x3, 0x6, 0x6, 0x6, 0x7, 0x3, 0x6, 0x0, 0x40, 0x5, 0x1cac, 0x3eb, 0xb8f, 0x3, 0x400, 0x40, 0x6, 0x0, 0xfffffffa, 0xdc, 0xffffffff, 0xa1bc, 0x200, 0x7, 0x6, 0x6, 0x3, 0x1, 0x0, 0x0, 0x2, 0x400, 0x7a08, 0x200, 0x3, 0x6, 0x7ff, 0x7f, 0x1c, 0x7, 0xe, 0x9, 0x5, 0xa, 0x3, 0x2, 0xf7, 0xfff, 0x71, 0x5, 0x1ac0, 0x4f, 0x6, 0x8], [0x5, 0x3ff, 0x6, 0xea, 0x3, 0x0, 0xca, 0x1c5936c5, 0x9, 0xfffffff8, 0x4, 0x1, 0x7, 0x6, 0xa, 0x4, 0x2, 0x4, 0x5, 0x2, 0x0, 0x6, 0x0, 0x1, 0x9, 0x6, 0x5e5893ee, 0xfffffff7, 0x9, 0x10000, 0x3, 0x8001, 0x2e6d, 0x7ff, 0x1, 0x9000, 0x877, 0x9, 0x8, 0x8, 0x80000000, 0xfff, 0x5, 0x7, 0x8, 0x5, 0x75da, 0x2, 0x5, 0xe8, 0x3, 0x9, 0x5, 0x7, 0xb99c, 0x2, 0x1, 0x4, 0x4, 0x1, 0x1, 0x9, 0x2, 0xc406], [0x80000001, 0x2, 0x9, 0x9, 0x0, 0xb9, 0x897, 0x5, 0x3, 0x4, 0x2, 0x5, 0x3, 0x9, 0x9, 0x7, 0x9, 0x61, 0x9, 0x5, 0x9, 0x8, 0x2, 0x6, 0x8001, 0x4, 0xc, 0x80000000, 0x7fffffff, 0x1, 0x1, 0x6, 0x8, 0x3, 0x2, 0x5, 0x3, 0x2, 0x1, 0x24, 0x9, 0x2000000, 0x4, 0xff, 0x7, 0x3eef6cc9, 0x1, 0x7, 0x7, 0x8bd, 0x9, 0xfffffff9, 0x80000001, 0x5, 0xffffff1d, 0x6, 0x0, 0xa, 0xfff, 0xfff, 0x1, 0x1, 0x19ee, 0xfffffff9], [0x0, 0x10, 0x101, 0x2, 0x4, 0x9c500, 0xef, 0x8, 0xc61, 0x7, 0xd, 0x358, 0xd567, 0x1d5, 0xc8b, 0x658, 0xcbfd, 0x101, 0x6, 0x5, 0xb, 0x5, 0x6, 0x3, 0x75d6, 0xb26, 0x3ff, 0x6, 0x9, 0x0, 0x1, 0xf412, 0x2, 0x2, 0x2000002, 0x3, 0x3, 0x9, 0x3, 0x5, 0x3, 0x3, 0xfffffff3, 0x8000, 0x6, 0x6, 0xffff, 0x80, 0xf, 0xfff, 0xfff, 0xffff, 0xfffffffe, 0x80, 0xb975, 0x5, 0x5e1, 0xa, 0xffff58ee, 0x2, 0x2530, 0x4, 0x26da282, 0xc]}, 0x45c)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000d80)={'syz0\x00', {0xb, 0x3, 0x4, 0x9}, 0x3, [0xfffff47e, 0x0, 0x0, 0x3, 0xf, 0x0, 0x7ff, 0xa, 0x5, 0x3, 0x5, 0x40, 0x1, 0x1, 0x7, 0x6, 0x0, 0x7, 0x1, 0xdef, 0x9, 0x7, 0x200, 0x5, 0x73c, 0x5, 0x4, 0x7f, 0x1, 0x6, 0xfffffff9, 0x8, 0x6, 0x4, 0x7, 0x7, 0x1939, 0x8, 0x7, 0x2, 0xe12c, 0x8162, 0x4, 0x3, 0x1, 0x41, 0x7, 0x10000, 0x101, 0x8, 0xc000, 0x6, 0x4, 0x4, 0x5, 0x6, 0xfff, 0x0, 0x104, 0xf8ad, 0x2, 0x3, 0x7fffdfff], [0xfffffff8, 0xff, 0x4, 0x8, 0x1e0f, 0xfffffff7, 0x5, 0x7, 0xffffffff, 0x0, 0x6, 0x100, 0x8, 0xe63, 0x1, 0xa3a5, 0x2, 0x2, 0xb9, 0x6, 0x3, 0x43d, 0x6, 0xe, 0x4, 0x3, 0x6, 0x9, 0x1, 0x11, 0x5, 0x4, 0x8, 0x30000, 0x81, 0xfffffe00, 0x0, 0x10001, 0x7ff, 0x9, 0x8, 0xffffa467, 0x5, 0xfffffffb, 0x0, 0xff, 0x9, 0x6aac, 0x0, 0x3, 0x4, 0xfff, 0x200, 0xc1a, 0xe456, 0x100, 0x2, 0x0, 0x1c00000, 0x6, 0x3, 0xfffffff6, 0xffff1068, 0xffff9241], [0x9, 0x611, 0x6, 0xff, 0x101, 0x5, 0x0, 0x2, 0x80000001, 0x96, 0x7, 0x1, 0xfffffffa, 0x1, 0x4, 0xfb, 0x10001, 0x8, 0x8, 0x3, 0x1, 0x100001, 0x1, 0x7, 0x3, 0x40000000, 0x8, 0x3, 0x5, 0x3, 0xb89, 0xf, 0x0, 0x9, 0x3, 0xff, 0x0, 0x2, 0x1ff, 0x4501, 0x9, 0x0, 0x9, 0x7, 0x966, 0x6, 0x10000, 0xf, 0xffffffff, 0x9, 0xe2, 0x1, 0x8, 0x1, 0x8, 0x3ff, 0x5, 0xfffeffff, 0x3, 0x0, 0x80, 0x6, 0x7, 0x9], [0x5, 0x7f, 0x7, 0x9, 0x2, 0x6, 0x45c, 0x5, 0xab73, 0x5, 0x7, 0x0, 0x5, 0xed5a, 0x9, 0x4, 0x9, 0x8, 0x8, 0x3, 0xeb, 0x6, 0x5, 0xff, 0xffffffff, 0x7fff, 0x4, 0xcb7, 0xa3, 0xffff, 0x8, 0x80000000, 0x3, 0x1ff, 0xfffff26e, 0xf81e, 0x6, 0x9, 0x3, 0x8, 0x5, 0xe5, 0x2, 0x4, 0x4, 0x3, 0x0, 0xfffffff9, 0x7, 0x1ff, 0x204000, 0x5, 0x80, 0x9, 0x7, 0x5078, 0xd, 0x8001, 0x8000, 0x3000000, 0x200, 0x45, 0x0, 0x3]}, 0x45c)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000)
setsockopt$inet6_group_source_req(r0, 0x29, 0x29, 0x0, 0x0)
mmap(&(0x7f00008ec000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x810, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0)
mknodat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x800, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
pipe(&(0x7f0000000000))
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x5, 0x490a01)
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x0, 0x2c, 0x0, 0x6, 0x0, 0xa9, 0x3, 0x2, 0x1})

7m35.040677912s ago: executing program 0 (id=644):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = gettid()
tkill(r6, 0xb)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000), 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x20000045)
r8 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r8, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r8, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r9)
sendmsg$TIPC_CMD_SHOW_PORTS(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r10, 0xe01, 0x70bd2d, 0x25dfdbfc}, 0x1c}}, 0x24048800)

7m19.611840682s ago: executing program 42 (id=644):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = gettid()
tkill(r6, 0xb)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000), 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x20000045)
r8 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r8, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r8, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r9)
sendmsg$TIPC_CMD_SHOW_PORTS(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r10, 0xe01, 0x70bd2d, 0x25dfdbfc}, 0x1c}}, 0x24048800)

20.349539742s ago: executing program 1 (id=1735):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x8, 0x2002)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000400), 0x6001)
syz_open_dev$tty1(0xc, 0x4, 0x3)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r3, 0x84, 0x85, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006)

19.821777872s ago: executing program 1 (id=1738):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=@base={0xa, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d10501200006010203010902120008000000000904"], 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io(r2, 0x0, &(0x7f0000001440)={0x84, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

17.271490958s ago: executing program 1 (id=1746):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

15.934295253s ago: executing program 1 (id=1750):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000880)='cgroup.max.depth\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000480)=ANY=[@ANYBLOB='-', @ANYRESDEC=r1], 0x27)

14.415369246s ago: executing program 1 (id=1753):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x8, 0x2002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r5, 0x84, 0x85, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006)

14.363520814s ago: executing program 6 (id=1754):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), 0xffffffffffffffff)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x4, 0x700000000000000}, 0x0)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)={0x1c, r1, 0x701, 0x70bd2b, 0x0, {0x19}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0)

13.873614374s ago: executing program 3 (id=1758):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

13.873408978s ago: executing program 6 (id=1759):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/mcfilter\x00')
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000004200)={0x2020}, 0x2020)

13.872471606s ago: executing program 7 (id=1760):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = epoll_create(0x80)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x40000000})

12.503739436s ago: executing program 3 (id=1761):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x66, 0x903, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {0x8, 0xfff1}, {0x1}}}, 0x24}}, 0x20004804)

12.374473629s ago: executing program 4 (id=1762):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
clock_adjtime(0x0, &(0x7f0000000040)={0x37db, 0xf423f, 0xfffffffffffffffc, 0x0, 0x0, 0x9, 0x0, 0x1, 0x3, 0x80000, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x5c43, 0x1, 0x6})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in6=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x2}, {@in=@local, 0x0, 0x33}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x60}, [@algo_auth={0x48, 0x1, {{'sha1\x00'}}}]}, 0x138}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})

12.374207712s ago: executing program 6 (id=1763):
r0 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @local}, 0x10)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x400, 0x20, 0xfc, 0x2, 0x0, @private=0xa010100, @multicast1=0xe0000300}, @timestamp_reply={0xe, 0x0, 0x0, 0x81, 0x6, 0x7f, 0x7, 0xd}}}}}, 0x0)
pread64(r0, &(0x7f0000000100)=""/253, 0xfd, 0x2)

11.120102985s ago: executing program 4 (id=1764):
syz_usbip_server_init(0xaa7f3cec63cbb9d)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r0, 0xfffffffc)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x18, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0)

10.975221623s ago: executing program 6 (id=1765):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sync()

10.694063693s ago: executing program 3 (id=1767):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0xfffffffe, @empty}, 0x1c)
sendto$inet6(r0, &(0x7f0000000340)="f4", 0x29fbc, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x72d, @loopback}, 0x1c)
syz_usb_connect(0x0, 0x3f, &(0x7f00000012c0)=ANY=[@ANYBLOB="11010000733336088dee1adb2361000000010902"], 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x9, 0x7fff7ffa}]})
close_range(r1, 0xffffffffffffffff, 0x0)

10.137600997s ago: executing program 7 (id=1768):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_mount_image$romfs(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00d0867e65d443152ee691a70d225b73c01164645c70ff689f607da7a169dbbfebbeb349b043f54d088bcd11a44f2074aa41532279b5718bc4d89fe5010d6bf465008743337cddaefbc0f0293d06483bec82e15366358709c5d5c0049ff9dcb7ea7e855e3c24bc3b4173720476fb379ce25c0ea42027ba6a7d"], 0x1, 0x13a, &(0x7f0000000280)="$eJzs2r9Kw1AUBvCjFoQ+glOhAauQ/1oHd0Fw8gkMbZIGb7wlEaSdiquD4nAdHV3dRDcfIbNPoC9xJW1q7b2zGvD7Lfej53J6s5zpmBlP3Sg3ibYmt8fvqxlPW11/rxe5UUAzh0TUKkMh5Z1FmpOveiEnlnah/VKdnVgcPUcJCz29BwAAAAAAAAAAAAAAAAAAAADAP9H+qEJzIPhDlLDQ/VbNR+PTgLEwy+e/GFTt6ND2Pd8v7/tL/ToNImO6v5OIg8uy7izVjXmnzYHgK+r/2efp0M5HYzNJgziMwzPP87vOjuPseva0l612NG6qN1Ehn4b6PpHxuNgnenP0fSJqzo7GRiKuL9Tui+9H+KlwRbV4hhrkWi2egVDPoM4P6q/77ddyflg9zvq/OD+0iQbwRz4DAAD//05cOC0=")
r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x8880, 0x85)
getdents64(r1, 0x0, 0x4f)

10.064601297s ago: executing program 4 (id=1769):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$kcm(0x29, 0x5, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
write$cgroup_pressure(r1, &(0x7f0000000140)={'full'}, 0xfffffdef)

9.055167861s ago: executing program 8 (id=1770):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x5, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180100000000850096226d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x0, r3, 0x1, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmctl$SHM_INFO(0x0, 0xe, 0x0)
fcntl$getown(r1, 0x9)
r6 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000000)={0x0, 0x40, 0x3f, 0x3031555b, 0x1, [], [0x20000001, 0x4, 0x1000010, 0x20000], [0x0, 0x40006, 0xfffffffb], [0x0, 0x100000000ffffe]})
socket$nl_generic(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
r7 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0)
sendmsg$NET_DM_CMD_START(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r7, 0x1}, 0x14}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100023c450408dd04329070a7010203010902a33f2f5dd92ade2accfc501200010002000009048000000206000019d4be16d61d153fc7dc63aff87f5bb0f1470d8925a5e3732e99f79a2365d0fe008c03398d18b5dca86595356212c3721f53a1f61a7b5ef130a6021b72ea1812d65690f53fa4d8cee6b7f9caf7354c23f55b24def515ea1240e478bd6f80abc14bee2a6263fe2fff1abd56ddb4af1c383481e39ca0309a77d1c7f7aafd06cf87da058faddc47ac4a5c4d360351a97bb5c36a247c1fa68b42067018b624d3821cfd8ddebb1295a9f3ff8ffa8479cbd8c377245b05ec2ed15949e96e4f2b20abbfd8b4f344ddbbac21e7b91d3f1122387b0fce4970738801e1f2a9251ce637f98fc2a055b5d65864b736bddee7ac34eb260cb2"], 0x0)

7.183643185s ago: executing program 6 (id=1771):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x6, &(0x7f0000000340)=ANY=[], 0x21, 0x5548, &(0x7f00000058c0)="$eJzs3E1vG1UXAOBjp2nffrwlQizYdVCFlEi1Vacfgl2BVny2qgosWIFju5Zb2xPFrhu66oIlYsE/QSCxYslvYMGaHWIBYocE8txJoS2VKsWOSfM80vjMvXPnzL2jJNKZiRzAgbWS/f5rJU7G0YhYiogTEcV+pdwKl1J4MSJORUT1H1ul7H/QcTgijkXEyWnylLNSHvryzOT0hV/e+e27H44cOv7Vtz8ubtXAor0cEYPNtH93kGLeTfFW2d+c9Io4OD8pYzowuF228xTvdjaKDHebO+OaRTzXTePzzTujabzZb7amsdu7WfRvDtMFR5PuTp7ihFvNraLd7mwUsTfKi9i9l+a1fS/9bbs3Gqc87TLfp0X6GI93YurvbHfSejZvF7E1HJf9KW/e7mxP46SM5eWilffbxTw2dnOn/9Neeq83vLOdTTpbo14+zC7UG6/UGxdrja283Rl3zteag/bF89lqtz8dVht3moNL3Tzv9jv1Vj5Yy1a7rVat0chWL3c2es3h/Uajfq5+tnZhLUt7Z7I3r32Y9dvZ6jS+3hveGff6o+xmvpWlM9ay9fq5V9ey043s/avXs+s3rly5ev2Djy9/dO21q2+/UQ56bFrZ6vrZ9fVa42xtvbG2uxsw0/Vnc17/Z+WkZ7h+2JXKoicAsP+o/4FFmF/9v3Uj4vH6vzrj+j/U/zOxr+rfg17/z2H9sCvqfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA+un5a/fKnZWUvt42f//suv5sl2JiGpE/PkvluLwQzmXyjzLTxi//Mgcvq9EkWF6jSPldiwiLpXbH8/N+y4AAADAs+ub+6e+SNV6+lh5qrOOznlW7JH00KZ64pMZ5atExPLKzzPKVp1+vDCjZMXP96HYnlG24gHW/2aULD1yOzSrbE+l+HV/N4UHKylCJYXqo2fMbLUAAMDCLD0U9rYKAQAAYC99/sQjt/d0HuyxSuy8ytx5F1z85/3fL/uOprZXfwAAALB/VRY9AQAAAGDuivrf9/8BAADAsy19/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NxNbtpAGAbgz8Yu9E9FVfe9SndwjB6hyy4rDtBLcAR6hV6AM5BdjhBBhMdBISIJxGNQoueR7MGWeT3mZzEz0gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECfrurF9N+f73+75qw33eR5GgAAAOCQVb2YNi/G6fhje/5ze+pre1xERBkRh8bug3i3lzloc+pHrq8f9OF/RJOwvcew3T5ExI+0beJL358CAAAAvEnVdreczSdptJ5240v3is5O+A7TpE356WemWxcRUY+vM6WV27xvmcKa33cVvzOlNRNYo0xhacqtypV2lObvvpu1G91ritSUT78/27MDAABnNNhrzjsKAQAA4Jx+XboD9OH9s1cUcbeUuVsKHKZmtBdhsQ8AAABer+LSHQAAAAB614z/T6n/F8fU/6uy1/+LG/X/AAAA4MVS/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6tKoX0+VsPumas950k+dpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALhlf95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmf7Q8U1yh4iouBBL3a7ra29iQclePBPEEK6rbFbf7Q52FKEXLxJzr2IHkUEJd76D3jqTWihl3rrYQ8VRPCyMrMz2UkTcGPIzJp8PvDmfXcymfd9MxDynTcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURu9M4yTbdCZxXOy79/jWStbff6LP3Nl4sJi1LI7qTPr/4aXqh6jbXCIAAAAcHUlZ34cQHqabS1kfd/L6Py2PyWr+b5+ZxGU9/2TdX/Zl7Z+1X35+9MLWQJ3JONlJL60OB6d3ptI6uFnOt2f/9YhWfuXzZy9JfkPi99efH6X59Yy+vnv33XYeHqsjWwDgvzhV9kVQ/j6U9f0mEwPgyGhVCu+i/v8r6TScFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEANRuvhqTKOQgiLrWmcuf/41spu/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8HEJoavS3i+lf+XCGg0No5PocVPD3eDze03cdbz7nfQVxcbNnOLg9Lzk3HzT4QwkAgEMpLVpW1z9MN5eyfdFCCOPvttf/r1XiMGP9/+ij8/eqY1Xr/35tM5x/vbWrn/Wu37j5xurV5cuDy4NP3jzTf6t/9sK5cxd6+bOSnicmAAAA7E+7aNX6P17Yuf5/shKHGev/z7/pfzkd6bd8q/7fabro13QmAAAAR9tzr/z5R7TL/qjdDl8sr61d60+2W5/PTLYNpLpnx4pWrf+ThaazAgAAAOowWo+2rf9frMRhxvX/p79/8cfqOZMQwoli/f/UyqfDi/VNZ67V8efETc8RAACAZp0oWnX9P83f/4+3XnmIQwivvzqJi38DOFP9n7z31Q/VsZLK+/9n65viXIq7k+uR990QWt1tX/61scQAAAA4lI4XLSv2f083lz7+6eQHbe//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTtnwAAAP//gQBD5A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
fdatasync(r0)

7.129189722s ago: executing program 7 (id=1772):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x7fff, 0x4)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
syz_emit_ethernet(0x76, &(0x7f00000001c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x81, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x15, 0x40, 0xca, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x81, 0x20000009}, @sack_perm={0x4, 0x2}, @eol, @sack={0x5, 0x16, [0x8, 0x3, 0xf, 0x7fff, 0x2]}, @md5sig={0x13, 0x12, "328e282df99a177d3609fb6cd70daadb"}, @mss={0x2, 0x4, 0x9}, @fastopen={0x22, 0x3, 's'}, @nop]}}}}}}}, 0x0)

6.778305609s ago: executing program 7 (id=1773):
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000126abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3acb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef36"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
close(r0)

5.53817904s ago: executing program 1 (id=1774):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000000)={0x40, 0x11, 0x1, '#'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000640)={0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})

5.489986446s ago: executing program 7 (id=1775):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000000)={0x0, 0x0})

5.2186985s ago: executing program 8 (id=1776):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"})
r2 = syz_open_pts(r1, 0x101)
r3 = dup3(r2, r1, 0x0)
write$UHID_INPUT(r3, &(0x7f0000002440)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c6029455091676c214569a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d040700ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e99b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0xe24}}, 0xffffff5c)

5.062492194s ago: executing program 4 (id=1777):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000040f30454070000000000010902"], 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x203, 0xfffd, 0xffffffffffffffff, 0x200000000000008, 0xfffffffffffffffd, 0x200, 0x8, 0x2c, 0x80000005, 0x1})
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r2, 0xc0884123, &(0x7f0000000300)={0x1, "244689261a3365eb47c14247a532ccbd3bf3b29282987c7cc12acb8ae6651cb5e0a3eeda1a7777d2fbd3428a0df873e1d58af8bf70c05fc6c43edcdaa8e7db07", {0x2, 0x1ff}})

4.956180104s ago: executing program 3 (id=1778):
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000000)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000070000001c000180060001000200000008000300ac1414aa08"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)

3.648283854s ago: executing program 7 (id=1779):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000a40)={0x44, &(0x7f0000000940)=ANY=[@ANYBLOB="0014e60000009d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000280)={0x44, &(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.338391537s ago: executing program 3 (id=1780):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000280)='2x', 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='bic\x00', 0x4)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001a80)={[{@dioread_nolock}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@acl}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@barrier_val={'barrier', 0x3d, 0x81}}]}, 0xfd, 0x573, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSZP9636/djCGeiGDXTgZS9fWPxOEzUvR4UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZe1Sf8tNbH5fOBsz5Nzkud58pzvyfOck/QEMLBOpv/kIl6OiK+SiJGWdfnIVp5c3W756e2pdEliZeXj35O4sO61kuz/4SzzUkT8/EXEmdzGcmuLS7OlSqU8n+XH6nM3xmqLS2evzZVmyjPl6xOTk+ffnJx45+23utbW1y//+e1HD98//+Wp5W9+fHzsfhIX42i2Lm1XF4q405o5Wfo7SxXi4roNx7tQWD9Jel0BdmUoi/NCpMeAkRjKoh7Y/z6PiBVgQCXiHwZUcxzQnNt3aR78n/HkvdUJ0Mb251fPjcShxtzoyHLy3Mwone+OdqH8tIyffntwP11i8/MQh7fIA+zInbsRcS6f33j8S7Lj3+6da5w83tz6Mgbt8wd66WE6/knuRGyI/9za+CfajH+G28Tubmwd/7nHXSimo3T8927b8e/aoWt0KMv9rzHmKyRXr1XK5yLi/xFxOgoH0/xm13POLz9a6bSudfyXLmn5zbFgVo/H+YPPP2e6VC+9SJtbPbkb8Urb8W+y1v9Jm/5P34/L2yzjRPnBq53Wbd3+vbXyQ8Rrbfv/2RWtZPPrk2ON/WGsuVds9Me9E790Kr/X7U/7/8jm7R9NWq/X1nZexveH/ip3Wrfb/f9A8kkjfSB77FapXp8fjziQfJgfXv/4xLPnNvPN7dP2nz7VPv432//Tyden22z/veP3Om7aD/0/vaP+33ni0Qeffdep/O31/xuN1Onske0c/7ZbwRd57wAAAAAAAKDf5CLiaCS54lo6lysWV7/fcTyO5CrVWv3M1erC9elo/FZ2NAq55pXukZbvQ4xn34dt5ifW5Scj4lhEfD10uJEvTlUr071uPAAAAAAAAAAAAAAAAAAAAPSJ4Q6//0/9OtTr2gF7rnFjg4O9rgXQC1ve8r8bd3oC+tKW8Q/sWzuPf2cGYL/w+Q+DS/zD4BL/MLi2G/+FkT2uCPCv8/kPg0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQFddvnQpXVaWn96eSvPTNxcXZqs3z06Xa7PFuYWp4lR1/kZxplqdqZSLU9W5rV6vUq3eGJ+IhVtj9XKtPlZbXLoyV124Xr9yba40U75SLvhjwwAAAAAAAAAAAAAAAAAAALBBbXFptlSplOclOiYuRF9UYy8buGpXT8/3Syskupro8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8EwAA//8DDjNQ")
shutdown(r0, 0x1)

3.261695896s ago: executing program 6 (id=1781):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
close(0x3)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x5b14, 0x0)

3.168690708s ago: executing program 8 (id=1782):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000200007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
readv(r0, &(0x7f0000000300)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1)

2.402476424s ago: executing program 3 (id=1783):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000140)={0x10, 0x17, 0x1, "8d"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.724714306s ago: executing program 8 (id=1784):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000400)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001400)="1c2789bd018bf77308ae7ed990e4b63b8cf1cf4ae822f1f84abd5420339c722aa7f6d87f5926c484455c67b7a9259ac3f36154b6526320d83fe72e5f5370550de0307d8ad13d192e7d5c14f8b2367b1db7dbe02629646be253b07a1245dce1a721576750f3f574ce4ac91827528289acb0089c83a39827b4d9f231ad23f382e2f3d86880015b84a6d3740029d6ffbbf61ae415dc51a6ebd3010000000000008067a9e4abdbbe90455d28993254ab9fa2c5d561ee0000000000000000000ce572ae0de07453", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000001180)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647", 0xda}], 0x1}}], 0x3, 0x40090)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='highspeed\x00', 0xa)
sendto$inet(r0, &(0x7f00000002c0)="92", 0x1, 0x10008095, 0x0, 0x0)

1.723749084s ago: executing program 8 (id=1785):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
clock_gettime(0x4, &(0x7f00000004c0))
syz_clone(0x10000000, &(0x7f0000000000)="f5596d74125084d36652753f5560b2bcf3b7887a80ea02fb4eefa227516241be5705270519326d48ecb693bf82e1a80573195284faf7f82447ca3e489b96def61b7e608306fe1a874f24d968afdd48406aa9a7a03e958cd7b735b624b841e7f6b6a07792c0ffd9ddd7b7133f09fd17ca11d3cc27c95f108c9891d9482be7e85cb455b9b7c08b", 0x86, &(0x7f00000000c0), 0x0, 0x0)

1.607548093s ago: executing program 8 (id=1786):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x8, 0x2002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r5, 0x84, 0x85, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006)

1.267884512s ago: executing program 4 (id=1787):
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000126abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3acb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef36"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
close(r0)

0s ago: executing program 4 (id=1788):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x20000006, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = dup(r0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a40)={0x0, @in6={{0xa, 0x4e24, 0x5, @loopback, 0x1}}, 0x4, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c)
sendmsg$nl_route_sched(r1, 0x0, 0x2400c800)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e5d, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x0, 0x78}, 0x9c)

kernel console output (not intermixed with test programs):

00-000000000000 r/w without journal. Quota mode: writeback.
[ 1129.296261][T13895] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[ 1129.488317][T13895] usb 9-1: Using ep0 maxpacket: 8
[ 1129.524906][T13895] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1129.554815][T13895] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1129.615105][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1129.645808][T13895] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1129.661494][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1129.673872][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1129.700400][T13895] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[ 1129.735717][T13895] usb 9-1: config 168 interface 0 has no altsetting 0
[ 1129.790149][T13895] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1129.806292][T13895] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1129.840977][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1129.859571][T13895] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1129.861038][T28352] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1129.876583][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1129.917741][T20685] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1129.929558][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1129.948156][T13895] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[ 1130.278526][T13895] usb 9-1: config 168 interface 0 has no altsetting 0
[ 1130.366982][T13895] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1130.375941][T13895] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1130.445636][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1130.484383][T13895] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1130.665231][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1130.694885][T13895] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1130.708629][T14217] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1130.755751][T14217] usb 7-1: USB disconnect, device number 22
[ 1130.765750][T13895] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[ 1130.832299][T13895] usb 9-1: config 168 interface 0 has no altsetting 0
[ 1130.956946][T13895] usb 9-1: string descriptor 0 read error: -22
[ 1130.969155][T13895] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1130.994422][T13895] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1131.069894][T13895] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1131.081160][T28352] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1131.422398][T28352] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1131.632585][T28411] loop6: detected capacity change from 0 to 512
[ 1131.763330][T13895] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1132.070998][T13895] usb 4-1: Using ep0 maxpacket: 32
[ 1132.499930][T13895] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[ 1132.528395][T13895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1132.538349][ T6040] usb 9-1: USB disconnect, device number 25
[ 1132.553001][T13895] usb 4-1: Product: syz
[ 1132.560231][T13895] usb 4-1: Manufacturer: syz
[ 1132.597979][T13895] usb 4-1: SerialNumber: syz
[ 1132.628586][T13895] usb 4-1: config 0 descriptor??
[ 1132.753151][T28411] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1132.843125][T28411] ext4 filesystem being mounted at /261/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1132.959677][T28352] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.076533][T10508] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1133.187025][T23832] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1133.202441][ T5950] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[ 1133.306482][T13895] peak_usb 4-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[ 1133.324889][T13895] peak_usb 4-1:0.0 can0: sending command failure: -22
[ 1133.341116][T13895] peak_usb 4-1:0.0 can0: sending command failure: -22
[ 1133.395969][ T5950] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1133.407329][T23832] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1133.429360][ T5950] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1133.432433][T28455] loop6: detected capacity change from 0 to 47
[ 1133.480397][T23832] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1133.501038][ T5950] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1133.513264][T23832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1133.532799][ T5950] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1133.540917][T23832] usb 2-1: Product: syz
[ 1133.553833][T23832] usb 2-1: Manufacturer: syz
[ 1133.571039][ T6045] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1133.581680][T23832] usb 2-1: SerialNumber: syz
[ 1133.613920][T13895] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -22
[ 1133.679396][T13895] usb 4-1: USB disconnect, device number 21
[ 1133.863204][   T49] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1133.925777][T23832] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1134.139126][T28474] loop8: detected capacity change from 0 to 32768
[ 1134.219433][ T6046] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.229287][ T5950] usb 5-1: usb_control_msg returned -32
[ 1134.268806][ T5950] usbtmc 5-1:16.0: can't read capabilities
[ 1134.418899][T28474] bcachefs (loop8): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=crc64,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[ 1134.418980][T28474]   allowing incompatible features above 0.0: (unknown version)
[ 1134.419005][T28474]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 1134.429039][T28455] syz.6.1452: attempt to access beyond end of device
[ 1134.429039][T28455] loop6: rw=1, sector=48, nr_sectors = 2 limit=47
[ 1134.440400][T28474] bcachefs (loop8): Using encoding defined by superblock: utf8-12.1.0
[ 1134.461834][    C1] usblp0: nonzero write bulk status received: -71
[ 1134.466356][T13062] usb 2-1: USB disconnect, device number 20
[ 1134.478828][T28474] bcachefs (loop8): recovering from clean shutdown, journal seq 10
[ 1134.509112][T28474] bcachefs (loop8): Version upgrade required:
[ 1134.509112][T28474] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[ 1134.509112][T28474] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[ 1134.509112][T28474]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[ 1134.634781][T28474] bcachefs (loop8): dropping and reconstructing all alloc info
[ 1134.648568][T28455] Buffer I/O error on dev loop6, logical block 24, lost async page write
[ 1134.657854][   T49] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.688708][T28474] bcachefs (loop8): accounting_read... done
[ 1134.706689][T28474] bcachefs (loop8): alloc_read... done
[ 1134.725746][T28474] bcachefs (loop8): snapshots_read... done
[ 1134.735321][T28474] bcachefs (loop8): check_allocations... done
[ 1134.787712][T28474] bcachefs (loop8): going read-write
[ 1134.810235][T28474] bcachefs (loop8): done starting filesystem
[ 1134.837860][T28455] syz.6.1452: attempt to access beyond end of device
[ 1134.837860][T28455] loop6: rw=1, sector=50, nr_sectors = 2 limit=47
[ 1134.955150][T28455] Buffer I/O error on dev loop6, logical block 25, lost async page write
[ 1135.028759][T28516] loop7: detected capacity change from 0 to 64
[ 1135.064990][T28474] bcachefs (loop8): inode 536870913 truncated to 0 but i_blocks 24 (ondisk 24)
[ 1135.104453][T20860] bcachefs (loop8): bucket incorrectly unset in freespace btree
[ 1135.104528][T20860]   u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing
[ 1135.169688][T28474] bcachefs (loop8): inode 536870912 i_sectors underflow: 8 + -24 < 0
[ 1135.236914][T28474] bcachefs (loop8): inode 536870912 i_blocks underflow: 8 + -24 < 0 (ondisk 8)
[ 1135.268991][T20860] bcachefs (loop8): bucket incorrectly unset in freespace btree
[ 1135.269060][T20860]   u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
[ 1135.367093][T20860] bcachefs (loop8): bucket incorrectly unset in freespace btree
[ 1135.367127][T20860]   u64s 5 type deleted 0:33:0 len 0 ver 0, , continuing
[ 1135.379178][T19261] bcachefs (loop8): shutting down
[ 1135.379230][T19261] bcachefs (loop8): going read-only
[ 1135.379275][T19261] bcachefs (loop8): finished waiting for writes to stop
[ 1135.388373][T19261] bcachefs (loop8): flushing journal and stopping allocators, journal seq 11
[ 1135.462662][T20860] bcachefs (loop8): bucket incorrectly unset in freespace btree
[ 1135.462693][T20860]   u64s 5 type deleted 0:39:0 len 0 ver 0, , continuing
[ 1135.624269][T20860] bcachefs (loop8): bucket incorrectly unset in freespace btree
[ 1135.624301][T20860]   u64s 5 type deleted 0:46:0 len 0 ver 0, , continuing
[ 1135.725358][T19261] bcachefs (loop8): flushing journal and stopping allocators complete, journal seq 11
[ 1135.758387][T19261] bcachefs (loop8): unclean shutdown complete, journal seq 12
[ 1135.797922][T19261] bcachefs (loop8): done going read-only, filesystem not clean
[ 1136.593305][T19261] bcachefs (loop8): shutdown complete
[ 1137.092709][T28437] usblp0: removed
[ 1137.143378][T23832] usb 5-1: USB disconnect, device number 19
[ 1138.478253][T23832] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[ 1138.792826][T28543] loop7: detected capacity change from 0 to 32768
[ 1138.912943][T28543] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1461 (28543)
[ 1139.014536][T28595] loop3: detected capacity change from 0 to 40427
[ 1139.023029][T28595] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[ 1139.030135][T28595] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1139.055769][T28595] F2FS-fs (loop3): invalid crc value
[ 1139.064319][T23832] usb 5-1: config 0 has no interfaces?
[ 1139.070206][T23832] usb 5-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[ 1139.085715][T23832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1139.117238][T23832] usb 5-1: config 0 descriptor??
[ 1139.195729][T28595] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1139.208924][T28543] BTRFS info (device loop7): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[ 1139.220812][T28595] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1139.228350][T28595] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1139.307521][T28543] BTRFS info (device loop7): using blake2b (blake2b-256-generic) checksum algorithm
[ 1139.480010][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 1139.480447][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1139.602197][T28585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1139.644071][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 1139.644476][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1139.778865][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1139.914526][T28585] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1139.943165][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1139.943588][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1139.952480][T28612] syz.3.1466: attempt to access beyond end of device
[ 1139.952480][T28612] loop3: rw=2049, sector=53248, nr_sectors = 2072 limit=40427
[ 1140.000483][T28612] syz.3.1466: attempt to access beyond end of device
[ 1140.000483][T28612] loop3: rw=2049, sector=55320, nr_sectors = 2024 limit=40427
[ 1140.030179][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1140.030580][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1140.035332][T28612] syz.3.1466: attempt to access beyond end of device
[ 1140.035332][T28612] loop3: rw=2049, sector=49152, nr_sectors = 2048 limit=40427
[ 1140.081024][T28612] syz.3.1466: attempt to access beyond end of device
[ 1140.081024][T28612] loop3: rw=2049, sector=51200, nr_sectors = 2048 limit=40427
[ 1140.103432][T28612] syz.3.1466: attempt to access beyond end of device
[ 1140.103432][T28612] loop3: rw=2049, sector=57344, nr_sectors = 816 limit=40427
[ 1140.108323][ T6040] usb 5-1: USB disconnect, device number 20
[ 1140.169958][T28543] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1140.261472][T28543] BTRFS error (device loop7): open_ctree failed: -12
[ 1140.330943][T28577] loop1: detected capacity change from 0 to 32768
[ 1140.430092][T19212] syz-executor: attempt to access beyond end of device
[ 1140.430092][T19212] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1140.452056][T28577] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1464 (28577)
[ 1140.485684][T19212] CPU: 1 UID: 0 PID: 19212 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[ 1140.485742][T19212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1140.485767][T19212] Call Trace:
[ 1140.485781][T19212]  <TASK>
[ 1140.485797][T19212]  dump_stack_lvl+0x16c/0x1f0
[ 1140.485866][T19212]  f2fs_handle_critical_error+0x624/0x9f0
[ 1140.485924][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.485975][T19212]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1140.486032][T19212]  f2fs_write_end_io+0x958/0xcf0
[ 1140.486103][T19212]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1140.486166][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.486228][T19212]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1140.486282][T19212]  bio_endio+0x6bf/0x800
[ 1140.486348][T19212]  submit_bio_noacct+0x306/0x1ed0
[ 1140.486418][T19212]  __submit_merged_bio+0x33c/0x770
[ 1140.486481][T19212]  __submit_merged_write_cond+0x319/0x3f0
[ 1140.486549][T19212]  f2fs_write_cache_pages+0x2067/0x2570
[ 1140.486651][T19212]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1140.486722][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.486768][T19212]  ? __lock_acquire+0x62e/0x1ce0
[ 1140.486847][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.486894][T19212]  ? __lock_acquire+0x62e/0x1ce0
[ 1140.487059][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.487107][T19212]  ? mod_memcg_lruvec_state+0x389/0x5f0
[ 1140.487162][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.487209][T19212]  ? __mod_zone_page_state+0xcc/0x1a0
[ 1140.487266][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.487325][T19212]  f2fs_write_data_pages+0x4ad/0xd90
[ 1140.487406][T19212]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1140.487490][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.487540][T19212]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1140.487609][T19212]  do_writepages+0x27a/0x600
[ 1140.487672][T19212]  ? __pfx_do_writepages+0x10/0x10
[ 1140.487722][T19212]  ? do_raw_spin_unlock+0x172/0x230
[ 1140.487769][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.487817][T19212]  ? _raw_spin_unlock+0x28/0x50
[ 1140.487877][T19212]  filemap_fdatawrite_wbc+0x104/0x160
[ 1140.487939][T19212]  __filemap_fdatawrite_range+0xb9/0x100
[ 1140.488015][T19212]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 1140.488155][T19212]  ? find_held_lock+0x2b/0x80
[ 1140.488208][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.488257][T19212]  ? do_raw_spin_unlock+0x172/0x230
[ 1140.488303][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.488360][T19212]  f2fs_sync_dirty_inodes+0x2a9/0x990
[ 1140.488465][T19212]  block_operations+0x2b0/0xfe0
[ 1140.488539][T19212]  ? __pfx___schedule+0x10/0x10
[ 1140.488595][T19212]  ? __pfx_block_operations+0x10/0x10
[ 1140.488733][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.488781][T19212]  ? down_write+0x14d/0x200
[ 1140.488843][T19212]  ? __pfx_down_write+0x10/0x10
[ 1140.488907][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.488956][T19212]  ? rcu_is_watching+0x12/0xc0
[ 1140.489019][T19212]  f2fs_write_checkpoint+0x2b8/0x4c60
[ 1140.489069][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.489115][T19212]  ? kfree+0x2b4/0x4d0
[ 1140.489162][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.489215][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.489262][T19212]  ? rcu_is_watching+0x12/0xc0
[ 1140.489312][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.489358][T19212]  ? kthread_stop+0x273/0x630
[ 1140.489410][T19212]  kill_f2fs_super+0x3c2/0x470
[ 1140.489452][T19212]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1140.489490][T19212]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1140.489571][T19212]  deactivate_locked_super+0xc1/0x1a0
[ 1140.489637][T19212]  deactivate_super+0xde/0x100
[ 1140.489699][T19212]  cleanup_mnt+0x225/0x450
[ 1140.489768][T19212]  task_work_run+0x150/0x240
[ 1140.489817][T19212]  ? __pfx_task_work_run+0x10/0x10
[ 1140.489858][T19212]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1140.489911][T19212]  ? __pfx___x64_sys_umount+0x10/0x10
[ 1140.489964][T19212]  exit_to_user_mode_loop+0xeb/0x110
[ 1140.490008][T19212]  do_syscall_64+0x3f6/0x4c0
[ 1140.490070][T19212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1140.490110][T19212] RIP: 0033:0x7f67be18ff17
[ 1140.490143][T19212] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1140.490181][T19212] RSP: 002b:00007ffce6669468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1140.490217][T19212] RAX: 0000000000000000 RBX: 00007f67be211c05 RCX: 00007f67be18ff17
[ 1140.490243][T19212] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffce6669520
[ 1140.490269][T19212] RBP: 00007ffce6669520 R08: 0000000000000000 R09: 0000000000000000
[ 1140.490294][T19212] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffce666a5b0
[ 1140.490321][T19212] R13: 00007f67be211c05 R14: 000000000011844c R15: 00007ffce666a5f0
[ 1140.490383][T19212]  </TASK>
[ 1140.988668][T19212] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1141.455828][ T6040] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[ 1142.407222][T14217] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1142.574504][T28670] input: syz0 as /devices/virtual/input/input28
[ 1142.607956][T14217] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1142.667068][T14217] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1142.694892][T14217] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1142.704149][T14217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1142.817822][T14217] usb 2-1: config 0 descriptor??
[ 1143.296013][T14217] cp2112 0003:10C4:EA90.001A: unknown main item tag 0x0
[ 1143.338563][T14217] cp2112 0003:10C4:EA90.001A: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[ 1143.500913][T14217] cp2112 0003:10C4:EA90.001A: error requesting version
[ 1143.530049][T28696] loop7: detected capacity change from 0 to 512
[ 1143.561430][T14217] cp2112 0003:10C4:EA90.001A: probe with driver cp2112 failed with error -71
[ 1143.608339][T14217] usb 2-1: USB disconnect, device number 21
[ 1143.621297][T28696] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1143.828573][T28696] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1144.065648][T28696] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1144.280421][T28715] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[ 1144.829993][T28731] loop8: detected capacity change from 0 to 128
[ 1145.059386][T18447] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1145.115497][T28731] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1145.240087][T28731] ext4 filesystem being mounted at /136/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1146.261973][T19261] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1146.675723][T28758] loop3: detected capacity change from 0 to 32768
[ 1146.930696][T28758] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[ 1146.930754][T28758]   allowing incompatible features above 0.0: (unknown version)
[ 1146.930779][T28758]   features: lz4
[ 1146.966440][T28758] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[ 1146.974714][T28758] bcachefs (loop3): initializing new filesystem
[ 1146.993066][T28758] bcachefs (loop3): going read-write
[ 1147.209751][T28758] bcachefs (loop3): marking superblocks
[ 1147.267436][T28758] bcachefs (loop3): initializing freespace
[ 1147.289160][T28758] bcachefs (loop3): done initializing freespace
[ 1147.314829][T28758] bcachefs (loop3): reading snapshots table
[ 1147.321328][T28758] bcachefs (loop3): reading snapshots done
[ 1147.418578][T28758] bcachefs (loop3): done starting filesystem
[ 1148.425302][T19212] bcachefs (loop3): shutting down
[ 1148.455417][T19212] bcachefs (loop3): going read-only
[ 1148.462141][T19212] bcachefs (loop3): finished waiting for writes to stop
[ 1148.595731][T19212] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[ 1148.918493][T19212] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[ 1149.003685][T19212] bcachefs (loop3): clean shutdown complete, journal seq 4
[ 1149.044728][T19212] bcachefs (loop3): marking filesystem clean
[ 1149.268920][T19212] bcachefs (loop3): shutdown complete
[ 1151.020050][ T5950] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[ 1151.177277][ T5950] usb 5-1: Using ep0 maxpacket: 8
[ 1151.207300][ T5950] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[ 1151.226085][ T5950] usb 5-1: config 0 has no interface number 0
[ 1151.243876][ T5950] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1151.270092][ T5950] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1151.282960][ T5950] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1151.294381][ T5950] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1151.318620][ T5950] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1151.334951][T28817] loop1: detected capacity change from 0 to 32768
[ 1151.340282][ T5950] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.359440][ T5950] usb 5-1: config 0 descriptor??
[ 1151.395127][ T5950] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1151.516553][T28817] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1488 (28817)
[ 1151.634746][T28817] BTRFS error (device loop1): open_ctree failed: -4
[ 1151.757344][ T5950] usb 5-1: USB disconnect, device number 22
[ 1151.763370][    C0] ldusb 5-1:0.55: usb_submit_urb failed (-19)
[ 1151.781703][T28852] ldusb 5-1:0.55: Couldn't submit interrupt_out_urb -19
[ 1151.814748][ T5950] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[ 1152.373122][T28882] loop1: detected capacity change from 0 to 2048
[ 1153.088151][T28882] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[ 1153.283253][T28882] UDF-fs: Scanning with blocksize 512 failed
[ 1153.342436][T28882] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1153.606627][   T30] audit: type=1804 audit(1769498681.440:26): pid=28903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1494" name="/newroot/131/file1/file1" dev="loop1" ino=818 res=1 errno=0
[ 1153.668589][T28902] loop7: detected capacity change from 0 to 512
[ 1153.755836][   T30] audit: type=1804 audit(1769498681.583:27): pid=28905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1494" name="/newroot/131/file1/file1" dev="loop1" ino=818 res=1 errno=0
[ 1153.786803][T28902] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1154.145622][T28902] EXT4-fs (loop7): orphan cleanup on readonly fs
[ 1154.173774][T14217] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 1154.406729][T14217] usb 7-1: Using ep0 maxpacket: 8
[ 1154.699623][T14217] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1154.752733][T14217] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1154.766099][T14217] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1154.777779][T28902] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm syz.7.1499: bg 0: block 248: padding at end of block bitmap is not set
[ 1154.834695][T14217] usb 7-1: config 0 descriptor??
[ 1154.974262][T28902] Quota error (device loop7): write_blk: dquota write failed
[ 1154.981813][T28902] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[ 1155.023290][T28932] loop1: detected capacity change from 0 to 512
[ 1155.044557][T28902] EXT4-fs error (device loop7): ext4_acquire_dquot:6935: comm syz.7.1499: Failed to acquire dquot type 1
[ 1155.090139][T28932] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1155.131507][T28902] EXT4-fs (loop7): 1 truncate cleaned up
[ 1155.141093][T14217] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1155.173452][T28932] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[ 1155.257037][T28932] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[ 1155.298945][T28942] loop3: detected capacity change from 0 to 128
[ 1155.298948][T28902] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1155.415160][T28932] System zones: 1-12
[ 1155.436920][T28947] loop8: detected capacity change from 0 to 2048
[ 1155.445930][T28942] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1155.462027][T28942] ext4 filesystem being mounted at /124/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1155.476316][T28932] EXT4-fs error (device loop1): ext4_iget_extra_inode:5103: inode #15: comm syz.1.1503: corrupted in-inode xattr: e_value size too large
[ 1155.551742][T28932] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.1503: couldn't read orphan inode 15 (err -117)
[ 1155.597692][T28949] loop4: detected capacity change from 0 to 1024
[ 1155.625288][T28955] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1155.651661][T18447] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1155.670845][T28932] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1155.694623][T28949] EXT4-fs: Ignoring removed nobh option
[ 1155.726643][T28949] EXT4-fs: Ignoring removed bh option
[ 1155.825958][T19212] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1155.852874][ T5950] usb 7-1: USB disconnect, device number 23
[ 1155.950616][T28949] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1156.064292][T28932] EXT4-fs warning (device loop1): dx_probe:800: inode #2: comm syz.1.1503: Unrecognised inode hash code 4
[ 1156.080883][T28955] NILFS (loop8): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[ 1156.116400][T28955] NILFS error (device loop8): nilfs_bmap_propagate: broken bmap (inode number=4)
[ 1156.146733][T28955] Remounting filesystem read-only
[ 1156.205293][T28949] EXT4-fs error (device loop4): mb_free_blocks:2014: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[ 1156.210943][T28932] EXT4-fs warning (device loop1): dx_probe:933: inode #2: comm syz.1.1503: Corrupt directory, running e2fsck is recommended
[ 1156.267667][T28976] EXT4-fs warning (device loop1): dx_probe:800: inode #2: comm syz.1.1503: Unrecognised inode hash code 4
[ 1156.291632][T28976] EXT4-fs warning (device loop1): dx_probe:933: inode #2: comm syz.1.1503: Corrupt directory, running e2fsck is recommended
[ 1156.307845][T28976] EXT4-fs warning (device loop1): dx_probe:800: inode #2: comm syz.1.1503: Unrecognised inode hash code 4
[ 1156.319317][T28976] EXT4-fs warning (device loop1): dx_probe:933: inode #2: comm syz.1.1503: Corrupt directory, running e2fsck is recommended
[ 1156.394485][T14395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1156.594908][T20685] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1159.004292][T29053] loop4: detected capacity change from 0 to 4096
[ 1159.434434][ T6040] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[ 1160.012801][ T6040] usb 9-1: Using ep0 maxpacket: 16
[ 1160.069736][T29058] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1160.092061][ T6040] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1160.134978][ T6040] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1160.189373][ T6040] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1160.199456][T29058] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1160.221017][ T6040] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1160.256790][ T6040] usb 9-1: config 0 descriptor??
[ 1160.378254][T29058] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1160.436280][T29058] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1160.502659][T29058] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1160.522646][ T6046] ntfs3(loop4): ino=5, mi_enum_attr
[ 1160.547081][T29058] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1160.661770][T29058] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1160.763346][T29058] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1160.770171][ T6040] HID 045e:07da: Invalid code 65791 type 1
[ 1160.830474][ T6040] input: HID 045e:07da as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:045E:07DA.001B/input/input29
[ 1160.853981][T29058] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1160.907755][ T6040] microsoft 0003:045E:07DA.001B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.8-1/input0
[ 1160.937009][T29058] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1161.185433][T21537] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[ 1161.266891][T25380] Bluetooth: hci1: command 0x0406 tx timeout
[ 1161.333410][T21537] usb 2-1: Using ep0 maxpacket: 8
[ 1161.346316][T21537] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[ 1161.377084][T21537] usb 2-1: config 0 has no interface number 0
[ 1161.488292][T21537] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1161.698426][ T5950] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1161.709014][T21537] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1161.916429][T21537] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1161.993793][ T5950] usb 7-1: Using ep0 maxpacket: 8
[ 1162.031209][ T5950] usb 7-1: config index 0 descriptor too short (expected 16291, got 18)
[ 1162.051822][T21537] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1162.070746][ T5950] usb 7-1: config 93 has too many interfaces: 47, using maximum allowed: 32
[ 1162.081104][T21537] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1162.090415][ T5950] usb 7-1: config 93 has an invalid descriptor of length 42, skipping remainder of the config
[ 1162.094708][T29107] loop4: detected capacity change from 0 to 128
[ 1162.101254][T21537] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1162.115718][ T5950] usb 7-1: config 93 has 0 interfaces, different from the descriptor's value: 47
[ 1162.132795][ T5950] usb 7-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=a7.70
[ 1162.151670][ T5950] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1162.162229][T21537] usb 2-1: config 0 descriptor??
[ 1162.167584][ T5950] usb 7-1: Product: syz
[ 1162.187252][ T5950] usb 7-1: Manufacturer: syz
[ 1162.193386][T21537] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1162.203267][ T5950] usb 7-1: SerialNumber: syz
[ 1162.229677][T29115] netlink: 'syz.7.1522': attribute type 4 has an invalid length.
[ 1162.269777][ T6040] usb 9-1: USB disconnect, device number 26
[ 1162.369113][T25380] Bluetooth: hci2: command 0x0406 tx timeout
[ 1162.536823][T25380] Bluetooth: hci3: command 0x0405 tx timeout
[ 1162.561329][T29141] syz.4.1520: attempt to access beyond end of device
[ 1162.561329][T29141] loop4: rw=2049, sector=138, nr_sectors = 112 limit=128
[ 1162.626045][T29107] syz.4.1520: attempt to access beyond end of device
[ 1162.626045][T29107] loop4: rw=2049, sector=138, nr_sectors = 2 limit=128
[ 1162.654081][T29107] Buffer I/O error on dev loop4, logical block 69, lost async page write
[ 1162.665471][T29107] syz.4.1520: attempt to access beyond end of device
[ 1162.665471][T29107] loop4: rw=2049, sector=144, nr_sectors = 2 limit=128
[ 1162.671552][ T6040] usb 2-1: USB disconnect, device number 22
[ 1162.681385][T29107] Buffer I/O error on dev loop4, logical block 72, lost async page write
[ 1162.694375][T25380] Bluetooth: hci0: command 0x0406 tx timeout
[ 1162.736392][T21537] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[ 1162.743470][ T6040] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[ 1162.843221][T25380] Bluetooth: hci5: command 0x0406 tx timeout
[ 1162.902246][T21537] usb 8-1: Using ep0 maxpacket: 8
[ 1162.917111][T21537] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[ 1162.927926][T21537] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1162.942350][T21537] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1162.955422][T21537] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1162.970199][T21537] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1162.990062][T21537] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1163.003739][T21537] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1163.316711][T25380] Bluetooth: hci1: command 0x0406 tx timeout
[ 1163.329361][T21537] usb 8-1: usb_control_msg returned -32
[ 1163.342564][T21537] usbtmc 8-1:16.0: can't read capabilities
[ 1163.507520][T29166] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1525'.
[ 1163.684772][T29166] ip6gre1: entered allmulticast mode
[ 1163.770470][T29176] loop8: detected capacity change from 0 to 1024
[ 1163.830950][ T5950] usb 7-1: USB disconnect, device number 24
[ 1163.983492][T29176] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1164.074914][T29176] EXT4-fs (loop8): stripe (9) is not aligned with cluster size (16), stripe is disabled
[ 1164.145860][T29187] usbtmc 8-1:16.0: usb_control_msg returned -71
[ 1164.253814][T29176] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1164.274075][T29190] loop4: detected capacity change from 0 to 512
[ 1164.349646][ T5950] usb 8-1: USB disconnect, device number 33
[ 1164.423439][T25380] Bluetooth: hci2: command 0x0406 tx timeout
[ 1164.581666][T25380] Bluetooth: hci3: command 0x0405 tx timeout
[ 1164.739872][T25380] Bluetooth: hci0: command 0x0406 tx timeout
[ 1164.899880][T25380] Bluetooth: hci5: command 0x0406 tx timeout
[ 1164.954777][T29194] loop6: detected capacity change from 0 to 32768
[ 1165.044869][T29194] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1528 (29194)
[ 1165.086352][ T5950] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[ 1165.218341][T29225] input: syz0 as /devices/virtual/input/input30
[ 1165.266325][ T5950] usb 5-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1165.309528][ T5950] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1165.346242][ T5950] usb 5-1: config 0 descriptor??
[ 1165.390633][T19261] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1165.409417][T29194] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1165.492400][T29194] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[ 1165.696102][ T5950] kaweth 5-1:0.0: Firmware present in device.
[ 1165.702951][T21537] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[ 1165.841818][ T5950] kaweth 5-1:0.0: Statistics collection: 0
[ 1165.866750][ T5950] kaweth 5-1:0.0: Multicast filter limit: 0
[ 1165.894522][ T5950] kaweth 5-1:0.0: MTU: 0
[ 1165.914156][ T5950] kaweth 5-1:0.0: Read MAC address 00:00:00:00:00:00
[ 1165.922748][T21537] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1165.954680][T21537] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 1165.983271][T29194] BTRFS info (device loop6): setting nodatasum
[ 1165.986796][T21537] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1166.001744][T29194] BTRFS info (device loop6): setting nodatacow
[ 1166.027735][T21537] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.045415][T21537] usb 4-1: Product: syz
[ 1166.051949][T29194] BTRFS info (device loop6): enabling free space tree
[ 1166.055311][T21537] usb 4-1: Manufacturer: syz
[ 1166.094804][T21537] usb 4-1: SerialNumber: syz
[ 1166.108004][T29237] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1166.123048][T29194] BTRFS info (device loop6): max_inline set to 0
[ 1166.478335][ T5950] kaweth 5-1:0.0: kaweth interface created at eth5
[ 1166.743500][ T6040] usb 5-1: USB disconnect, device number 23
[ 1166.959400][T29276] loop8: detected capacity change from 0 to 4096
[ 1167.054957][T29276] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512).
[ 1167.221025][T21537] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1167.238138][T21537] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[ 1167.262978][T21537] cdc_ncm 4-1:1.0: setting rx_max = 2048
[ 1167.449075][T21537] cdc_ncm 4-1:1.0: setting tx_max = 184
[ 1167.519963][T29276] ntfs3(loop8): ino=0, attr_set_size
[ 1167.537382][T21537] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1167.580890][T29276] ntfs3(loop8): Mark volume as dirty due to NTFS errors
[ 1167.610997][T21537] usb 4-1: USB disconnect, device number 22
[ 1167.665868][T21537] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[ 1167.711908][ T6040] usb 8-1: new high-speed USB device number 34 using dummy_hcd
[ 1167.722307][T29313] ntfs3(loop8): ino=0, attr_set_size
[ 1167.780664][T29318] ntfs3(loop8): ino=0, attr_set_size
[ 1167.880035][T29276] ntfs3(loop8): no free space to extend mft
[ 1167.897368][ T6040] usb 8-1: Using ep0 maxpacket: 8
[ 1167.904746][ T6040] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1167.919003][ T6040] usb 8-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1167.931348][ T6040] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.972905][ T6040] usb 8-1: config 0 descriptor??
[ 1168.008515][ T6040] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 1168.891591][T10508] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1169.140312][ T6040] gspca_vc032x: reg_r err -110
[ 1169.145231][ T6040] vc032x 8-1:0.0: probe with driver vc032x failed with error -110
[ 1169.255281][T13895] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[ 1169.444700][T13895] usb 5-1: Using ep0 maxpacket: 8
[ 1169.480472][T13895] usb 5-1: config index 0 descriptor too short (expected 16291, got 18)
[ 1169.494090][T13895] usb 5-1: config 93 has too many interfaces: 47, using maximum allowed: 32
[ 1169.522911][T13895] usb 5-1: config 93 has an invalid descriptor of length 42, skipping remainder of the config
[ 1169.546126][T13895] usb 5-1: config 93 has 0 interfaces, different from the descriptor's value: 47
[ 1169.585991][T13895] usb 5-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=a7.70
[ 1169.611724][T13895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1169.619765][T13895] usb 5-1: Product: syz
[ 1169.645953][T13895] usb 5-1: Manufacturer: syz
[ 1169.658348][T13895] usb 5-1: SerialNumber: syz
[ 1170.700115][ T6040] usb 8-1: USB disconnect, device number 34
[ 1170.948613][T29394] netlink: 'syz.3.1545': attribute type 21 has an invalid length.
[ 1170.985064][T29394] netlink: 'syz.3.1545': attribute type 22 has an invalid length.
[ 1171.057461][T13895] usb 5-1: USB disconnect, device number 24
[ 1171.089579][T29394] netlink: 'syz.3.1545': attribute type 23 has an invalid length.
[ 1171.365174][T29394] netlink: 'syz.3.1545': attribute type 25 has an invalid length.
[ 1172.142010][T29394] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1545'.
[ 1172.618199][T14217] usb 8-1: new high-speed USB device number 35 using dummy_hcd
[ 1172.806850][T14217] usb 8-1: Using ep0 maxpacket: 16
[ 1172.828895][T14217] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1172.853969][T14217] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1172.876895][T14217] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1172.905262][T14217] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1172.931438][T14217] usb 8-1: Product: syz
[ 1172.940646][T14217] usb 8-1: Manufacturer: syz
[ 1172.954784][T14217] usb 8-1: SerialNumber: syz
[ 1173.021273][T29426] loop6: detected capacity change from 0 to 2048
[ 1173.043976][T29431] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1173.086992][T29426] syz.6.1550: attempt to access beyond end of device
[ 1173.086992][T29426] loop6: rw=0, sector=281474976710722, nr_sectors = 2 limit=2048
[ 1173.102765][T29426] NILFS (loop6): I/O error reading b-tree node block (ino=16, blocknr=15)
[ 1173.114385][T29426] NILFS (loop6): bad btree node (ino=16, blocknr=12): level = 0, flags = 0x0, nchildren = 0
[ 1173.125017][T29426] NILFS error (device loop6): nilfs_bmap_last_key: broken bmap (inode number=16)
[ 1173.134717][T29433] NILFS error (device loop6): nilfs_lookup: deleted inode referenced: 12
[ 1173.159876][T29433] Remounting filesystem read-only
[ 1173.159910][T29426] Remounting filesystem read-only
[ 1173.170825][T29426] NILFS (loop6): error -5 truncating bmap (ino=16)
[ 1173.358154][T10508] NILFS (loop6): disposed unprocessed dirty file(s) when detaching log writer
[ 1173.653744][T14217] usb 8-1: cannot find UAC_HEADER
[ 1173.798758][T14217] snd-usb-audio 8-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1173.857875][T14217] usb 8-1: USB disconnect, device number 35
[ 1173.972523][T21034] udevd[21034]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1174.154360][T29419] loop3: detected capacity change from 0 to 32768
[ 1174.306059][T29419] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[ 1174.416341][T21537] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1174.575972][T21537] usb 7-1: Using ep0 maxpacket: 32
[ 1174.593157][T21537] usb 7-1: config 0 has no interfaces?
[ 1174.620388][T21537] usb 7-1: New USB device found, idVendor=069a, idProduct=0001, bcdDevice=51.c5
[ 1174.635841][T21537] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1174.644771][T21537] usb 7-1: Product: syz
[ 1174.652743][T21537] usb 7-1: Manufacturer: syz
[ 1174.658218][T21537] usb 7-1: SerialNumber: syz
[ 1174.673707][T21537] usb 7-1: config 0 descriptor??
[ 1174.965422][T21537] usb 7-1: USB disconnect, device number 25
[ 1175.122414][T19212] ocfs2: Unmounting device (7,3) on (node local)
[ 1175.330730][   T10] usb 8-1: new high-speed USB device number 36 using dummy_hcd
[ 1175.489569][   T10] usb 8-1: Using ep0 maxpacket: 8
[ 1175.499327][   T10] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[ 1175.508499][   T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1175.530189][   T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1175.560835][   T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1175.583323][   T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1175.599307][   T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1175.613251][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.892775][   T10] usb 8-1: usb_control_msg returned -32
[ 1175.898912][   T10] usbtmc 8-1:16.0: can't read capabilities
[ 1176.373396][T29515] loop3: detected capacity change from 0 to 1024
[ 1176.475810][T29515] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1176.552613][T19212] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1176.692737][   T10] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1176.805274][T29525] usbtmc 8-1:16.0: usb_clear_halt returned -32
[ 1176.851936][   T10] usb 7-1: Using ep0 maxpacket: 8
[ 1176.860638][   T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1176.870901][   T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1176.883170][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1176.899397][T29536] loop8: detected capacity change from 0 to 512
[ 1176.905949][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1176.916142][   T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1176.929890][   T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1176.942293][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1177.001025][T21537] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1177.016646][ T5950] usb 8-1: USB disconnect, device number 36
[ 1177.080569][T29536] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1177.157577][T29536] EXT4-fs (loop8): 1 truncate cleaned up
[ 1177.198554][T21537] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1177.208001][   T10] usb 7-1: usb_control_msg returned -32
[ 1177.214141][T21537] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1177.217551][T29536] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1177.224890][   T10] usbtmc 7-1:16.0: can't read capabilities
[ 1177.243669][T21537] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1177.262651][T21537] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1177.283048][T21537] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1177.302478][T21537] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1177.311892][T21537] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1177.321840][T21537] usb 4-1: Product: syz
[ 1177.326019][T21537] usb 4-1: Manufacturer: syz
[ 1177.344365][T21537] cdc_wdm 4-1:1.0: skipping garbage
[ 1177.350496][T21537] cdc_wdm 4-1:1.0: skipping garbage
[ 1177.359658][T21537] cdc_wdm 4-1:1.0: cdc-wdm1: USB WDM device
[ 1177.369050][T21537] cdc_wdm 4-1:1.0: Unknown control protocol
[ 1177.485688][T29536] syz.8.1564 (pid 29536) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[ 1177.511253][T29536] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[ 1177.554386][T29536] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[ 1177.600703][T21537] usb 4-1: USB disconnect, device number 23
[ 1178.644921][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1178.651281][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1178.720799][T19261] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1178.974556][T29604] policy can only be matched on NF_INET_PRE_ROUTING
[ 1178.974584][T29604] unable to load match
[ 1179.041165][T21537] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1179.170093][T21537] usb 4-1: device descriptor read/64, error -71
[ 1179.357660][T29625] vlan0: entered allmulticast mode
[ 1179.393700][   T10] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1179.420443][T21537] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1179.564378][   T10] usb 2-1: Using ep0 maxpacket: 32
[ 1179.570790][T21537] usb 4-1: device descriptor read/64, error -71
[ 1179.587448][   T10] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1179.603511][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.616511][   T10] usb 2-1: Product: syz
[ 1179.624389][   T10] usb 2-1: Manufacturer: syz
[ 1179.636543][   T10] usb 2-1: SerialNumber: syz
[ 1179.653424][   T10] usb 2-1: config 0 descriptor??
[ 1179.680615][   T10] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1179.688529][T21537] usb usb4-port1: attempt power cycle
[ 1179.736970][T14217] usb 7-1: USB disconnect, device number 26
[ 1179.953060][T29635] loop8: detected capacity change from 0 to 4096
[ 1180.039375][T21537] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1180.166105][T21537] usb 4-1: device descriptor read/8, error -71
[ 1181.221452][   T10] gspca_topro: reg_r err -71
[ 1181.227848][   T10] gspca_topro: Sensor soi763a
[ 1181.285856][   T10] usb 2-1: USB disconnect, device number 23
[ 1181.415233][T29695] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1583'.
[ 1181.486292][T29706] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1583'.
[ 1182.137086][   T10] usb 9-1: new high-speed USB device number 27 using dummy_hcd
[ 1182.302387][   T10] usb 9-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1182.340671][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1182.384457][   T10] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1182.394423][   T10] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1182.405627][   T10] usb 9-1: Manufacturer: syz
[ 1182.426380][   T10] usb 9-1: config 0 descriptor??
[ 1182.557543][T13895] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1182.615099][   T10] rc_core: IR keymap rc-hauppauge not found
[ 1182.625193][   T10] Registered IR keymap rc-empty
[ 1182.636358][   T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[ 1182.660308][   T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input31
[ 1182.704161][   T10] usb 9-1: USB disconnect, device number 27
[ 1182.734697][T13895] usb 2-1: Using ep0 maxpacket: 32
[ 1182.755101][T13895] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[ 1182.799758][T13895] usb 2-1: config 0 has no interface number 0
[ 1182.878544][T13895] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.39
[ 1182.892647][T13895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1182.900796][T13895] usb 2-1: Product: syz
[ 1182.908869][T13895] usb 2-1: Manufacturer: syz
[ 1182.913569][T13895] usb 2-1: SerialNumber: syz
[ 1182.935976][T13895] usb 2-1: config 0 descriptor??
[ 1182.953725][T13895] smsc95xx v2.0.0
[ 1182.953772][T23832] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[ 1183.143093][T23832] usb 5-1: Using ep0 maxpacket: 16
[ 1183.150598][T23832] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[ 1183.159218][T23832] usb 5-1: config 0 has no interface number 0
[ 1183.165493][T23832] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[ 1183.182982][T23832] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[ 1183.194577][T23832] usb 5-1: config 0 interface 41 has no altsetting 0
[ 1183.203968][T23832] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1183.213368][T23832] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.221760][T23832] usb 5-1: Product: syz
[ 1183.236331][T23832] usb 5-1: Manufacturer: syz
[ 1183.241133][T23832] usb 5-1: SerialNumber: syz
[ 1183.259101][T23832] usb 5-1: config 0 descriptor??
[ 1183.276043][T29748] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1183.309399][T29748] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1183.604345][T13895] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1183.670130][T13895] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1183.696755][T29748] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1183.720211][T29748] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1184.094306][   T10] usb 8-1: new high-speed USB device number 37 using dummy_hcd
[ 1184.341148][   T10] usb 8-1: Using ep0 maxpacket: 32
[ 1184.664223][T13895] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[ 1184.672468][   T10] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1184.688633][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1184.727937][T13895] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[ 1184.733403][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1184.752579][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[ 1184.779684][T23832] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[ 1184.804633][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[ 1184.808130][T13895] usb 2-1: USB disconnect, device number 24
[ 1184.819752][   T10] usb 8-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1184.831706][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1184.840031][   T10] usb 8-1: Product: syz
[ 1184.846373][   T10] usb 8-1: Manufacturer: syz
[ 1184.851334][   T10] usb 8-1: SerialNumber: syz
[ 1184.866012][   T10] usb 8-1: config 0 descriptor??
[ 1185.232168][T23832] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[ 1185.242967][T23832] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[ 1185.260007][T23832] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[ 1185.312537][T23832] usb 5-1: USB disconnect, device number 25
[ 1185.346654][   T10] iforce 8-1:0.0: usb_submit_urb failed: -32
[ 1185.378271][   T10] input input32: Device does not respond to id packet M
[ 1185.408720][   T10] iforce 8-1:0.0: usb_submit_urb failed: -32
[ 1185.421974][   T10] input input32: Device does not respond to id packet P
[ 1185.434983][   T10] iforce 8-1:0.0: usb_submit_urb failed: -32
[ 1185.452077][   T10] input input32: Device does not respond to id packet B
[ 1185.463438][   T10] input input32: Limiting number of effects to 32 (device reports 99)
[ 1185.655550][   T10] iforce 8-1:0.0: usb_submit_urb failed: -71
[ 1185.669506][   T10] iforce 8-1:0.0: usb_submit_urb failed: -71
[ 1185.678865][   T10] iforce 8-1:0.0: usb_submit_urb failed: -71
[ 1185.691407][   T10] iforce 8-1:0.0: usb_submit_urb failed: -71
[ 1185.719425][   T10] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input32
[ 1185.744792][ T5950] usb 9-1: new high-speed USB device number 28 using dummy_hcd
[ 1185.776769][   T10] usb 8-1: USB disconnect, device number 37
[ 1185.807606][ T5213] iforce 8-1:0.0: usb_submit_urb failed -19
[ 1185.824218][   T10] iforce 8-1:0.0: usb_submit_urb failed -19
[ 1185.939124][ T5950] usb 9-1: Using ep0 maxpacket: 8
[ 1185.957093][ T5950] usb 9-1: config 179 has an invalid interface number: 65 but max is 0
[ 1186.010953][ T5950] usb 9-1: config 179 has no interface number 0
[ 1186.027922][ T5950] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1186.059336][ T5950] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1186.086368][ T5950] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1186.098714][ T5950] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1186.133018][ T5950] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1186.143667][ T5950] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1186.167526][T29803] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1186.348762][T29829] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1186.563678][ T5950] input: Generic X-Box pad as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:179.65/input/input33
[ 1186.956956][T29849] 9pnet_fd: p9_fd_create_tcp (29849): problem connecting socket to 127.0.0.1
[ 1186.993058][   T10] usb 9-1: USB disconnect, device number 28
[ 1186.993131][    C0] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1187.007356][    C0] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1189.469180][ T5950] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1189.613720][T14217] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1189.623935][ T5950] usb 2-1: Using ep0 maxpacket: 32
[ 1189.631289][ T5950] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[ 1189.642867][ T5950] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1189.663194][ T5950] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1189.679970][ T5950] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1189.695610][ T5950] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1189.706918][ T5950] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1189.717827][ T5950] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1189.730589][ T5950] usb 2-1: Product: syz
[ 1189.734771][ T5950] usb 2-1: Manufacturer: syz
[ 1189.750029][ T5950] usb 2-1: SerialNumber: syz
[ 1189.761125][ T5950] usb 2-1: config 0 descriptor??
[ 1189.769317][T14217] usb 7-1: Using ep0 maxpacket: 32
[ 1189.773008][ T5950] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1189.783953][T14217] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[ 1189.802359][ T5950] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1189.806771][T14217] usb 7-1: config 0 has no interface number 0
[ 1189.840714][T14217] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.39
[ 1189.850107][T14217] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.866019][T14217] usb 7-1: Product: syz
[ 1189.870312][T14217] usb 7-1: Manufacturer: syz
[ 1189.874921][T14217] usb 7-1: SerialNumber: syz
[ 1189.891184][T14217] usb 7-1: config 0 descriptor??
[ 1189.901727][T14217] smsc95xx v2.0.0
[ 1190.092646][   T48] usb 2-1: USB disconnect, device number 25
[ 1190.098647][    C1] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[ 1190.123075][   T48] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[ 1190.453869][T14217] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1190.483850][T14217] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1190.867372][T29895] loop7: detected capacity change from 0 to 32768
[ 1191.029438][T29895] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1608 (29895)
[ 1191.123785][T29895] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1191.203246][T29895] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[ 1191.304984][T14217] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[ 1191.332111][T14217] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[ 1191.347974][T14217] usb 7-1: USB disconnect, device number 27
[ 1191.584706][T29895] BTRFS info (device loop7): setting nodatasum
[ 1191.644342][T29895] BTRFS info (device loop7): setting nodatacow
[ 1191.670440][T29895] BTRFS info (device loop7): enabling free space tree
[ 1191.739467][T29909] loop8: detected capacity change from 0 to 32768
[ 1191.836322][T29909] BTRFS info: device /dev/loop8 (7:8) using temp-fsid b3828362-4605-4a29-9be7-d5755250c9da
[ 1192.005488][T29975] loop3: detected capacity change from 0 to 32768
[ 1192.015050][T29895] BTRFS info (device loop7): max_inline set to 0
[ 1192.022863][T29909] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1611 (29909)
[ 1192.025362][T14217] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 1192.064467][T29975] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1617 (29975)
[ 1192.132275][T29975] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1192.143355][T29975] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[ 1192.258820][T14217] usb 5-1: Using ep0 maxpacket: 8
[ 1192.272301][T14217] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1192.287606][T29909] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1192.328320][T14217] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1192.341595][T29975] BTRFS info (device loop3): enabling ssd optimizations
[ 1192.348911][T29975] BTRFS info (device loop3): enabling free space tree
[ 1192.356272][T29909] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm
[ 1192.367062][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[ 1192.367491][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 1192.388410][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 1192.407776][T14217] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1192.429286][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1192.431648][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 1192.458379][T18447] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1192.502118][T14217] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1192.529503][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1192.529873][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1192.541310][T14217] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1192.634466][T14217] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1192.677872][T14217] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.858720][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1192.859102][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1192.879124][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1192.911829][T19212] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1193.081601][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1193.121151][T29909] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1193.520441][T29909] BTRFS error (device loop8): open_ctree failed: -12
[ 1193.746092][T14217] usb 5-1: usb_control_msg returned -32
[ 1193.756507][T14217] usbtmc 5-1:16.0: can't read capabilities
[ 1195.082044][T30036] usbtmc 5-1:16.0: usb_control_msg returned -71
[ 1195.285055][   T48] usb 5-1: USB disconnect, device number 26
[ 1195.940941][T30081] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1196.047450][T30075] loop3: detected capacity change from 0 to 4096
[ 1196.259188][T14217] usb 9-1: new high-speed USB device number 29 using dummy_hcd
[ 1196.521959][T14217] usb 9-1: Using ep0 maxpacket: 8
[ 1196.602076][T14217] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1196.669924][T14217] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1196.690287][T14217] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1196.704314][T14217] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1196.736717][T14217] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1196.783974][T14217] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1197.145883][T14217] usb 9-1: GET_CAPABILITIES returned 0
[ 1197.152742][T14217] usbtmc 9-1:16.0: can't read capabilities
[ 1197.882747][    C1] usbtmc 9-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 1197.983530][T23832] usb 9-1: USB disconnect, device number 29
[ 1198.381367][T30158] gtp0: entered promiscuous mode
[ 1198.737230][T23832] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1199.618808][T23832] usb 4-1: Using ep0 maxpacket: 32
[ 1199.649775][T23832] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[ 1199.675136][T23832] usb 4-1: config 0 has no interface number 0
[ 1199.714485][T23832] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.39
[ 1199.733981][T23832] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1199.756869][T23832] usb 4-1: Product: syz
[ 1199.761376][T23832] usb 4-1: Manufacturer: syz
[ 1199.779180][T23832] usb 4-1: SerialNumber: syz
[ 1199.994649][T23832] usb 4-1: config 0 descriptor??
[ 1200.002957][T23832] smsc95xx v2.0.0
[ 1200.629879][T23832] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1200.686479][T23832] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1201.077401][T30202] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1644'.
[ 1201.127842][T30203] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1644'.
[ 1201.440825][T23832] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[ 1201.460276][T23832] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[ 1201.504489][T23832] usb 4-1: USB disconnect, device number 28
[ 1201.651337][T30213] loop4: detected capacity change from 0 to 4096
[ 1202.342771][T30174] loop7: detected capacity change from 0 to 32768
[ 1202.513651][T30174] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1202.600539][T30193] loop1: detected capacity change from 0 to 32768
[ 1202.610357][T30193] XFS: ikeep mount option is deprecated.
[ 1202.738772][T30174] XFS (loop7): Ending clean mount
[ 1202.880180][T30193] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1203.083290][T18447] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1203.171043][T30193] XFS (loop1): Ending clean mount
[ 1203.232353][T30193] XFS (loop1): Quotacheck needed: Please wait.
[ 1203.368544][T30193] XFS (loop1): Quotacheck: Done.
[ 1203.519515][T20685] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1203.549647][ T6040] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[ 1204.329966][ T6040] usb 5-1: too many configurations: 9, using maximum allowed: 8
[ 1204.369837][ T6040] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1204.385129][ T6040] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1204.399215][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1204.407517][ T6040] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1204.417067][ T6040] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1204.438652][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1204.458246][ T6040] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1204.467400][ T6040] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1204.512546][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1204.528492][ T6040] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1204.561704][ T6040] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1204.593203][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1204.609722][ T6040] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1204.620966][ T6040] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1204.647865][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1204.659394][ T6040] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1204.669341][ T6040] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1204.681684][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1204.689918][ T6040] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1204.973162][ T6040] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1204.995332][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1205.016388][ T6040] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1205.026165][ T6040] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1205.039615][ T6040] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1205.049497][ T6040] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1205.065407][ T6040] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1205.076717][ T6040] usb 5-1: Product: syz
[ 1205.080901][ T6040] usb 5-1: Manufacturer: syz
[ 1205.096016][ T6040] usb 5-1: SerialNumber: syz
[ 1205.107065][ T6040] usb 5-1: config 0 descriptor??
[ 1205.125829][ T6040] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[ 1205.423916][T30261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1205.493180][T30261] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1205.611439][T30315] loop6: detected capacity change from 0 to 7
[ 1205.624986][ T6040] usb 5-1: USB disconnect, device number 27
[ 1205.667564][ T6040] yurex 5-1:0.0: USB YUREX #0 now disconnected
[ 1205.690679][T30315] Dev loop6: unable to read RDB block 7
[ 1205.707604][T30315]  loop6: unable to read partition table
[ 1205.717304][T30315] loop6: partition table beyond EOD, truncated
[ 1205.724080][T30315] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1205.909997][   T48] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[ 1206.450097][T30353] vlan0: entered allmulticast mode
[ 1206.469112][   T48] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1206.487244][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1206.502731][   T48] usb 4-1: Product: syz
[ 1206.513566][   T48] usb 4-1: Manufacturer: syz
[ 1206.518274][   T48] usb 4-1: SerialNumber: syz
[ 1206.528657][   T48] usb 4-1: config 0 descriptor??
[ 1206.639089][T30361] loop4: detected capacity change from 0 to 256
[ 1206.758256][T30361] exfat: Deprecated parameter 'namecase'
[ 1206.763284][   T48] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1206.850354][T30361] exfat: Deprecated parameter 'utf8'
[ 1207.609820][T30361] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x2b52634e, utbl_chksum : 0xe619d30d)
[ 1209.579025][   T48] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1209.935096][T30393] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1210.662262][T21537] usb 4-1: USB disconnect, device number 29
[ 1210.766273][T30423] loop7: detected capacity change from 0 to 256
[ 1210.904810][T30423] exfat: Deprecated parameter 'utf8'
[ 1210.937465][T30423] exfat: Deprecated parameter 'utf8'
[ 1210.974212][T30423] exfat: Deprecated parameter 'utf8'
[ 1211.042665][T30423] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d)
[ 1212.300254][T30419] loop8: detected capacity change from 0 to 32768
[ 1212.433855][T30419] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1674 (30419)
[ 1212.646110][T30419] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1212.665715][T30463] loop7: detected capacity change from 0 to 512
[ 1212.680866][T30419] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm
[ 1212.821581][T30463] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[ 1212.836851][T30463] ext4 filesystem being mounted at /187/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1213.112570][T18447] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[ 1213.164861][T30419] BTRFS info (device loop8): setting nodatasum
[ 1213.177230][T30419] BTRFS info (device loop8): setting nodatacow
[ 1213.201496][T30419] BTRFS info (device loop8): enabling free space tree
[ 1213.350396][T30419] BTRFS info (device loop8): max_inline set to 0
[ 1214.379730][T19261] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1215.480154][   T48] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1215.637577][   T48] usb 5-1: Using ep0 maxpacket: 32
[ 1215.644951][   T48] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[ 1215.653708][   T48] usb 5-1: config 0 has no interface number 0
[ 1215.663811][   T48] usb 5-1: config 0 interface 184 has no altsetting 0
[ 1215.676098][   T48] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1215.685458][   T48] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1215.695567][   T48] usb 5-1: Product: syz
[ 1215.706118][   T48] usb 5-1: Manufacturer: syz
[ 1215.710737][   T48] usb 5-1: SerialNumber: syz
[ 1215.726683][   T48] usb 5-1: config 0 descriptor??
[ 1215.739639][   T48] smsc75xx v1.0.0
[ 1216.059844][T30533] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1691'.
[ 1216.286340][T23832] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[ 1216.396330][   T48] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1216.420019][   T48] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1216.665571][T23832] usb 9-1: Using ep0 maxpacket: 32
[ 1216.753748][T23832] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[ 1216.787327][T23832] usb 9-1: config 0 has no interface number 0
[ 1216.804677][T23832] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.39
[ 1216.815845][T23832] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1216.830638][T23832] usb 9-1: Product: syz
[ 1216.834820][T23832] usb 9-1: Manufacturer: syz
[ 1216.842629][T23832] usb 9-1: SerialNumber: syz
[ 1216.865324][T23832] usb 9-1: config 0 descriptor??
[ 1216.890679][T23832] smsc95xx v2.0.0
[ 1217.303424][   T48] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 1217.316799][   T48] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 1217.341788][   T48] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1217.351252][T23832] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1217.351305][T23832] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1217.392660][   T48] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[ 1217.393425][T30553] loop1: detected capacity change from 0 to 2048
[ 1217.457838][   T48] usb 5-1: USB disconnect, device number 28
[ 1217.568506][T30553] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1217.688440][T30553] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1217.789152][T30553] overlayfs: Failed to create volatile/dirty file.
[ 1217.899445][T20685] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1218.824780][T23832] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[ 1218.843920][T23832] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -71
[ 1218.894903][T23832] usb 9-1: USB disconnect, device number 30
[ 1219.423538][T30600] loop6: detected capacity change from 0 to 512
[ 1219.604286][T30600] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[ 1219.687999][T30600] ext4 filesystem being mounted at /305/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1219.730963][T30597] loop3: detected capacity change from 0 to 32768
[ 1219.809270][T30597] XFS: ikeep mount option is deprecated.
[ 1219.953229][T10508] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[ 1220.068618][T30597] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1220.094879][T30617] loop1: detected capacity change from 0 to 1024
[ 1220.207095][T30617] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1220.286638][T30623] loop8: detected capacity change from 0 to 256
[ 1220.361279][T30597] XFS (loop3): Ending clean mount
[ 1220.437394][T30597] XFS (loop3): Quotacheck needed: Please wait.
[ 1220.446335][T30623] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1220.573874][T30633] nbd6: detected capacity change from 0 to 1024
[ 1220.612868][T30597] XFS (loop3): Quotacheck: Done.
[ 1220.613952][T21034] block nbd6: Send control failed (result -89)
[ 1220.622103][T20685] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1220.644170][T21034] block nbd6: Request send failed, requeueing
[ 1220.656911][   T30] audit: type=1800 audit(1771595901.577:28): pid=30623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1700" name="file1" dev="loop8" ino=1048995 res=0 errno=0
[ 1220.678056][ T6153] block nbd6: Dead connection, failed to find a fallback
[ 1220.685360][T25380] block nbd6: Receive control failed (result -32)
[ 1220.694636][ T6153] block nbd6: shutting down sockets
[ 1220.701024][ T6153] blk_print_req_error: 2 callbacks suppressed
[ 1220.701048][ T6153] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.718488][ T6153] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1220.727964][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.751706][T30636] block nbd6: NBD_DISCONNECT
[ 1220.756439][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1220.767919][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.799179][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1220.841576][T30636] block nbd6: Send disconnect failed -89
[ 1220.887661][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.928138][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1220.942398][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.955973][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1220.964226][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1220.975678][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1220.983750][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1221.025185][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1221.033159][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1221.048110][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1221.057174][T19212] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1221.065866][T21034] ldm_validate_partition_table(): Disk read failed.
[ 1221.065992][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1221.093068][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1221.114710][T21034] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1221.133793][T21034] Buffer I/O error on dev nbd6, logical block 0, async page read
[ 1221.142655][T21034] Dev nbd6: unable to read RDB block 0
[ 1221.152698][T21034]  nbd6: unable to read partition table
[ 1221.174836][ T5228] ldm_validate_partition_table(): Disk read failed.
[ 1221.192182][ T5228] Dev nbd6: unable to read RDB block 0
[ 1221.202320][ T5228]  nbd6: unable to read partition table
[ 1221.234387][T21034] ldm_validate_partition_table(): Disk read failed.
[ 1221.247788][T21034] Dev nbd6: unable to read RDB block 0
[ 1221.256593][T30646] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1702'.
[ 1221.266530][T21034]  nbd6: unable to read partition table
[ 1221.706723][T30662] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1221.745195][T30662] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1221.752563][T30662] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1221.789534][   T10] usb 9-1: new high-speed USB device number 31 using dummy_hcd
[ 1221.956940][   T10] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1221.967522][   T10] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1222.006849][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1222.045895][   T10] usb 9-1: config 0 descriptor??
[ 1222.056940][   T10] pwc: Askey VC010 type 2 USB webcam detected.
[ 1222.239541][T30674] loop7: detected capacity change from 0 to 2048
[ 1222.364498][T30674] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1222.415887][T30674] ext4 filesystem being mounted at /190/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1222.488203][   T10] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1222.495778][   T10] pwc: recv_control_msg error -32 req 02 val 2700
[ 1222.519821][   T10] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1222.546150][   T10] pwc: recv_control_msg error -32 req 04 val 1000
[ 1222.553619][   T10] pwc: recv_control_msg error -32 req 04 val 1300
[ 1222.692120][T30674] overlayfs: Failed to create volatile/dirty file.
[ 1222.699755][T30678] loop3: detected capacity change from 0 to 8192
[ 1222.764935][   T10] pwc: recv_control_msg error -71 req 02 val 2000
[ 1222.783886][   T10] pwc: recv_control_msg error -71 req 02 val 2100
[ 1222.821292][   T10] pwc: recv_control_msg error -71 req 04 val 1500
[ 1222.834366][   T10] pwc: recv_control_msg error -71 req 02 val 2500
[ 1222.843477][T13895] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1222.844629][   T10] pwc: recv_control_msg error -71 req 02 val 2400
[ 1222.862732][   T10] pwc: recv_control_msg error -71 req 02 val 2600
[ 1222.869846][   T10] pwc: recv_control_msg error -71 req 02 val 2900
[ 1222.879714][   T10] pwc: recv_control_msg error -71 req 02 val 2800
[ 1222.887003][   T10] pwc: recv_control_msg error -71 req 04 val 1100
[ 1222.902003][   T10] pwc: recv_control_msg error -71 req 04 val 1200
[ 1222.914766][   T10] pwc: Registered as video103.
[ 1222.952865][   T10] input: PWC snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/input/input34
[ 1223.016098][T13895] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1223.019898][   T10] usb 9-1: USB disconnect, device number 31
[ 1223.068517][T13895] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1223.103501][T18447] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1223.126396][T13895] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1223.230331][T13895] usb 7-1: config 0 descriptor??
[ 1223.283451][T13895] pwc: Askey VC010 type 2 USB webcam detected.
[ 1223.866377][T13895] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1223.881078][T13895] pwc: recv_control_msg error -32 req 02 val 2700
[ 1224.227622][T13895] pwc: recv_control_msg error -71 req 04 val 1000
[ 1224.304901][T13895] pwc: recv_control_msg error -71 req 04 val 1300
[ 1224.527862][T13895] pwc: recv_control_msg error -71 req 04 val 1400
[ 1224.560679][T13895] pwc: recv_control_msg error -71 req 02 val 2000
[ 1224.570228][T13895] pwc: recv_control_msg error -71 req 02 val 2100
[ 1224.581884][T13895] pwc: recv_control_msg error -71 req 04 val 1500
[ 1224.594254][T13895] pwc: recv_control_msg error -71 req 02 val 2500
[ 1224.620348][T13895] pwc: recv_control_msg error -71 req 02 val 2400
[ 1224.647373][T13895] pwc: recv_control_msg error -71 req 02 val 2600
[ 1224.686341][T13895] pwc: recv_control_msg error -71 req 02 val 2900
[ 1224.687147][T30734] loop8: detected capacity change from 0 to 256
[ 1224.700183][T30734] exfat: Deprecated parameter 'namecase'
[ 1224.706661][T30734] exfat: Deprecated parameter 'utf8'
[ 1224.709803][T13895] pwc: recv_control_msg error -71 req 02 val 2800
[ 1224.785942][T13895] pwc: recv_control_msg error -71 req 04 val 1100
[ 1224.822296][T13895] pwc: recv_control_msg error -71 req 04 val 1200
[ 1224.840103][T30734] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x2b52634e, utbl_chksum : 0xe619d30d)
[ 1224.903970][T13895] pwc: Registered as video103.
[ 1224.915006][T13895] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input35
[ 1224.983056][T23832] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1225.029912][T13895] usb 7-1: USB disconnect, device number 28
[ 1225.148838][T23832] usb 4-1: Using ep0 maxpacket: 32
[ 1225.154158][T21537] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1225.165066][T30759] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1716'.
[ 1225.184973][T23832] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1225.218578][T23832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1225.235907][T23832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1225.246010][T23832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[ 1225.258485][T23832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[ 1225.278535][T23832] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1225.298162][T23832] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1225.306368][T23832] usb 4-1: Product: syz
[ 1225.320993][T23832] usb 4-1: Manufacturer: syz
[ 1225.325615][T23832] usb 4-1: SerialNumber: syz
[ 1225.348178][T23832] usb 4-1: config 0 descriptor??
[ 1225.355334][T21537] usb 5-1: Using ep0 maxpacket: 32
[ 1225.385317][T21537] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[ 1225.403890][T21537] usb 5-1: config 0 has no interface number 0
[ 1225.416560][T21537] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.39
[ 1225.426114][T21537] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1225.434151][T21537] usb 5-1: Product: syz
[ 1225.455781][T21537] usb 5-1: Manufacturer: syz
[ 1225.460703][T21537] usb 5-1: SerialNumber: syz
[ 1225.473890][T21537] usb 5-1: config 0 descriptor??
[ 1225.499573][T21537] smsc95xx v2.0.0
[ 1225.688232][T30777] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1225.825260][T23832] iforce 4-1:0.0: usb_submit_urb failed: -32
[ 1225.831370][T23832] input input36: Device does not respond to id packet M
[ 1225.873077][T23832] iforce 4-1:0.0: usb_submit_urb failed: -32
[ 1225.879187][T23832] input input36: Device does not respond to id packet P
[ 1225.914025][T23832] iforce 4-1:0.0: usb_submit_urb failed: -32
[ 1225.934941][T23832] input input36: Device does not respond to id packet B
[ 1225.958203][T23832] input input36: Limiting number of effects to 32 (device reports 99)
[ 1225.977372][T21537] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1226.010255][T21537] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1226.157655][T23832] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1226.170203][T23832] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1226.181850][T23832] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1226.191183][T23832] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1226.220732][T23832] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input36
[ 1226.281009][T23832] usb 4-1: USB disconnect, device number 30
[ 1226.887440][T21537] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[ 1227.003566][T21537] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[ 1227.168893][T21537] usb 5-1: USB disconnect, device number 29
[ 1227.688127][T21537] usb 9-1: new high-speed USB device number 32 using dummy_hcd
[ 1227.775400][T30849] hub 6-0:1.0: USB hub found
[ 1227.789379][T30849] hub 6-0:1.0: 1 port detected
[ 1227.854240][T21537] usb 9-1: Using ep0 maxpacket: 8
[ 1227.861649][T21537] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1227.891882][T21537] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1227.901346][T21537] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1227.916655][T21537] usb 9-1: config 0 descriptor??
[ 1228.052620][ T5950] usb 4-1: new low-speed USB device number 31 using dummy_hcd
[ 1228.269034][ T5950] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1228.317462][ T5950] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1228.580392][ T5950] usb 4-1: config 0 descriptor??
[ 1229.057080][T21537] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1229.302794][T21537] usb 9-1: USB disconnect, device number 32
[ 1229.434320][T30879] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1229.442389][T30879] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1230.870896][T13895] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[ 1231.029813][   T48] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[ 1231.041909][T13895] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1231.052902][T13895] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1231.062922][T13895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1231.080214][T13895] usb 5-1: config 0 descriptor??
[ 1231.108945][T13895] pwc: Askey VC010 type 2 USB webcam detected.
[ 1231.184849][   T48] usb 2-1: Using ep0 maxpacket: 16
[ 1231.196999][   T48] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[ 1231.221162][   T48] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1231.231444][ T5950] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1231.239002][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1231.251087][ T5950] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[ 1231.260191][   T48] usb 2-1: Product: syz
[ 1231.271639][   T48] usb 2-1: Manufacturer: syz
[ 1231.275587][ T5950] asix 4-1:0.0: probe with driver asix failed with error -71
[ 1231.277439][   T48] usb 2-1: SerialNumber: syz
[ 1231.300454][ T5950] usb 4-1: USB disconnect, device number 31
[ 1231.320753][   T48] usb 2-1: config 0 descriptor??
[ 1231.333780][   T48] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[ 1231.351895][   T48] usb 2-1: Detected FT232R
[ 1231.564098][   T48] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[ 1231.577339][T13895] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1231.584776][T13895] pwc: recv_control_msg error -32 req 02 val 2700
[ 1231.733622][T30912] loop8: detected capacity change from 0 to 40427
[ 1231.762144][T30912] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[ 1231.785263][   T48] ftdi_sio 2-1:0.0: GPIO initialisation failed: -5
[ 1231.799211][   T48] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1231.828683][T13895] pwc: recv_control_msg error -71 req 04 val 1000
[ 1231.854764][T13895] pwc: recv_control_msg error -71 req 04 val 1300
[ 1231.857238][T30912] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[ 1231.887294][T13895] pwc: recv_control_msg error -71 req 04 val 1400
[ 1231.907991][T13895] pwc: recv_control_msg error -71 req 02 val 2000
[ 1231.933738][T13895] pwc: recv_control_msg error -71 req 02 val 2100
[ 1231.944744][T13895] pwc: recv_control_msg error -71 req 04 val 1500
[ 1231.957475][T13895] pwc: recv_control_msg error -71 req 02 val 2500
[ 1231.992475][T13895] pwc: recv_control_msg error -71 req 02 val 2400
[ 1232.023376][T13895] pwc: recv_control_msg error -71 req 02 val 2600
[ 1232.032107][T13895] pwc: recv_control_msg error -71 req 02 val 2900
[ 1232.032746][T30912] F2FS-fs (loop8): invalid crc value
[ 1232.042968][T13895] pwc: recv_control_msg error -71 req 02 val 2800
[ 1232.051923][T13895] pwc: recv_control_msg error -71 req 04 val 1100
[ 1232.067849][T13895] pwc: recv_control_msg error -71 req 04 val 1200
[ 1232.093331][T13895] pwc: Registered as video103.
[ 1232.124770][T13895] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input37
[ 1232.177437][T13895] usb 5-1: USB disconnect, device number 30
[ 1232.235716][   T48] usb 2-1: USB disconnect, device number 26
[ 1232.272573][   T48] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1232.318581][   T48] ftdi_sio 2-1:0.0: device disconnected
[ 1232.403447][T21029] udevd[21029]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[ 1232.547887][T30954] loop7: detected capacity change from 0 to 4096
[ 1232.685124][T30974] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1232.697110][T30912] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1232.737020][T30912] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[ 1232.745815][T30912] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[ 1233.343673][T30984] loop4: detected capacity change from 0 to 1024
[ 1233.519164][T30912] syz.8.1742: attempt to access beyond end of device
[ 1233.519164][T30912] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[ 1234.327957][T30984] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1234.415867][T30912] CPU: 1 UID: 0 PID: 30912 Comm: syz.8.1742 Not tainted syzkaller #0 PREEMPT(full) 
[ 1234.415916][T30912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1234.415940][T30912] Call Trace:
[ 1234.415953][T30912]  <TASK>
[ 1234.415967][T30912]  dump_stack_lvl+0x16c/0x1f0
[ 1234.416029][T30912]  f2fs_handle_critical_error+0x624/0x9f0
[ 1234.416086][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.416136][T30912]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1234.416199][T30912]  f2fs_write_end_io+0x958/0xcf0
[ 1234.416262][T30912]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1234.416324][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.416385][T30912]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1234.416437][T30912]  bio_endio+0x6bf/0x800
[ 1234.416504][T30912]  submit_bio_noacct+0x306/0x1ed0
[ 1234.416565][T30912]  __submit_merged_bio+0x33c/0x770
[ 1234.416628][T30912]  __submit_merged_write_cond+0x319/0x3f0
[ 1234.416699][T30912]  f2fs_write_cache_pages+0x2067/0x2570
[ 1234.416802][T30912]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1234.416862][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.416914][T30912]  ? trace_sched_exit_tp+0xd1/0x120
[ 1234.416959][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.417017][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.417064][T30912]  ? __lock_acquire+0x62e/0x1ce0
[ 1234.417197][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.417296][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.417342][T30912]  ? mod_memcg_lruvec_state+0x389/0x5f0
[ 1234.417397][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.417441][T30912]  ? __mod_zone_page_state+0xcc/0x1a0
[ 1234.417492][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.417547][T30912]  f2fs_write_data_pages+0x4ad/0xd90
[ 1234.417617][T30912]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1234.417695][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.417739][T30912]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1234.417803][T30912]  do_writepages+0x27a/0x600
[ 1234.417862][T30912]  ? __pfx_do_writepages+0x10/0x10
[ 1234.417907][T30912]  ? do_raw_spin_unlock+0x172/0x230
[ 1234.417950][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.417994][T30912]  ? _raw_spin_unlock+0x28/0x50
[ 1234.418046][T30912]  filemap_fdatawrite_wbc+0x104/0x160
[ 1234.418104][T30912]  __filemap_fdatawrite_range+0xb9/0x100
[ 1234.418169][T30912]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 1234.418304][T30912]  ? find_held_lock+0x2b/0x80
[ 1234.418353][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.418399][T30912]  ? do_raw_spin_unlock+0x172/0x230
[ 1234.418440][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.418493][T30912]  f2fs_sync_dirty_inodes+0x2a9/0x990
[ 1234.418584][T30912]  block_operations+0x2b0/0xfe0
[ 1234.418651][T30912]  ? __pfx___schedule+0x10/0x10
[ 1234.418703][T30912]  ? __pfx_block_operations+0x10/0x10
[ 1234.418832][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.418876][T30912]  ? down_write+0x14d/0x200
[ 1234.418934][T30912]  ? __pfx_down_write+0x10/0x10
[ 1234.418993][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.419036][T30912]  ? rcu_is_watching+0x12/0xc0
[ 1234.419094][T30912]  f2fs_write_checkpoint+0x2b8/0x4c60
[ 1234.419139][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.419182][T30912]  ? kfree+0x2b4/0x4d0
[ 1234.419233][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.419281][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.419325][T30912]  ? rcu_is_watching+0x12/0xc0
[ 1234.419370][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.419413][T30912]  ? kthread_stop+0x273/0x630
[ 1234.419454][T30912]  kill_f2fs_super+0x3c2/0x470
[ 1234.419491][T30912]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1234.419525][T30912]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1234.419601][T30912]  deactivate_locked_super+0xc1/0x1a0
[ 1234.419662][T30912]  deactivate_super+0xde/0x100
[ 1234.419720][T30912]  cleanup_mnt+0x225/0x450
[ 1234.419788][T30912]  task_work_run+0x150/0x240
[ 1234.419834][T30912]  ? __pfx_task_work_run+0x10/0x10
[ 1234.419894][T30912]  do_exit+0x86f/0x2bf0
[ 1234.419967][T30912]  ? __pfx_do_exit+0x10/0x10
[ 1234.420021][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.420066][T30912]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1234.420104][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.420147][T30912]  ? find_held_lock+0x2b/0x80
[ 1234.420208][T30912]  do_group_exit+0xd3/0x2a0
[ 1234.420270][T30912]  get_signal+0x2673/0x26d0
[ 1234.420346][T30912]  ? __pfx_get_signal+0x10/0x10
[ 1234.420393][T30912]  ? do_futex+0x122/0x350
[ 1234.420458][T30912]  ? __pfx_do_futex+0x10/0x10
[ 1234.420523][T30912]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1234.420580][T30912]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1234.420668][T30912]  exit_to_user_mode_loop+0x84/0x110
[ 1234.420711][T30912]  do_syscall_64+0x3f6/0x4c0
[ 1234.420773][T30912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1234.420810][T30912] RIP: 0033:0x7fd48f78ebe9
[ 1234.420838][T30912] Code: Unable to access opcode bytes at 0x7fd48f78ebbf.
[ 1234.420856][T30912] RSP: 002b:00007fd4905750e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1234.420891][T30912] RAX: fffffffffffffe00 RBX: 00007fd48f9b5fa8 RCX: 00007fd48f78ebe9
[ 1234.420917][T30912] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd48f9b5fa8
[ 1234.420941][T30912] RBP: 00007fd48f9b5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1234.420965][T30912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1234.420989][T30912] R13: 00007fd48f9b6038 R14: 00007ffed9e88bb0 R15: 00007ffed9e88c98
[ 1234.421045][T30912]  </TASK>
[ 1234.421059][T30912] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1234.830906][   T30] audit: type=1800 audit(1772120203.888:29): pid=30984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1747" name="bus" dev="loop4" ino=18 res=0 errno=0
[ 1234.842924][T30912] CPU: 1 UID: 0 PID: 30912 Comm: syz.8.1742 Not tainted syzkaller #0 PREEMPT(full) 
[ 1234.842969][T30912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1234.842992][T30912] Call Trace:
[ 1234.843005][T30912]  <TASK>
[ 1234.843019][T30912]  dump_stack_lvl+0x16c/0x1f0
[ 1234.843078][T30912]  f2fs_handle_critical_error+0x624/0x9f0
[ 1234.843132][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.843177][T30912]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1234.843230][T30912]  f2fs_write_end_io+0x958/0xcf0
[ 1234.843297][T30912]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1234.843356][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.843412][T30912]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1234.843462][T30912]  bio_endio+0x6bf/0x800
[ 1234.843524][T30912]  submit_bio_noacct+0x306/0x1ed0
[ 1234.843581][T30912]  __submit_merged_bio+0x33c/0x770
[ 1234.843640][T30912]  __submit_merged_write_cond+0x319/0x3f0
[ 1234.843706][T30912]  f2fs_write_cache_pages+0x2067/0x2570
[ 1234.843800][T30912]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1234.843854][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.843902][T30912]  ? trace_sched_exit_tp+0xd1/0x120
[ 1234.843945][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.843998][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.844040][T30912]  ? __lock_acquire+0x62e/0x1ce0
[ 1234.844161][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.844259][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.844302][T30912]  ? mod_memcg_lruvec_state+0x389/0x5f0
[ 1234.844353][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.844395][T30912]  ? __mod_zone_page_state+0xcc/0x1a0
[ 1234.844446][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.844499][T30912]  f2fs_write_data_pages+0x4ad/0xd90
[ 1234.844567][T30912]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1234.844643][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.844687][T30912]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1234.844747][T30912]  do_writepages+0x27a/0x600
[ 1234.844806][T30912]  ? __pfx_do_writepages+0x10/0x10
[ 1234.844849][T30912]  ? do_raw_spin_unlock+0x172/0x230
[ 1234.844891][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.844933][T30912]  ? _raw_spin_unlock+0x28/0x50
[ 1234.844985][T30912]  filemap_fdatawrite_wbc+0x104/0x160
[ 1234.845042][T30912]  __filemap_fdatawrite_range+0xb9/0x100
[ 1234.845106][T30912]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 1234.845238][T30912]  ? find_held_lock+0x2b/0x80
[ 1234.845286][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.845330][T30912]  ? do_raw_spin_unlock+0x172/0x230
[ 1234.845371][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.845422][T30912]  f2fs_sync_dirty_inodes+0x2a9/0x990
[ 1234.845512][T30912]  block_operations+0x2b0/0xfe0
[ 1234.845578][T30912]  ? __pfx___schedule+0x10/0x10
[ 1234.845630][T30912]  ? __pfx_block_operations+0x10/0x10
[ 1234.845757][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.845800][T30912]  ? down_write+0x14d/0x200
[ 1234.845855][T30912]  ? __pfx_down_write+0x10/0x10
[ 1234.845913][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.845955][T30912]  ? rcu_is_watching+0x12/0xc0
[ 1234.846012][T30912]  f2fs_write_checkpoint+0x2b8/0x4c60
[ 1234.846058][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.846100][T30912]  ? kfree+0x2b4/0x4d0
[ 1234.846145][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.846194][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.846240][T30912]  ? rcu_is_watching+0x12/0xc0
[ 1234.846285][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.846327][T30912]  ? kthread_stop+0x273/0x630
[ 1234.846369][T30912]  kill_f2fs_super+0x3c2/0x470
[ 1234.846407][T30912]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1234.846441][T30912]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1234.846516][T30912]  deactivate_locked_super+0xc1/0x1a0
[ 1234.846576][T30912]  deactivate_super+0xde/0x100
[ 1234.846632][T30912]  cleanup_mnt+0x225/0x450
[ 1234.846696][T30912]  task_work_run+0x150/0x240
[ 1234.846741][T30912]  ? __pfx_task_work_run+0x10/0x10
[ 1234.846800][T30912]  do_exit+0x86f/0x2bf0
[ 1234.846872][T30912]  ? __pfx_do_exit+0x10/0x10
[ 1234.846925][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.846968][T30912]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1234.847005][T30912]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1234.847047][T30912]  ? find_held_lock+0x2b/0x80
[ 1234.847104][T30912]  do_group_exit+0xd3/0x2a0
[ 1234.847165][T30912]  get_signal+0x2673/0x26d0
[ 1234.847244][T30912]  ? __pfx_get_signal+0x10/0x10
[ 1234.847290][T30912]  ? do_futex+0x122/0x350
[ 1234.847354][T30912]  ? __pfx_do_futex+0x10/0x10
[ 1234.847417][T30912]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1234.847474][T30912]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1234.847560][T30912]  exit_to_user_mode_loop+0x84/0x110
[ 1234.847602][T30912]  do_syscall_64+0x3f6/0x4c0
[ 1234.847662][T30912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1234.847699][T30912] RIP: 0033:0x7fd48f78ebe9
[ 1234.847727][T30912] Code: Unable to access opcode bytes at 0x7fd48f78ebbf.
[ 1234.847745][T30912] RSP: 002b:00007fd4905750e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1234.847779][T30912] RAX: fffffffffffffe00 RBX: 00007fd48f9b5fa8 RCX: 00007fd48f78ebe9
[ 1234.847804][T30912] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd48f9b5fa8
[ 1234.847827][T30912] RBP: 00007fd48f9b5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1234.847851][T30912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1234.847874][T30912] R13: 00007fd48f9b6038 R14: 00007ffed9e88bb0 R15: 00007ffed9e88c98
[ 1234.847929][T30912]  </TASK>
[ 1234.847944][T30912] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1235.031151][   T30] audit: type=1800 audit(1772120203.898:30): pid=30984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1747" name="bus" dev="loop4" ino=18 res=0 errno=0
[ 1236.081943][T31019] syz_tun: entered allmulticast mode
[ 1236.124639][T31011] syz_tun: left allmulticast mode
[ 1236.284617][T14395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1237.207301][T21537] usb 8-1: new high-speed USB device number 38 using dummy_hcd
[ 1237.622982][T21537] usb 8-1: Using ep0 maxpacket: 32
[ 1237.643458][T21537] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1237.662130][T21537] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1237.683322][T31050] loop8: detected capacity change from 0 to 256
[ 1237.687432][T21537] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1237.698504][T31050] exfat: Deprecated parameter 'namecase'
[ 1237.698583][T31050] exfat: Deprecated parameter 'utf8'
[ 1237.722783][T21537] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1237.754799][T21537] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1237.779090][T21537] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1237.809251][T31050] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[ 1237.828711][T21537] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1237.848819][T21537] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1237.900928][T21537] usb 8-1: config 0 descriptor??
[ 1238.137446][T31062] syz_tun: entered allmulticast mode
[ 1238.147481][T31060] syz_tun: left allmulticast mode
[ 1238.390487][T21537] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 38 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1239.058049][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.064412][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.301822][T21537] usb 8-1: USB disconnect, device number 38
[ 1239.338757][T21537] usblp0: removed
[ 1240.745330][T21537] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1241.468227][T31110] loop7: detected capacity change from 0 to 22
[ 1241.516669][T31110] MTD: Attempt to mount non-MTD device "/dev/loop7"
[ 1241.582539][T31110] romfs: Mounting image 'rom 637cf1fa' through the block layer
[ 1241.630822][T21537] usb 4-1: Using ep0 maxpacket: 8
[ 1241.923107][T21537] usb 4-1: config 0 has no interfaces?
[ 1241.928695][T21537] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1241.953458][T21537] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1242.190558][T21537] usb 4-1: config 0 descriptor??
[ 1242.566528][T13895] usb 9-1: new high-speed USB device number 33 using dummy_hcd
[ 1243.262555][T23164] usb 4-1: USB disconnect, device number 32
[ 1243.272109][T13895] usb 9-1: Using ep0 maxpacket: 8
[ 1243.302982][T13895] usb 9-1: config index 0 descriptor too short (expected 16291, got 18)
[ 1243.316910][T13895] usb 9-1: config 93 has too many interfaces: 47, using maximum allowed: 32
[ 1243.352338][T13895] usb 9-1: config 93 has an invalid descriptor of length 42, skipping remainder of the config
[ 1243.408435][T13895] usb 9-1: config 93 has 0 interfaces, different from the descriptor's value: 47
[ 1243.425565][T13895] usb 9-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=a7.70
[ 1243.434863][T13895] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1243.443527][T13895] usb 9-1: Product: syz
[ 1243.453549][T13895] usb 9-1: Manufacturer: syz
[ 1243.463106][T13895] usb 9-1: SerialNumber: syz
[ 1243.859181][T31137] loop6: detected capacity change from 0 to 40427
[ 1244.019040][T31137] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[ 1244.026263][T31137] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1244.044187][T31137] F2FS-fs (loop6): invalid crc value
[ 1244.876370][T31137] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1244.890932][T31137] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1244.898358][T31137] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1244.981853][T13895] usb 9-1: USB disconnect, device number 33
[ 1245.145227][   T48] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1245.294927][   T48] usb 2-1: Using ep0 maxpacket: 32
[ 1245.313116][   T48] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[ 1245.341729][   T48] usb 2-1: config 0 has no interface number 0
[ 1245.347954][   T48] usb 2-1: config 0 interface 89 has no altsetting 0
[ 1245.410441][   T48] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 1245.462120][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1245.504527][   T48] usb 2-1: Product: syz
[ 1245.528967][   T48] usb 2-1: Manufacturer: syz
[ 1245.533590][   T48] usb 2-1: SerialNumber: syz
[ 1245.589750][   T48] usb 2-1: config 0 descriptor??
[ 1245.615836][   T48] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 1245.639281][   T48] em28xx 2-1:0.89: Video interface 89 found: bulk
[ 1245.834218][T31137] syz.6.1771: attempt to access beyond end of device
[ 1245.834218][T31137] loop6: rw=2049, sector=53248, nr_sectors = 2048 limit=40427
[ 1246.273975][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.273975][T31137] loop6: rw=2049, sector=55296, nr_sectors = 2048 limit=40427
[ 1246.633672][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.633672][T31137] loop6: rw=2049, sector=49152, nr_sectors = 3336 limit=40427
[ 1246.656031][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.656031][T31137] loop6: rw=2049, sector=52488, nr_sectors = 760 limit=40427
[ 1246.703692][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.703692][T31137] loop6: rw=2049, sector=57344, nr_sectors = 4088 limit=40427
[ 1246.750611][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.750611][T31137] loop6: rw=2049, sector=61432, nr_sectors = 4104 limit=40427
[ 1246.799647][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.799647][T31137] loop6: rw=2049, sector=65536, nr_sectors = 4096 limit=40427
[ 1246.802762][   T48] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[ 1246.853027][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.853027][T31137] loop6: rw=2049, sector=69632, nr_sectors = 4112 limit=40427
[ 1246.902896][   T48] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 1246.914129][   T48] em28xx 2-1:0.89: board has no eeprom
[ 1246.915664][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.915664][T31137] loop6: rw=2049, sector=73744, nr_sectors = 4080 limit=40427
[ 1246.971144][T31137] syz.6.1771: attempt to access beyond end of device
[ 1246.971144][T31137] loop6: rw=2049, sector=81920, nr_sectors = 3928 limit=40427
[ 1246.977464][   T48] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[ 1247.009141][   T48] em28xx 2-1:0.89: analog set to bulk mode.
[ 1247.016842][T13895] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[ 1247.072951][ T6040] em28xx 2-1:0.89: Registering V4L2 extension
[ 1247.090672][T10508] CPU: 0 UID: 0 PID: 10508 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[ 1247.090719][T10508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1247.090742][T10508] Call Trace:
[ 1247.090754][T10508]  <TASK>
[ 1247.090769][T10508]  dump_stack_lvl+0x16c/0x1f0
[ 1247.090826][T10508]  f2fs_handle_critical_error+0x624/0x9f0
[ 1247.090878][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.090923][T10508]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1247.090976][T10508]  f2fs_write_end_io+0x958/0xcf0
[ 1247.091033][T10508]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1247.091093][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.091149][T10508]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1247.091199][T10508]  bio_endio+0x6bf/0x800
[ 1247.091260][T10508]  submit_bio_noacct+0x306/0x1ed0
[ 1247.091318][T10508]  __submit_merged_bio+0x33c/0x770
[ 1247.091377][T10508]  __submit_merged_write_cond+0x319/0x3f0
[ 1247.091444][T10508]  f2fs_write_cache_pages+0x2067/0x2570
[ 1247.091542][T10508]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1247.091609][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.091654][T10508]  ? __lock_acquire+0x62e/0x1ce0
[ 1247.091776][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.091821][T10508]  ? css_rstat_updated+0x1c2/0x510
[ 1247.091920][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.091965][T10508]  ? mod_memcg_lruvec_state+0x389/0x5f0
[ 1247.092016][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.092062][T10508]  ? __mod_zone_page_state+0xcc/0x1a0
[ 1247.092113][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.092168][T10508]  f2fs_write_data_pages+0x4ad/0xd90
[ 1247.092238][T10508]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1247.092317][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.092362][T10508]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1247.092426][T10508]  do_writepages+0x27a/0x600
[ 1247.092482][T10508]  ? __pfx_do_writepages+0x10/0x10
[ 1247.092536][T10508]  ? do_raw_spin_unlock+0x172/0x230
[ 1247.092579][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.092623][T10508]  ? _raw_spin_unlock+0x28/0x50
[ 1247.092675][T10508]  filemap_fdatawrite_wbc+0x104/0x160
[ 1247.092730][T10508]  __filemap_fdatawrite_range+0xb9/0x100
[ 1247.092793][T10508]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[ 1247.092922][T10508]  ? find_held_lock+0x2b/0x80
[ 1247.092970][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.093016][T10508]  ? do_raw_spin_unlock+0x172/0x230
[ 1247.093057][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.093109][T10508]  f2fs_sync_dirty_inodes+0x2a9/0x990
[ 1247.093196][T10508]  block_operations+0x2b0/0xfe0
[ 1247.093263][T10508]  ? __pfx___schedule+0x10/0x10
[ 1247.093313][T10508]  ? __pfx_block_operations+0x10/0x10
[ 1247.093442][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.093486][T10508]  ? down_write+0x14d/0x200
[ 1247.093546][T10508]  ? __pfx_down_write+0x10/0x10
[ 1247.093605][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.093649][T10508]  ? rcu_is_watching+0x12/0xc0
[ 1247.093704][T10508]  f2fs_write_checkpoint+0x2b8/0x4c60
[ 1247.093749][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.093793][T10508]  ? kfree+0x2b4/0x4d0
[ 1247.093836][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.093886][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.093929][T10508]  ? rcu_is_watching+0x12/0xc0
[ 1247.093974][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.094018][T10508]  ? kthread_stop+0x273/0x630
[ 1247.094060][T10508]  kill_f2fs_super+0x3c2/0x470
[ 1247.094097][T10508]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1247.094132][T10508]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1247.094204][T10508]  deactivate_locked_super+0xc1/0x1a0
[ 1247.094262][T10508]  deactivate_super+0xde/0x100
[ 1247.094321][T10508]  cleanup_mnt+0x225/0x450
[ 1247.094384][T10508]  task_work_run+0x150/0x240
[ 1247.094428][T10508]  ? __pfx_task_work_run+0x10/0x10
[ 1247.094466][T10508]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1247.094522][T10508]  ? __pfx___x64_sys_umount+0x10/0x10
[ 1247.094571][T10508]  exit_to_user_mode_loop+0xeb/0x110
[ 1247.094614][T10508]  do_syscall_64+0x3f6/0x4c0
[ 1247.094672][T10508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1247.094709][T10508] RIP: 0033:0x7f400218ff17
[ 1247.094738][T10508] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1247.094774][T10508] RSP: 002b:00007fffec3796b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1247.094809][T10508] RAX: 0000000000000000 RBX: 00007f4002211c05 RCX: 00007f400218ff17
[ 1247.094834][T10508] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffec379770
[ 1247.094857][T10508] RBP: 00007fffec379770 R08: 0000000000000000 R09: 0000000000000000
[ 1247.094881][T10508] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffec37a800
[ 1247.094905][T10508] R13: 00007f4002211c05 R14: 000000000013274f R15: 00007fffec37a840
[ 1247.094959][T10508]  </TASK>
[ 1247.094973][T10508] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1247.096331][T23164] usb 8-1: new full-speed USB device number 39 using dummy_hcd
[ 1247.338922][T31195] loop3: detected capacity change from 0 to 1024
[ 1247.442989][T13895] usb 5-1: config 0 has no interfaces?
[ 1247.443038][T13895] usb 5-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00
[ 1247.443081][T13895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1247.446428][T13895] usb 5-1: config 0 descriptor??
[ 1247.681901][T23164] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1247.691827][T23164] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1247.700231][T23164] usb 8-1: Product: syz
[ 1247.704652][T23164] usb 8-1: Manufacturer: syz
[ 1247.709941][T23164] usb 8-1: SerialNumber: syz
[ 1247.722420][T23164] usb 8-1: config 0 descriptor??
[ 1247.817369][T31195] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1247.935132][T19212] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1247.943459][T23164] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1248.035422][T13062] usb 5-1: USB disconnect, device number 31
[ 1248.408003][T13895] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1248.578354][T13895] usb 4-1: Using ep0 maxpacket: 16
[ 1248.590034][T13895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1248.663126][T13062] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1248.667038][ T6040] em28xx 2-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[ 1248.725533][ T6040] em28xx 2-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[ 1248.747241][ T6040] em28xx 2-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[ 1248.763320][ T6040] em28xx 2-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[ 1248.773656][ T6040] em28xx 2-1:0.89: Config register raw data: 0xfffffffb
[ 1248.789819][T13895] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1248.801182][ T6040] em28xx 2-1:0.89: AC97 chip type couldn't be determined
[ 1248.811489][T13895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1248.822489][ T6040] em28xx 2-1:0.89: No AC97 audio processor
[ 1248.826436][T13062] usb 7-1: Using ep0 maxpacket: 8
[ 1248.828801][T13895] usb 4-1: Product: syz
[ 1248.839675][T13062] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1248.841164][T13895] usb 4-1: Manufacturer: syz
[ 1248.855624][T13062] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1248.855674][T13062] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1248.855720][T13062] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1248.855786][T13062] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1248.872235][T13895] usb 4-1: SerialNumber: syz
[ 1248.886778][T13062] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1249.180624][T13895] usb 4-1: config 0 descriptor??
[ 1249.207989][T13895] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1249.224288][T13895] em28xx 4-1:0.0: DVB interface 0 found: bulk
[ 1249.447242][ T6040] usb 2-1: Decoder not found
[ 1250.064015][T13062] usb 7-1: GET_CAPABILITIES returned 0
[ 1250.069571][T13062] usbtmc 7-1:16.0: can't read capabilities
[ 1250.341054][T21537] usb 7-1: USB disconnect, device number 29
[ 1250.348595][ T6040] em28xx 2-1:0.89: failed to create media graph
[ 1250.371564][ T6040] em28xx 2-1:0.89: V4L2 device video103 deregistered
[ 1250.404656][ T6040] em28xx 2-1:0.89: Registering snapshot button...
[ 1250.404914][T31259] ==================================================================
[ 1250.414320][T13203] usb 2-1: USB disconnect, device number 27
[ 1250.419138][T31259] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 1250.429187][T13203] em28xx 2-1:0.89: Disconnecting em28xx
[ 1250.432485][T31259] Read of size 8 at addr ffff88806d6cc740 by task v4l_id/31259
[ 1250.432517][T31259] 
[ 1250.443692][ T6040] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input38
[ 1250.445549][T31259] CPU: 0 UID: 0 PID: 31259 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 1250.445593][T31259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1250.445616][T31259] Call Trace:
[ 1250.445628][T31259]  <TASK>
[ 1250.445643][T31259]  dump_stack_lvl+0x116/0x1f0
[ 1250.445694][T31259]  print_report+0xcd/0x630
[ 1250.445726][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.445771][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.445814][T31259]  ? __phys_addr+0xe8/0x180
[ 1250.445864][T31259]  ? v4l2_fh_init+0x27d/0x2c0
[ 1250.445912][T31259]  kasan_report+0xe0/0x110
[ 1250.445947][T31259]  ? v4l2_fh_init+0x27d/0x2c0
[ 1250.446002][T31259]  v4l2_fh_init+0x27d/0x2c0
[ 1250.446051][T31259]  v4l2_fh_open+0x83/0xc0
[ 1250.446100][T31259]  em28xx_v4l2_open+0x24e/0x7e0
[ 1250.446156][T31259]  v4l2_open+0x225/0x490
[ 1250.446200][T31259]  ? __pfx_v4l2_open+0x10/0x10
[ 1250.446243][T31259]  chrdev_open+0x234/0x6a0
[ 1250.446281][T31259]  ? __pfx_chrdev_open+0x10/0x10
[ 1250.446319][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.446362][T31259]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1250.446428][T31259]  do_dentry_open+0x982/0x1530
[ 1250.446489][T31259]  ? __pfx_chrdev_open+0x10/0x10
[ 1250.446527][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.446574][T31259]  vfs_open+0x82/0x3f0
[ 1250.446612][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.446659][T31259]  path_openat+0x1de4/0x2cb0
[ 1250.446701][T31259]  ? __pfx_path_openat+0x10/0x10
[ 1250.446734][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.446784][T31259]  do_filp_open+0x20b/0x470
[ 1250.446817][T31259]  ? __pfx_do_filp_open+0x10/0x10
[ 1250.446868][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.446912][T31259]  ? alloc_fd+0x471/0x7d0
[ 1250.446975][T31259]  do_sys_openat2+0x11b/0x1d0
[ 1250.447017][T31259]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1250.447059][T31259]  ? find_held_lock+0x2b/0x80
[ 1250.447105][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.447155][T31259]  __x64_sys_openat+0x174/0x210
[ 1250.447200][T31259]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1250.447247][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1250.447290][T31259]  ? do_user_addr_fault+0x843/0x1370
[ 1250.447333][T31259]  do_syscall_64+0xcd/0x4c0
[ 1250.447386][T31259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1250.447423][T31259] RIP: 0033:0x7f92bfea7407
[ 1250.447452][T31259] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1250.447498][T31259] RSP: 002b:00007fffc20aa010 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1250.447532][T31259] RAX: ffffffffffffffda RBX: 00007f92c0690880 RCX: 00007f92bfea7407
[ 1250.447558][T31259] RDX: 0000000000000000 RSI: 00007fffc20abf1b RDI: ffffffffffffff9c
[ 1250.447583][T31259] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1250.447606][T31259] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1250.447629][T31259] R13: 00007fffc20aa260 R14: 00007f92c07f7000 R15: 00005635a96ca4d8
[ 1250.447667][T31259]  </TASK>
[ 1250.447680][T31259] 
[ 1250.460488][T13895] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1250.467324][T31259] Allocated by task 6040:
[ 1250.467344][T31259]  kasan_save_stack+0x33/0x60
[ 1250.598807][ T6040] em28xx 2-1:0.89: Remote control support is not available for this card.
[ 1250.600100][T31259]  kasan_save_track+0x14/0x30
[ 1250.600159][T31259]  __kasan_kmalloc+0xaa/0xb0
[ 1250.600210][T31259]  em28xx_v4l2_init+0x114/0x4080
[ 1250.600261][T31259]  em28xx_init_extension+0x13a/0x200
[ 1250.600298][T31259]  request_module_async+0x61/0x70
[ 1250.600337][T31259]  process_one_work+0x9cf/0x1b70
[ 1250.600376][T31259]  worker_thread+0x6c8/0xf10
[ 1250.600413][T31259]  kthread+0x3c5/0x780
[ 1250.600445][T31259]  ret_from_fork+0x5d7/0x6f0
[ 1250.600484][T31259]  ret_from_fork_asm+0x1a/0x30
[ 1250.637943][T13203] em28xx 2-1:0.89: Closing input extension
[ 1250.639930][T31259] 
[ 1250.639940][T31259] Freed by task 6040:
[ 1250.639960][T31259]  kasan_save_stack+0x33/0x60
[ 1250.694564][T13203] em28xx 2-1:0.89: Deregistering snapshot button
[ 1250.701343][T31259]  kasan_save_track+0x14/0x30
[ 1250.701401][T31259]  kasan_save_free_info+0x3b/0x60
[ 1250.701444][T31259]  __kasan_slab_free+0x60/0x70
[ 1250.701503][T31259]  kfree+0x2b4/0x4d0
[ 1250.701546][T31259]  em28xx_v4l2_init+0x22b5/0x4080
[ 1250.701598][T31259]  em28xx_init_extension+0x13a/0x200
[ 1250.701634][T31259]  request_module_async+0x61/0x70
[ 1250.701673][T31259]  process_one_work+0x9cf/0x1b70
[ 1250.701711][T31259]  worker_thread+0x6c8/0xf10
[ 1250.701749][T31259]  kthread+0x3c5/0x780
[ 1250.701781][T31259]  ret_from_fork+0x5d7/0x6f0
[ 1250.701814][T31259]  ret_from_fork_asm+0x1a/0x30
[ 1250.701858][T31259] 
[ 1250.701868][T31259] The buggy address belongs to the object at ffff88806d6cc000
[ 1250.701868][T31259]  which belongs to the cache kmalloc-8k of size 8192
[ 1250.701899][T31259] The buggy address is located 1856 bytes inside of
[ 1250.701899][T31259]  freed 8192-byte region [ffff88806d6cc000, ffff88806d6ce000)
[ 1250.701938][T31259] 
[ 1250.701947][T31259] The buggy address belongs to the physical page:
[ 1250.701963][T31259] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6d6c8
[ 1250.701996][T31259] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1250.702027][T31259] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1250.702059][T31259] page_type: f5(slab)
[ 1250.702091][T31259] raw: 00fff00000000040 ffff88801b842280 0000000000000000 dead000000000001
[ 1250.702126][T31259] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1250.702179][T31259] head: 00fff00000000040 ffff88801b842280 0000000000000000 dead000000000001
[ 1250.702214][T31259] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1250.702250][T31259] head: 00fff00000000003 ffffea0001b5b201 00000000ffffffff 00000000ffffffff
[ 1250.702284][T31259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1250.702307][T31259] page dumped because: kasan: bad access detected
[ 1250.702325][T31259] page_owner tracks the page as allocated
[ 1250.702338][T31259] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 9097, tgid 9097 (syz-executor), ts 350041763229, free_ts 350020595760
[ 1250.702403][T31259]  post_alloc_hook+0x1c0/0x230
[ 1250.702454][T31259]  get_page_from_freelist+0x132b/0x38e0
[ 1250.702513][T31259]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1250.702568][T31259]  alloc_pages_mpol+0x1fb/0x550
[ 1250.702601][T31259]  new_slab+0x247/0x330
[ 1250.702643][T31259]  ___slab_alloc+0xcf2/0x1740
[ 1250.702687][T31259]  __slab_alloc.constprop.0+0x56/0xb0
[ 1250.702735][T31259]  __kvmalloc_node_noprof+0x3b1/0x620
[ 1250.702785][T31259]  pfifo_fast_init+0x125/0x3b0
[ 1250.702825][T31259]  qdisc_create_dflt+0x125/0x490
[ 1250.702869][T31259]  dev_activate+0x63f/0x12d0
[ 1250.702912][T31259]  __dev_open+0x432/0x7c0
[ 1250.702956][T31259]  __dev_change_flags+0x55d/0x720
[ 1250.703001][T31259]  netif_change_flags+0x8d/0x160
[ 1250.703048][T31259]  do_setlink.constprop.0+0xb53/0x4380
[ 1251.132087][T31259]  rtnl_newlink+0x1446/0x2000
[ 1251.136786][T31259] page last free pid 5228 tgid 5228 stack trace:
[ 1251.143101][T31259]  __free_frozen_pages+0x7d5/0x10f0
[ 1251.148400][T31259]  __put_partials+0x165/0x1c0
[ 1251.153098][T31259]  qlist_free_all+0x4d/0x120
[ 1251.157705][T31259]  kasan_quarantine_reduce+0x195/0x1e0
[ 1251.163187][T31259]  __kasan_slab_alloc+0x69/0x90
[ 1251.168064][T31259]  __kvmalloc_node_noprof+0x230/0x620
[ 1251.173456][T31259]  seq_read_iter+0x826/0x12c0
[ 1251.178156][T31259]  kernfs_fop_read_iter+0x40f/0x5a0
[ 1251.183379][T31259]  vfs_read+0x8bf/0xcf0
[ 1251.187555][T31259]  ksys_read+0x12a/0x250
[ 1251.191814][T31259]  do_syscall_64+0xcd/0x4c0
[ 1251.196344][T31259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1251.202245][T31259] 
[ 1251.204558][T31259] Memory state around the buggy address:
[ 1251.210178][T31259]  ffff88806d6cc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1251.218242][T31259]  ffff88806d6cc680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1251.226327][T31259] >ffff88806d6cc700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1251.234380][T31259]                                            ^
[ 1251.240529][T31259]  ffff88806d6cc780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1251.248587][T31259]  ffff88806d6cc800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1251.256641][T31259] ==================================================================
[ 1251.381581][T13895] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1251.416380][T13895] em28xx 4-1:0.0: board has no eeprom
[ 1251.453834][T31280] netlink: 'syz.1.1789': attribute type 12 has an invalid length.
[ 1251.461672][T31280] netlink: 'syz.1.1789': attribute type 29 has an invalid length.
[ 1251.491643][T31280] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1789'.
[ 1251.500688][T31280] netlink: 'syz.1.1789': attribute type 1 has an invalid length.
[ 1251.532328][T31290] netlink: 'syz.1.1789': attribute type 12 has an invalid length.
[ 1251.539630][T31259] Disabling lock debugging due to kernel taint
[ 1251.546582][T31259] ==================================================================
[ 1251.554656][T31259] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0xd4/0x2c0
[ 1251.562064][T31259] Write of size 8 at addr ffff88806d6cc7a8 by task v4l_id/31259
[ 1251.565159][T31290] netlink: 'syz.1.1789': attribute type 29 has an invalid length.
[ 1251.569697][T31259] 
[ 1251.569720][T31259] CPU: 0 UID: 0 PID: 31259 Comm: v4l_id Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 1251.569772][T31259] Tainted: [B]=BAD_PAGE
[ 1251.569785][T31259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1251.569808][T31259] Call Trace:
[ 1251.569820][T31259]  <TASK>
[ 1251.569835][T31259]  dump_stack_lvl+0x116/0x1f0
[ 1251.569887][T31259]  print_report+0xcd/0x630
[ 1251.569919][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.569964][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.570006][T31259]  ? __phys_addr+0xe8/0x180
[ 1251.570057][T31259]  ? v4l2_fh_init+0xd4/0x2c0
[ 1251.570105][T31259]  kasan_report+0xe0/0x110
[ 1251.570139][T31259]  ? v4l2_fh_init+0xd4/0x2c0
[ 1251.570193][T31259]  kasan_check_range+0x100/0x1b0
[ 1251.570236][T31259]  v4l2_fh_init+0xd4/0x2c0
[ 1251.570284][T31259]  v4l2_fh_open+0x83/0xc0
[ 1251.570334][T31259]  em28xx_v4l2_open+0x24e/0x7e0
[ 1251.570390][T31259]  v4l2_open+0x225/0x490
[ 1251.570434][T31259]  ? __pfx_v4l2_open+0x10/0x10
[ 1251.570477][T31259]  chrdev_open+0x234/0x6a0
[ 1251.570521][T31259]  ? __pfx_chrdev_open+0x10/0x10
[ 1251.570559][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.570603][T31259]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1251.570669][T31259]  do_dentry_open+0x982/0x1530
[ 1251.570725][T31259]  ? __pfx_chrdev_open+0x10/0x10
[ 1251.570763][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.570810][T31259]  vfs_open+0x82/0x3f0
[ 1251.570848][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.570895][T31259]  path_openat+0x1de4/0x2cb0
[ 1251.570936][T31259]  ? __pfx_path_openat+0x10/0x10
[ 1251.570970][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.571019][T31259]  do_filp_open+0x20b/0x470
[ 1251.571052][T31259]  ? __pfx_do_filp_open+0x10/0x10
[ 1251.571102][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.571145][T31259]  ? alloc_fd+0x471/0x7d0
[ 1251.571208][T31259]  do_sys_openat2+0x11b/0x1d0
[ 1251.571251][T31259]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1251.571292][T31259]  ? find_held_lock+0x2b/0x80
[ 1251.571337][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.571387][T31259]  __x64_sys_openat+0x174/0x210
[ 1251.571431][T31259]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1251.571477][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1251.571525][T31259]  ? do_user_addr_fault+0x843/0x1370
[ 1251.571567][T31259]  do_syscall_64+0xcd/0x4c0
[ 1251.571620][T31259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1251.571657][T31259] RIP: 0033:0x7f92bfea7407
[ 1251.571684][T31259] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1251.571720][T31259] RSP: 002b:00007fffc20aa010 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1251.571755][T31259] RAX: ffffffffffffffda RBX: 00007f92c0690880 RCX: 00007f92bfea7407
[ 1251.571780][T31259] RDX: 0000000000000000 RSI: 00007fffc20abf1b RDI: ffffffffffffff9c
[ 1251.571805][T31259] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1251.571828][T31259] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1251.571851][T31259] R13: 00007fffc20aa260 R14: 00007f92c07f7000 R15: 00005635a96ca4d8
[ 1251.571887][T31259]  </TASK>
[ 1251.571900][T31259] 
[ 1251.886116][T31259] Allocated by task 6040:
[ 1251.890436][T31259]  kasan_save_stack+0x33/0x60
[ 1251.895230][T31259]  kasan_save_track+0x14/0x30
[ 1251.899924][T31259]  __kasan_kmalloc+0xaa/0xb0
[ 1251.904532][T31259]  em28xx_v4l2_init+0x114/0x4080
[ 1251.909495][T31259]  em28xx_init_extension+0x13a/0x200
[ 1251.914788][T31259]  request_module_async+0x61/0x70
[ 1251.919821][T31259]  process_one_work+0x9cf/0x1b70
[ 1251.924767][T31259]  worker_thread+0x6c8/0xf10
[ 1251.929361][T31259]  kthread+0x3c5/0x780
[ 1251.933429][T31259]  ret_from_fork+0x5d7/0x6f0
[ 1251.938021][T31259]  ret_from_fork_asm+0x1a/0x30
[ 1251.942800][T31259] 
[ 1251.945112][T31259] Freed by task 6040:
[ 1251.949080][T31259]  kasan_save_stack+0x33/0x60
[ 1251.953772][T31259]  kasan_save_track+0x14/0x30
[ 1251.958466][T31259]  kasan_save_free_info+0x3b/0x60
[ 1251.963505][T31259]  __kasan_slab_free+0x60/0x70
[ 1251.968293][T31259]  kfree+0x2b4/0x4d0
[ 1251.972197][T31259]  em28xx_v4l2_init+0x22b5/0x4080
[ 1251.977238][T31259]  em28xx_init_extension+0x13a/0x200
[ 1251.982528][T31259]  request_module_async+0x61/0x70
[ 1251.987558][T31259]  process_one_work+0x9cf/0x1b70
[ 1251.992503][T31259]  worker_thread+0x6c8/0xf10
[ 1251.997095][T31259]  kthread+0x3c5/0x780
[ 1252.001164][T31259]  ret_from_fork+0x5d7/0x6f0
[ 1252.005754][T31259]  ret_from_fork_asm+0x1a/0x30
[ 1252.010528][T31259] 
[ 1252.012846][T31259] The buggy address belongs to the object at ffff88806d6cc000
[ 1252.012846][T31259]  which belongs to the cache kmalloc-8k of size 8192
[ 1252.026898][T31259] The buggy address is located 1960 bytes inside of
[ 1252.026898][T31259]  freed 8192-byte region [ffff88806d6cc000, ffff88806d6ce000)
[ 1252.040870][T31259] 
[ 1252.043186][T31259] The buggy address belongs to the physical page:
[ 1252.049587][T31259] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6d6c8
[ 1252.058351][T31259] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1252.066844][T31259] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1252.074821][T31259] page_type: f5(slab)
[ 1252.078802][T31259] raw: 00fff00000000040 ffff88801b842280 0000000000000000 dead000000000001
[ 1252.087387][T31259] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1252.095993][T31259] head: 00fff00000000040 ffff88801b842280 0000000000000000 dead000000000001
[ 1252.104680][T31259] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1252.113366][T31259] head: 00fff00000000003 ffffea0001b5b201 00000000ffffffff 00000000ffffffff
[ 1252.122048][T31259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1252.130715][T31259] page dumped because: kasan: bad access detected
[ 1252.137118][T31259] page_owner tracks the page as allocated
[ 1252.142821][T31259] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 9097, tgid 9097 (syz-executor), ts 350041763229, free_ts 350020595760
[ 1252.162729][T31259]  post_alloc_hook+0x1c0/0x230
[ 1252.167517][T31259]  get_page_from_freelist+0x132b/0x38e0
[ 1252.173085][T31259]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1252.179094][T31259]  alloc_pages_mpol+0x1fb/0x550
[ 1252.183947][T31259]  new_slab+0x247/0x330
[ 1252.188115][T31259]  ___slab_alloc+0xcf2/0x1740
[ 1252.192803][T31259]  __slab_alloc.constprop.0+0x56/0xb0
[ 1252.198192][T31259]  __kvmalloc_node_noprof+0x3b1/0x620
[ 1252.203585][T31259]  pfifo_fast_init+0x125/0x3b0
[ 1252.208365][T31259]  qdisc_create_dflt+0x125/0x490
[ 1252.213315][T31259]  dev_activate+0x63f/0x12d0
[ 1252.217919][T31259]  __dev_open+0x432/0x7c0
[ 1252.222264][T31259]  __dev_change_flags+0x55d/0x720
[ 1252.227303][T31259]  netif_change_flags+0x8d/0x160
[ 1252.232256][T31259]  do_setlink.constprop.0+0xb53/0x4380
[ 1252.237734][T31259]  rtnl_newlink+0x1446/0x2000
[ 1252.242429][T31259] page last free pid 5228 tgid 5228 stack trace:
[ 1252.248747][T31259]  __free_frozen_pages+0x7d5/0x10f0
[ 1252.253959][T31259]  __put_partials+0x165/0x1c0
[ 1252.258650][T31259]  qlist_free_all+0x4d/0x120
[ 1252.263258][T31259]  kasan_quarantine_reduce+0x195/0x1e0
[ 1252.268738][T31259]  __kasan_slab_alloc+0x69/0x90
[ 1252.273608][T31259]  __kvmalloc_node_noprof+0x230/0x620
[ 1252.278999][T31259]  seq_read_iter+0x826/0x12c0
[ 1252.283699][T31259]  kernfs_fop_read_iter+0x40f/0x5a0
[ 1252.288921][T31259]  vfs_read+0x8bf/0xcf0
[ 1252.293098][T31259]  ksys_read+0x12a/0x250
[ 1252.297357][T31259]  do_syscall_64+0xcd/0x4c0
[ 1252.301874][T31259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1252.307769][T31259] 
[ 1252.310080][T31259] Memory state around the buggy address:
[ 1252.315964][T31259]  ffff88806d6cc680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1252.324041][T31259]  ffff88806d6cc700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1252.332116][T31259] >ffff88806d6cc780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1252.340175][T31259]                                   ^
[ 1252.345550][T31259]  ffff88806d6cc800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1252.353708][T31259]  ffff88806d6cc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1252.361764][T31259] ==================================================================
[ 1252.372931][T23164] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1252.388505][T31290] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1789'.
[ 1252.407926][T31290] netlink: 'syz.1.1789': attribute type 1 has an invalid length.
[ 1252.458129][T13895] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1252.466115][T13895] em28xx 4-1:0.0: dvb set to bulk mode.
[ 1252.474944][T23164] em28xx 4-1:0.0: Binding DVB extension
[ 1252.485632][T13895] usb 4-1: USB disconnect, device number 33
[ 1252.540398][T31259] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[ 1252.548188][T31259] CPU: 0 UID: 0 PID: 31259 Comm: v4l_id Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 1252.558801][T31259] Tainted: [B]=BAD_PAGE
[ 1252.562947][T31259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1252.573001][T31259] Call Trace:
[ 1252.576274][T31259]  <TASK>
[ 1252.579201][T31259]  dump_stack_lvl+0x3d/0x1f0
[ 1252.583815][T31259]  vpanic+0x6e8/0x7a0
[ 1252.587824][T31259]  ? __pfx_vpanic+0x10/0x10
[ 1252.592358][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.598005][T31259]  ? rcu_is_watching+0x12/0xc0
[ 1252.602786][T31259]  ? v4l2_fh_init+0xd4/0x2c0
[ 1252.607396][T31259]  panic+0xca/0xd0
[ 1252.611142][T31259]  ? __pfx_panic+0x10/0x10
[ 1252.615584][T31259]  ? v4l2_fh_init+0xd4/0x2c0
[ 1252.620199][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.625852][T31259]  ? preempt_schedule_thunk+0x16/0x30
[ 1252.631296][T31259]  end_report+0x159/0x170
[ 1252.635646][T31259]  kasan_report+0xee/0x110
[ 1252.640088][T31259]  ? v4l2_fh_init+0xd4/0x2c0
[ 1252.644704][T31259]  kasan_check_range+0x100/0x1b0
[ 1252.649665][T31259]  v4l2_fh_init+0xd4/0x2c0
[ 1252.654100][T31259]  v4l2_fh_open+0x83/0xc0
[ 1252.658449][T31259]  em28xx_v4l2_open+0x24e/0x7e0
[ 1252.663326][T31259]  v4l2_open+0x225/0x490
[ 1252.667582][T31259]  ? __pfx_v4l2_open+0x10/0x10
[ 1252.672358][T31259]  chrdev_open+0x234/0x6a0
[ 1252.676780][T31259]  ? __pfx_chrdev_open+0x10/0x10
[ 1252.681723][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.687366][T31259]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1252.693727][T31259]  do_dentry_open+0x982/0x1530
[ 1252.698516][T31259]  ? __pfx_chrdev_open+0x10/0x10
[ 1252.703461][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.709112][T31259]  vfs_open+0x82/0x3f0
[ 1252.713187][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.718836][T31259]  path_openat+0x1de4/0x2cb0
[ 1252.723437][T31259]  ? __pfx_path_openat+0x10/0x10
[ 1252.728380][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.734028][T31259]  do_filp_open+0x20b/0x470
[ 1252.738531][T31259]  ? __pfx_do_filp_open+0x10/0x10
[ 1252.743572][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.749214][T31259]  ? alloc_fd+0x471/0x7d0
[ 1252.753576][T31259]  do_sys_openat2+0x11b/0x1d0
[ 1252.758275][T31259]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1252.763485][T31259]  ? find_held_lock+0x2b/0x80
[ 1252.768178][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.773827][T31259]  __x64_sys_openat+0x174/0x210
[ 1252.778689][T31259]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1252.784073][T31259]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1252.789717][T31259]  ? do_user_addr_fault+0x843/0x1370
[ 1252.795009][T31259]  do_syscall_64+0xcd/0x4c0
[ 1252.799538][T31259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1252.805435][T31259] RIP: 0033:0x7f92bfea7407
[ 1252.809848][T31259] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1252.829462][T31259] RSP: 002b:00007fffc20aa010 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1252.837885][T31259] RAX: ffffffffffffffda RBX: 00007f92c0690880 RCX: 00007f92bfea7407
[ 1252.845855][T31259] RDX: 0000000000000000 RSI: 00007fffc20abf1b RDI: ffffffffffffff9c
[ 1252.853823][T31259] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1252.861793][T31259] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1252.869771][T31259] R13: 00007fffc20aa260 R14: 00007f92c07f7000 R15: 00005635a96ca4d8
[ 1252.877776][T31259]  </TASK>
[ 1252.881014][T31259] Kernel Offset: disabled
[ 1252.885336][T31259] Rebooting in 86400 seconds..