last executing test programs:

2m7.98740899s ago: executing program 3 (id=207):
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000700)="d91bce3d2f587ec36838f27be161c430528116d2deb7f34841bcf815607a5b39b3a47e5e396965e292ec71e2c374eb6ca78049f7215f30de5aa4d495936c452fdf26ab225cb3bddf762827b854cb9ee2886168baf3b61042ce89a104cb8779eb749bd8fdd7d763d3cc9adedc8256621050a36b0209b10976397ba00b23eddae7126022c1da2d14a1bd1d94d3db3e4f5d970fb4b50df802789117902f709ea988ec310394f57c599e298d2698d82018edfddec7d95a91d1dac6121b7cbd59e1", &(0x7f00000007c0)="0fdb612428931d41c2bed79485b53d947c30613d5e400f3e7a6cbd1b54a89b16c4a9249b04d02d074a6679cd5c46c9279c46ff11105854b3f6b29c58f772f80e5a5630f2e8d3a9eee22b183b11571f235060daad957f17e58c4c2ad3e5bc30c939d7e1f3439d1b50b67354896b4147e9c1482b81036fdbec6115481217529c1919f4e38bb40c12b36f559fa2109bb029ddd9c9184182495af429781e880c8c7cb97822b93dcf111eb7673dc59319a0dcbf6dc0ed34b5c7afc6317c"}}, &(0x7f0000bbdffc))
r1 = gettid()
rt_tgsigqueueinfo(r0, r1, 0x4, &(0x7f0000000100)={0x6, 0x6, 0x8001})
creat(0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x8088d8, &(0x7f0000000000), 0xfc, 0x575, &(0x7f0000000180)="$eJzs3e9rJGcdAPDvbHbz4y6aqH1RhdbDFu6KXnLp2TaI9E4Q3xWU6usz5PZCuE32yG7aSyiSwz9AENGCb/SVbwT/AEHuTyhCwb4XK8qhVwWLaEfmR+6SdKfZpNldm3w+8GSenXlmvt9ndzM7O/MkE8CZdSEirkfEWEQ8FxEz5fxaWWKnKFm79x6+sZyVJNL01b8lkZTzsmZJWTLny9Umi8l+U8Wks7V9e6nVam6Us+e7a3fmO1vbl1fXllaaK831q1cXXlx8afGFxSsn0s+sXy9/888//dGvvvXy777y+h9v/PXSD7J8p8vlu/04acVz0siei0fqEbExiGAjMFb2599poaLZxJDTAgCgQnaM/9mI+FJ+/D8TY/nRXLXxPfVk4NkBAAAAJyG9Nh3/SSLSI2oceQ0AAABgVGr5GNikNleOBZiOWm1urhjD+0Scq7Xane6Xb7U3128WY2Vno1G7tdpqXsnH1E5ERCPJHi88OqNQPH4+b5uVZN8Y4J/MTOXL55bbrZujOOEBAAAAZ9D5A9///zlTfP8HAAAATpnZcnpuxHkAAAAAgzM76gQAAACAgTvG9//xQeQBAAAADMS3X3klK+nu/a9vvra1ebv92uWbzc7tubXN5bnl9saduZV2e6WVTkSsHba9Vrt956uxvnl3vtvsdOc7W9s31tqb690bq/tugQ0AAAAM0We+eP+dJCJ2vjaVl9i9tj9WsYK/FYBTo9ZnuzT78e5gcwGGq+pjHjj96h+92DBfOMUaxSQZdR7A6By2A5isavHWscI5rgAAgBG4+Pn776TJh6//1x+fGwBOqX6v/wOnT8X1/3Rm2IkAQ1d5/f+QgQHAJ1/DCEA48w6//l/hrXzR9cMjpOmh2wIAAAZqOi9Jba68FjgdtffTQsxGI7m12mpeiYhPR8QfZhoT2eOFfM3EHw0AAAAAAAAAAAAAAAAAAAAAAAAAQJ/SNIn0GOrHWgsAAAAYhYjaX5LyPsAXZ56dPnh+YDx5P78V8Adpmr7+81d/dnep291YyOb/PZ8/HhHdN7P546M4fQEAAADssXuX//z7+/ONEWcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGn13sM3lnfLMOM++EZEzPaKX4/JfDoZjYg4948k6nvWSyJi7ATi79yLiCd7xU+ytGK2zOJg/FpETOVZDDz+U2ma9ox//mNHh7Ptfrb/ud7r968WF/Jp79//elGufdz41fu/2qP939jB+PVi//epPmN84e3fzO95+L3H1Ylieb33/mc3flKx/32mV7D6h2d9/7vb21W5pb+MuNjz8yfZF2u+u3ZnvrO1fXl1bWmludJcv3p14cXFlxZfWLwyf2u11Sx/9ozx46d++0FV/AcXIs6V8cd3cyo/WGaLydeTR6mM78vp2azSqNryY/99++7DzxXVva3zrT64F3Hpmd6v/5P5tOfz/4t/pbn8cyBbfrH8TEh2inpE+faNiKd//funK/t/b7KsHf31v3R413PPfeeHf+qzKQAwBJ2t7dtLrVZzY+CVN9M07a9xdlTa/5aTiJ2Di7IDuBPuxVREVCzaH2uqfFaj3y0/UZnqu1MRQ3p1jlq5dpTG6cSR3mzJzv9BB89wZTx/Q456zwQAAJy0x0f/o84EAAAAAAAAAAAAAAAAAAAAzq5h/F+xgzF3RtNVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICP9L8AAAD//6zP1vE=")
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f00000001c0), 0x1, 0x506, &(0x7f0000001000)="$eJzs3c9vI1cdAPCvnThxsmmTQg+AoF3awoJW6yTeNqp6gHJCCFVC9AjSNiTeKIodR7FTmrCH7JkrEitxgiN/wJ73xJ0LghsSWg5I/IhAGyQORjMeZ71Zm4RNYqfx5yON5r15Y3/fSzzvxc/xvABG1vWI2I+IiYj4KCJms+O5bIv321ty3pODeyuHB/dWctFqffj3XFqeHIuuxySuZc9ZjIjvfzviR7nn4zZ29zaWq9XKdpafb9a25hu7e7fWa8trlbXKZrm8tLi08O7td8rn1tbXaxNZ6kuPf7v/9Z8k1ZrJjnS34zy1m144ipMYj4jvXkSwIRjL9hNDrgcvJh8Rn4mIN9LrfzbG0lcnAHCVtVqz0ZrtzgMAV10+nQPL5UvZXMBM5POlUnsO79WYzlfrjebNu/WdzdX2XNlcFPJ316uVhWyucC4KuSS/mKaf5svH8rcj4pWI+NnkVJovrdSrq8P8wwcARti1Y+P/vybb4z8AcMUVh10BAGDApoz/ADCCjP8AMHqM/wAwetrj/9T/+7Aet/UAAD4tvP8HgNFj/AeAkfK9Dz5IttZhdv/r1Y93dzbqH99arTQ2SrWdldJKfXurtFavr6X37Kmd9HzVen1r8e3Y+WTuG1uN5nxjd+9Orb6z2byT3tf7TqWQnrU/gJYBAP288vqjP+SSEfm9qXSLrrUcCkOtGXDR8sOuADA0Y8OuADA0VvuC0XWG9/imB+CKOOm7PMVeXxBqtVqti6sScMFufN78P4yqrvl//wUMI8b8P4wu8/8wulqt3GnX/I/TnggAXG7m+IE+n/93PvL/dfbhwA9Xj5/x4CJrBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJdbZ/3fUrYW+Ezk86VSxEsRMReF3N31amUhIl6OiN9PFiaT/OKQ6wwAnFX+L7ls/a8bs2/NPFP02rWj5ERE/PgXH/78k+Vmc/t3ERO5f0x2jjcfZMfLg689AHCyzjid7rveyD85uLfS2QZZn79+KyKK7fiHBxNxeBR/PMbTfTEKETH9z1yWb8t1zV2cxf79iPhcr/bnYiadA2mvfHo8fhL7pYHGzz8TP5+WtffJz+Kz51AXGDWPkv7n/V7XXz6up/ve138x7aHOLuv/kqdaOUz7wKfxO/3fWJ/+7/ppY7z9m++0U1PPl92P+MJ4RCf2YVf/04mf6xP/rVPG/+MXX3ujX1nrlxE3onf87ljzzdrWfGN379Z6bXmtslbZLJeXFpcW3r39Tnk+naOe7z8a/O29my/3K0vaP90nfvGE9n/llO3/1X8++sGX/0f8r73ZK34+Xu0X/08P091XTxl/efphsV9ZEn+1T/tP+v3fPGX8x3/ee27ZcABgeBq7exvL1Wple4CJYgwhqMRVSCQv2UtQjZ6Jbw4q1kT0Lvrpm+1r+lhRq/VCsfr1GOcx6wZcBkcXfUT8e9iVAQAAAAAAAAAAAAAAehrEN5aG3UYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACurv8GAAD//7aqz9c=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x10)
open(0x0, 0x64842, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
pwritev2(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0xe7b, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x158)
fallocate(r6, 0x20, 0x2000, 0x6000)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r7, 0x3a9, 0x3, 0x25dfdbfe, {{}, {@val={0x8, 0x140}, @void}}}, 0x1c}}, 0x4004050)
sendmsg$NL80211_CMD_DEL_PMKSA(r2, &(0x7f0000000940)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x810a010}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x58, r7, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "59620840ea89dd79bce815a25575ad39"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x800}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x42}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x2f}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004005}, 0x4000)
r8 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
r9 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
socket$netlink(0x10, 0x3, 0x0)
ioctl$USBDEVFS_SETCONFIGURATION(r9, 0x80045505, &(0x7f0000000000)=0x1)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r10, 0x3)
setsockopt$inet6_tcp_int(r3, 0x6, 0xa, &(0x7f0000000080)=0x81, 0x4)
dup2(r10, r8)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffc3c)

2m7.925815881s ago: executing program 3 (id=208):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0)
getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffe, 0x8}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)=@newtfilter={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x6}, {0x2}, {0xfff1, 0xffe0}}}, 0x24}}, 0x0)
setrlimit(0x1, &(0x7f00000002c0)={0x1})
openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x280008a, &(0x7f000001c380)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c636f6465706167653d3837342c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c726f6469722c73686f72746e616d653d77696e6e742c646973636172642c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c636865636b3d72656c617865642c73686f72746e616d653d77696e6e742c73686f72746e616d653d6d697865642c756e695f786c6174653d302c696f636861727365743d69736f383835392d362c73686f72746e616d653d6d697865642c726f6469722c7569643d6e4ad8c4061100c0344de5741a26aab12236c332332194bd77ef64fb4717db829730779da1ecad20a6cc9fce05bebfe6069c2be726472ef871d8ee192966e4932b15af666d4b1e6276e99d45706129bb5bd87be3c0c495d72155b0f4478eb0e8043c0799390cf1371a63f7eba9c846d0a0d12e041671ac7fc36b3d9ab0da8935c15000f2aadd2023d0122b2172a54dbef3f19d0912c8ec28868e8c957de4682b9578d4a642112b0082c497e263b2f17efe44900d41a04365d3a00ef997ff6464de4a454ca7c273d7a059038c6770931336f89068425b84a8ea1d81cc84a8cc4631c746", @ANYRESHEX=0x0, @ANYRESHEX=0x0], 0x97, 0x2cd, &(0x7f0000000e00)="$eJzs3b2LHGUYAPBn9vb2Q4s9wUoEB0xhFXJpbfaQCwS3UrYwFnqYBGR3ERI48APHVJbaWNraCIKd/4SN/4FgK9gZ8GBkZmf2y3WzG9ycmt+vufdmnud9n/fd4Y4r5rl3X5yMbqdx98EnP0enk0SjH/14mMRRNKL2WSzpfxkAwH/ZwzyP3/KpXfKSiOjsrywAYI92/v3//d5LAgD27M23br1+MhicvpGmnbgx+fx8WPxlX3yd3j+5G+/HOO7EtejFRUQ+Mx3fyPM8a6aFo7gyyc6HRebknR+r+U9+jSjzj6MXR+Wl5fybg9PjdCqudOv8rKjjmWr9fpF/PXrx/Jr1bw5Or8/yZ+tnMWzFKy8v1H81evHTe/FBjON2WcQ0PxoRnx6n6Wv5V79//HZRXpGfZOfDdhk3lx884Y8GAAAAAAAAAAAAAAAAAAAAAID/satV75x2lP17iktV/52Di+Kbw0hri/19sro/UFJPtNIfKMvj67o/z7U0TfMqcJ7fjBea0bycXQMAAAAAAAAAAAAAAAAAAMC/y/0PPxqdjcd37v0jg7obQP1a/+PO01+48lKsi4m4KPsMjM7a87UajWq8OmF3ttM4qEKKWjeWUWxi65r/qNoePN7RPVfUs+7Wt99tPc839b4eGXy4RcwjB92Nz0/9dI3OkvVn2I76Sqd+SH6YxSQxbsWW9bT+7la+0+PXWnurt/OxtJ4tB9mGmC+6mwp79ZfpyVVXktVdtMpTXZt+WA0W0pdjOiufRSeW1lqZ8K8/KxLdOgAAAAAAAAAAAAAAAAAAYK/mL/3Grd7qzQcbUxt5e5+VAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCTM////zsMsip5i+BW3Lt/yVsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgKfBnAAAA//+Ea1yM")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYRES64=0x0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESOCT=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x5c, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)

2m5.645387059s ago: executing program 3 (id=222):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8003}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc))
r3 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x5e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020200008500000070000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0xe, 0x0, &(0x7f0000000a80)="b8000005000000000152912e5763", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/current\x00')
sendmsg$tipc(r10, &(0x7f0000000400)={&(0x7f0000000100)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x1}}, 0x10, &(0x7f0000000380)=[{0x0}], 0x1, &(0x7f00000003c0)="fb6574ecd8d06b4bca49f8e479ce2d041cf74cae9397a5955c2570edef099fb86e7c55677f805fdbf7ddc37b9f17be4ad9d05076e37b3600c5", 0x39, 0x4000000}, 0x4000800)
recvmmsg(r8, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r11, &(0x7f0000002140)={0x2020}, 0x2100)
mount_setattr(r3, 0x0, 0x100, &(0x7f0000000740)={0x2, 0x100000, 0x180000, {r11}}, 0x20)

2m1.756599632s ago: executing program 3 (id=240):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x200000, &(0x7f0000000180)={[{@grpquota}, {@lazytime}]}, 0x3, 0xbc0, &(0x7f0000000bc0)="$eJzs3M1rXOUaAPDnnEy+czvp5XLvbREMSFUUp2lTKnTVuhYVdOGyMZmUkOmHSQQTukjrXl2IuChI/wTBvd24ElzUhda/oIhFii5suxg585FOO5lpmkxyTPz94M153/Oemed5cpo574E5DeAfayL7kUYcioizSUSxsT+NiIFabyhirX7c/buXZ7KWRLX69m9JJBFx7+7lmeZ7JY3taGMwFBE3X0vi3x+1x11aWV2YrlTKi43x0eXzl44uray+Mn9++lz5XPnCialXT0ydnJraQk1/VqvVjfbfvvTeF8/88MbzV69/PPnm5we+S+J0jDXmWuvolYmYWP+dtCpExHSvg+Wkr1FPa51JIceEAADoKm1Zw/03itEXDxdvxfj2x1yTAwAAAHqi2hdRbTX86BAAAADYDxI3/AAAALDPNb8HcO/u5Zlmy/cbCbvrzpmIGK/X33y+uT5TiLXadij6I2Lk9yRaH2tN6i/btoks0tffl7MWO/QccjdrVyLi/xud/6RW/3jtKe72+tOImOxB/InHxnup/tM9iP909Q/2ICIARNw4U7+QtV//0vX1T2xw/StscO3airyv/8313/229d/D+vs6rP/e2mSMww9eutlprnX99+4nP89m8bPttop6CneuRBwubFR/sl5/0qH+s5uMMTpz+1qnuaz+rN5m2+36q9cjjtRWc+31NyXd/n+io3PzlfJk/ecG779ysnv81vOftSx+815gN2TnfyS2dv4vbTLG+P9+PdRp7sn1p78MJO/UegONPR9OLy8vHosYSF5v33+8ey7NY5rvkdX/4nPd//43qj/7TFhr/B6yfz1XGttsfPWxmKNHjn+19fp3Vlb/7BbP/6ebjPHlN9fe7zSXd/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7A1pRIxFkpbW+2laKkWMRsR/YiStXFxafnnu4gcXZrO5iPHoT+fmK+XJiCjWx0k2PlbrPxwff2w8FREHI+Kz4nBtXJq5WJnNu3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWjUbEWCRpKSLSiPijmKalUt5ZAQAAAD03nncCAAAAwI5z/w8AAAD7X9v9f+GR0dBu5gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC+dPDZG7eSiFg7NVxrmYHGXH+umQE7Ld3cYSM7nQew+/ryTgDITaGlX61WqzmmAuwy9/hA0mmiWN8MdXzlYIf9Y9vOCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/nxcO3biVRMTaqeFayww05vpzzQzYaWneCQC56es2mTxxB7CHFfJOAMiNe3ygvrJ/UK1rnx/q+MrBbUcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYO8Yq7UkLUVEWuunaakU8a+IGI/+ZG6+Up6MiAMR8VOxfzAbH8s7aQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHpuaWV1YbpSKS/q6Oj0sDMcuxZruPHH3OGYwc5TXTo5fzABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCLpZXVhelKpby4lHcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN6WVlYXpiuV8uIOdvKuEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/PwVAAD//2naC9Q=")
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
fsopen(0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$exfat(&(0x7f0000000700), &(0x7f0000000640)='./file0\x00', 0x810000, &(0x7f0000000100)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c696f636861727365743d69736f383835392d312c756d61736b3d30303030303030303030303030303030303030303337372c757466382c696f636861727365743d6d616363656c26e207df7469632c6572726f72733d636f6e74696e75652c6e616d6563617365"], 0x1, 0x14f7, &(0x7f0000001580)="$eJzs3AuUzlXbMPB97b3/jGnS3SSHYV/7+nOnwTZJkkNCDkmSJElOCUmTJAmJIaekIQk5TpLDEJLDNCaN8/mQc9LkkSZJQnIK+1t6nvf1PF/P+/a+39P3Wuud67fWXrOv2fe172vPNWvu//9ea+4feo6q16J+7WZEJP4l8NcvKUKIGCHEMCHEDUKIQAhRKb5S/JX1AgpS/rUnYX+uR9OvdQXsWuL+523c/7yN+5+3cf/zNu5/3sb9z9u4/3kb95+xvGz7nGI38si7g9//z8v49f9/kdzyk7/ZWP7mXv+NFO5/3sb9z9u4/3kb9z9v4/7nbdz///1q/Sdr3P+8jfvPWF52rd9/5nFtx7X+/WOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxljec81dpIcS/za91XYwxxhhjjDHGGPvz+PzXugLGGGOMMcYYY4z9/wdCCiW0CEQ+kV/EiAIiVlwn4sT1oqC4QUTEjSJe3CQKiZtFYVFEFBXFRIIoLkoII1BYQSIUJUUpERW3iNLiVpEoyoiyopxworxIEreJCuJ2UVHcISqJO0VlcZeoIqqKaqK6uFvUEPeImqKWqC3uFXVEXVFP1Bf3iQbiftFQPCAaiQdFY/GQaCIeFk3FI6KZeFQ0F4+JFuJx0VI8IVqJ1qKNaCva/T/lvyL6ildFP9FfpIgBYqB4TQwSg8UQMVQME6+L4eINMUK8KVLFSDFKvCVGi7fFGPGOGCvGifHiXTFBTBSTxGQxRUwVaeI9MU28L6aLD8QMMVPMErNFupgj5ooPxTwxXywQH4mF4mOxSCwWS8RSkSE+EZlimcgSn4rl4jORLVaIlWKVWC3WiLVinVgvNoiNYpPYLLaIrWKb2C4+FzvETrFL7BZ7xF6xT3wh9osvxQHxlcgRX/8388/+X/m9QIAACRI0aMgH+SAGYiAWYiEO4qAgFIQIRCAe4qEQFILCUBiKQlFIgAQoASUAAYGAoCSUhChEoTSUhkRIhLJQFhw4SIIkqAC3Q0WoCJWgElSGylAFqkJVqA7VoQbUgJpQE2pDbagDdaAe1IP74D64HxpCQ2gEjaAxNIYm0ASaQlNoBs2gOTSHFtACWkJLaAWtoA20gXbQDtpDe+gAHaATdILO0Bm6QBdIhmToCl2hG3SD7tAdekAP6Ak9oRf0ht7wCrwCr8Kr0B/qyAEwEAbCIBgEQ2AoDIXXYTi8AW/Am5AKI2EUvAVvwdswBs7AWBgH42E81JATYRJMBpJTIQ3SYBpMg+kwHWbATJgJsyEd5sBcmAvzYD7Mh49gIXwMH8NiWAxLIQMyIBOWQRZkwXI4C9mwAlbCKlgNa2A1rIP1sA42wibYCFtgC2yDbfA5fA47YSfsht2wF/bCF/AFfAlfQirkQA4chINwCA7BYTgMuZALR+AIHIWjcAyOwXE4DifgJJyCk3AaTsMZOAvn4BxcgAtwEV5K+K753jIbUoW8Qkst88l8MkbGyFgZK+NknCwoC8qIjMh4GS8LyUKysCwsi8qiMkEmyBKyhESJkmQoS8qSMiqjsrQsLRNloiwry0onnUySSbKCrCAryoqykrxTVpZ3ySqyquzoqsvqsobs5GrKWrK2rC3ryLqynqwv68sGsoFsKBvKRrKRbCwbyybyYdlUDoAh8Ki80pkWciS0lKOglWwt28i28m14UraXY6CD7Cg7yaflOBgLXWR7lyyfk13lJOgmX5CT4UXZQ06FnvJl2Uv2ln3kK7Kv7OD6yf5yBgyQA+VsGCQHyyFyqJwHdeWVjtWTb8pUOVKOkm/JpfC2HCPfkWPlODlevisnyIlykpwsp8ipMk2+J6fJ9+V0+YGcIWfKWXK2TJdz5Fz5oZwn58sF8iO5UH4sF8nFcolcKjPkJzJTLpNZ8lO5XH4ms+UKuVKukqvlGrlWrpPr5Qa5UW6Sm+UWuVVuk9vl53KH3Cl3yd1yj9wr98kv5H75pTwgv5I58mt5UP5FHpLfyMPyW5krv5NH5PfyqPxBHpM/yuPyJ3lCnpSn5M/ytPxFnpFn5Tl5Xl6Qv8qL8pK8LL0UCpRUSmkVqHwqv4pRBVSsuk7FqetVQXWDiqgbVby6SRVSN6vCqogqqoqpBFVclVBGobKKVKhKqlIqqm5RpdWtKlGVUWVVOeVUeZWkblMV1O2qorpDVVJ3qsrqLlVFVVXVVHV1t6qh7lE1VS1VW92r6qi6qp6qr+5TDdT9qqF6QDVSD6rG6iHVRD2smqpHVDP1qGquHlMt1OOqpXpCtVKtVRvVVrVTT6r26inVQXVUndTTqrN6RnVRz6pk9Zzqqp5X3dQLqrt6UfVQL6me6mXVS/VWfdQldVl51U/1VylqgBqoXlOD1GA1RA1Vw9Trarh6Q41Qb6pUNVKNUm+p0eptNUa9o8aqcWq8eldNUBPVJDVZTVFTVZp6T01T76vp6gM1Q81Us9Rsla7mqCF/22nBfyH//X+SP+K3Z9+mtqvP1Q61U+1Su9UetVftU/vUfrVfHVAHVI7KUQfVQXVIHVKH1WGVq3LVEXVEHVVH1TF1TB1Xx9UJdVKdVz+r0+oXdUadVWfVeXVBXVAX//YzEBq01EprHeh8Or+O0QV0rL5Ox+nrdUF9g47oG3W8vkkX0jfrwrqILqqL6QRdXJfQRqO2mnSoS+pSOqpv0aX1rTpRl9FldTntdHmdpG/7l/P/qL52up1ur9vrDrqD7qQ76c66s+6iu+hknay76q66m+6mu+vuuofuoXvqnrqX7qX76D66r+6r++l+OkWn6IH6NT1ID9ZD9FA9TL+uh+vheoQeoVN1qh6lR+nRerQeo8fosXqsHq/H6wl6gp6kJ+kpeopO02l6mp6mp+vpeoaeoWfpWTpdp+u5eq6ep+fpBXqBXqgX6kV6kV6il+gMnaEzdabO0ll6uV6us/UKvUKv0qv0Gr1Gr9Pr9Aa9QW/Sm/QWvUVn6+16u96hd+hdepfeo/fofXqf3q/36wP6gM7ROfqgPqgP6UP6sD6sc3WuPqKP6KP6qD6mj+nj+rg+oU/oU/qUPq1P6zP6jD6nz+kL+oK+qC/qy/rylcu+QAYy0IEO8gX5gpggJogNYoO4IC4oGBQMIkEkiA/ig0LBzUHhoEhQNCgWJATFgxKBCTCwAQVhUDIoFUSDW4LSwa1BYlAmKBuUC1xQPkgKbgsqBLcHFYM7gkrBnUHl4K6gSlA1qBZUD+4OagT3BDWDWkHt4N6gTlA3qBfUD+4LGgT3Bw2DB4JGwYNB4+ChoEnwcNA0eCRoFjwaNA8eC1oEjwctgyeCVkHroE3QNmj3p+7v/ZkiT7l+pr9JMQPMQPOaGWQGmyFmqBlmXjfDzRtmhHnTpJqRZpR5y4w2b5sx5h0z1owz4827ZoKZaCaZyWaKmWrSzHtmmnnfTDcfmBlmppllZpt0M8fMNR+aeWa+WWA+MgvNx2aRWWyWmKUmw3xiMs0yk2U+NcvNZybbrDArzSqz2qwxa806s95sMBvNJrPZbDFbzTaz3XxudpidZpfZbfaYvWaf+cLsN1+aA+Yrk2O+NgfNX8wh8405bL41ueY7c8R8b46aH8wx86M5bn4yJ8xJc8r8bE6bX8wZc9acM+fNBfOruWgumcvGX7m4v/Lyjho15sN8GIMxGIuxGIdxWBALYgQjGI/xWAgLYWEsjEWxKCZgApbAEngFIWFJLIlRjGJpLI2JmIhlsSw6dJiESVgBK2BFrIiVsBJWxspYBatgNayGd+PdeA/eg7WwFt6L92JdrIv1sT42wAbYEBtiI2yEjbExNsEm2BSbYjNshs2xObbAFtgSW2IrbIVtsA22w3bYHttjB+yAnbATdsbO2AW7YDImY1fsit2wG3bH7tgDe2BP7Im9sBf2wT7YF/tiP+yHKZiCA3EgDsJBOASH4DAchsNxOI7AEZiKqTgKR+FoHI1jcAyOxXE4Ht/FCTgRJ+FknIJTMQ3TcBpOw+k4HWfgDJyFszAd03EuzsV5OA8X4AJciAtxES7CJbgEMzADMzETszALl+NyzMZsXIkrcTWuxrW4FtfjetyIG3EzbsatuBW343bcgTtwF+7CPbgH9+E+3I/78QAewBzMwYN4EA/hITyMhzEXc/EIHsGjeBSP4TE8jsfxBJ7AU3gKT+NpPINn8Byewwv4K17ES3gZPcZYKWLtdTbOXm8L2htsjC1g/z4uaovZBFvclrDGFrZF/iFGa22iLWPL2nLW2fI2yd72u7iKrWqr2er2blvD3mNr/i5uYO+3De0DtpF90Na39/1D3Ng+ZJvYx21T+4RtZlvb5ratbWEfty3tE7aVbW3b2La2s33GdrHP2mT7nO1qn/9dnGmX2fV2g91oN9n99kt7zp63R+0P9oL91faz/e0w+7odbt+wI+ybNtWO/F083r5rJ9iJdpKdbKfYqb+LZ9nZNt3OsXPth3aenf+7OMN+YhfaLLvILrZL7NLf4is1ZdlP7XL7mc22K+xKu8qutmvsWrvu32tdZbfYrXab3We/sDvsTrvL7rZ77N7f4ivnOGC/sjn2a3vEfm8P2W/sYXvM5trvfouvnO+Y/dEetz/ZE/akPWV/tqftL/aMPfvb+a+c/Wd7yV623goCkqRIU0D5KD/FUAGKpesojq6ngnQDRehGiqebqBDdTIWpCBWlYpRAxakEGUKyRBRSSSpFUbqFStOtlEhlqCyVI0flKYluowp0O1WkO6gS3UmV6S6qQlWpGlWnu6kG3UM1qRbVpnupDtWlelSf7qMGdD81pAeoET1IjekhakIPU1N6hJrRo9ScHqMW9Di1pCeoFbWmNtSW2tGT1J6eog7UkTrR09SZnqEu9Cwl03PUlZ6nbvQCdacXqQe9RD3pZepFvakPvUJ96VXqR/0phQbQQHqNBtFgGkJDaRi9TsPpDRpBb1IqjaRR9BaNprdpDL1DY2kcjad3aQJNpEk0mabQVEqj92gavU/T6QOaQTNpFs2mdJpDc+lDmkfzaQF9RAvpY1pEi2kJLaUM+oQyaRll0ae0nD6jbFpBK2kVraY1tJbW0XraQBtpE22mLbSVttF2+px20E7aRbtpD+2lffQF7acv6QB9RTn0NR2kv9Ah+oYO07eUS9/REfqejtIPdIx+pOP0E52gk3SKfqbT9AudobN0js7TBfqVLtIlukyeRAihDFWowyDMF+YPY8ICYWx4XRgXXh8WDG8II+GNYXx4U1govDksHBYJi4bFwoSweFgiNCGGNqQwDEuGpcJoeEtYOrw1TAzLhGXDcqELy4dJ4W1hhfD2sGJ4R1gpvDOsHN4VVgmrho8/WD28O6wR3hPWDGuFtcN7wzph3bBeWD+8L2wQ3h82DB8IG4UPhhXDh8Im4cNh0/CRsFn4aNg8fCxsET4etgyfCFuFrcM2YduwXfhk2D58KuwQdgw7hU+HncNnwi7hs2Fy+FzYNXz+D9dTwgHhwPC18LXQ+wfUkujSaEb0k2hmdFk0K/ppdHn0s2h2dEV0ZXRVdHV0TXRtdF10fXRDdGN0U3RzdEt0a3Rb1Pv6+YUDJ51y2gUun8vvYlwBF+uuc3HuelfQ3eAi7kYX725yhdzNrrAr4oq6Yi7BFXclnHHorCMXupKulIu6W1xpd6tLdGVcWVfOOVfeJbm2rp1r59q7p1wH19F1ck+7p90z7hn3rHvWPee6uuddN/eC6+5edD3cS+4l97Lr5Xq7Pu4V19e96vq5/i7FpbiBbqAb5Aa5IW6IG+aGueFuuBvhRrhUl+pGuVFutBvtxrgxbqwb68a78W6Cm+AmuUluipvi0lyam+amueluupvhZrhZbpZLd+lurpvr5rl5boFb4BYmLnSL3CK3xC1xGS7DZbpMl+Wy3HK33GW7bLfSrXSr3Wq31q116916t9FtdJvdZrfVbXXb3Xa3w+1wu9wut8ftcfvcPrff7XcH3AGX43LcQXfQHXKH3GH3rct137kj7nt31P3gjrkf3XH3kzvhTrpT7md32v3izriz7pw77y64X91Fd8lddt6lRd6LTIu8H5ke+SAyIzIzMisyO5IemROZG/kwMi8yP7Ig8lFkYeTjyKLI4siSyNJIRuSTSGZkWSQr8mlkeeSzSHZkRWRlZFVkdWRNxPviO0Jf0pfyUX+LL+1v9Ym+jC/ry3nny/skf5uv4G/3Ff0dvpK/01f2d/kqvqqv5p/wrXxr38a39e38k769f8p38B19J/+07+yf8V38sz7ZP+e7+ud9N/+C7+5f9D38S76nf9n38r19H/+K7+tf9f18f5/iB/iB/jU/yA/2Q/xQP8y/7of7N/wI/6ZP9SP9KP+WH+3f9mP8O36sH+fH+3f9BD/RT/KT/RQ/1af59/w0/76f7j/wM/xMP8vP9ul+jp/rP/Tz/Hy/wH/kF/qP/SK/2C/xS32G/8Rn+mU+y3/ql/vPfLZf4Vf6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX67/9zv8Dv9Lr/b7/F7/T7/hd/vv/QH/Fc+x3/tD/q/+EP+G3/Yf+tz/Xf+iP/eH/U/+GP+R3/c/+RP+JP+lP/Zn/a/+DP+rD/nz/sL/ld/0V/yl/l/1hhjjDHG/kvS/mB9wD/5nvzbuGKgEOL6ncVy/35dCSE2F/7rfLBM6BwRQjzXv+ej/zbq1ElJSfnbY7OVCEotFkJErubnE1fjFaKTeEYki46iwj+tb7DsfYH+YP/onULE/l1OjLgaX93/9v9g/yefHp9ZOTwX/5/sv1iIxFJXcwqIq/HV/Sv+B/sXaf8H9Rf4Jk2IDn+XEyeuxlf3TxJPiedF8j88kjHGGGOMMcYY+6vBslr3P7p/vnJ/nqCv5uQXV+M/uj9njDHGGGOMMcbYtfdi7z7PPpmc3LE7T3jCE578++Ra/2VijDHGGGOM/dmuXvRf60oYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLG863/i48Su9RkZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxa+3/BAAA//8P0TzQ")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f000000040000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r4}, 0x20)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000008c0)='syzkaller\x00', 0x2, 0xff8, &(0x7f0000001e00)=""/4088}, 0x94)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc90}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sigaltstack(0x0, 0x0)
syz_clone3(&(0x7f000000dd80)={0x40000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_clone(0x20111, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2m1.214597971s ago: executing program 3 (id=244):
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYRES32=r0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10)
ustat(0x6, &(0x7f0000000180))
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYRES8=r1], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r6}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="984500000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000085000000080000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000a00)='fib_table_lookup\x00', r8}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r10}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

2m0.971644735s ago: executing program 3 (id=248):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x20200, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x971})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000005c0)={0x30, 0x0, [{0x0, 0x2, 0x1, 0x0, @adapter={0xd, 0x62e98891, 0x6, 0x4, 0x7}}]})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x40080)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
read(r4, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
r5 = syz_open_dev$rtc(&(0x7f00000000c0), 0x5b32d56b, 0x40)
ioctl$RTC_UIE_ON(r5, 0x7003)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
add_key(&(0x7f0000000140)='dns_resolver\x00', 0x0, &(0x7f00000002c0)="8df28d7fd053e7513689206f3a4da1b7074a617dcc11096a73e72036575d602bd4b42142d2db302d3d822f54213d385935660f9450de4b890347cb5e308bd525", 0x40, 0xfffffffffffffffa)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25)
pipe2(&(0x7f0000000040), 0x184000)

2m0.915957156s ago: executing program 32 (id=248):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x20200, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x971})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000005c0)={0x30, 0x0, [{0x0, 0x2, 0x1, 0x0, @adapter={0xd, 0x62e98891, 0x6, 0x4, 0x7}}]})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x40080)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
read(r4, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
r5 = syz_open_dev$rtc(&(0x7f00000000c0), 0x5b32d56b, 0x40)
ioctl$RTC_UIE_ON(r5, 0x7003)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
add_key(&(0x7f0000000140)='dns_resolver\x00', 0x0, &(0x7f00000002c0)="8df28d7fd053e7513689206f3a4da1b7074a617dcc11096a73e72036575d602bd4b42142d2db302d3d822f54213d385935660f9450de4b890347cb5e308bd525", 0x40, 0xfffffffffffffffa)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25)
pipe2(&(0x7f0000000040), 0x184000)

8.262660295s ago: executing program 4 (id=693):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x4)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x400448e1, &(0x7f0000000300))

6.576629512s ago: executing program 5 (id=698):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x18, r6, 0x301, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4008800}, 0x4000800)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000300)={'team0\x00', <r7=>0x0})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000340)={@private, @rand_addr, <r8=>0x0}, &(0x7f0000000500)=0xc)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000640)={0x80, r6, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x8004}, 0x20040001)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x80, 0x80)
r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r9, 0xaf01, 0x0)
r10 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r9, 0x4004af07, &(0x7f0000000240)=r10)
ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r9, 0x4008af03, &(0x7f0000000e40)={0x3, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}, {0xdddd0000, 0x8e, &(0x7f0000000580)=""/142}, {0xffff1000, 0x1000, &(0x7f0000004200)=""/4096}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r9, 0x4004af61, &(0x7f0000000000)=0x1)
r11 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r11, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r0], 0x5b0}, 0x20008001)

6.185525679s ago: executing program 1 (id=699):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x401, 0xf7e, 0xab, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x3, 0xd}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
socket$unix(0x1, 0x1, 0x0)
read$char_usb(r2, &(0x7f0000000000)=""/11, 0xb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = syz_open_procfs(r3, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$pagemap(r3, &(0x7f00000001c0))
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r10)

5.699472157s ago: executing program 2 (id=701):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8003}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc))
r3 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r4}, 0x10)
r5 = getpid()
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x5e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020200008500000070000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0xe, 0x0, &(0x7f0000000a80)="b8000005000000000152912e5763", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/current\x00')
recvmmsg(r8, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r10, &(0x7f0000002140)={0x2020}, 0x2100)
mount_setattr(r3, 0x0, 0x100, &(0x7f0000000740)={0x2, 0x100000, 0x180000, {r10}}, 0x20)

5.687336597s ago: executing program 5 (id=702):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = syz_io_uring_setup(0x1421, &(0x7f0000000040)={0x0, 0x82a6, 0x1000, 0x3, 0x82}, 0x0, &(0x7f0000000100))
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
write(r3, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r4, 0x0, 0x42, &(0x7f0000000040)={'ah\x00'}, 0x0)
io_uring_register$IORING_UNREGISTER_FILES(r2, 0x3, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xe)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x1c, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r9=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000180)=ANY=[@ANYBLOB="700000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r9, @ANYBLOB="08001f0005000000050011000100000008001f00080000000800"], 0x70}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r9, {0x1, 0x6}, {0x7}, {0x3}}}, 0x24}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r6}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000010471bc30b00000000100000000", @ANYRES32=0x0, @ANYBLOB="fff00000000000002c0012800e00010069703667726574617000000018000280140007002001001000000000000000000000000208000a00f0"], 0x54}}, 0x0)

5.646576797s ago: executing program 4 (id=703):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x2000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x8005, 0x0, &(0x7f0000000000)='\a\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f0000000240)={0x5f91dab8, r1, 'id1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000040), &(0x7f0000000080)=r3}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r6}, 0x10)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}})
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x1, 0x0, 0x6}}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r4}, 0x10)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={&(0x7f0000000ec0)=@name={0x1e, 0x2, 0x2, {{0x2, 0x4}}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000001c80)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c", 0xd4d}], 0x1}, 0x0)

5.551596619s ago: executing program 4 (id=704):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, 0x0, &(0x7f0000000280)={0x0, 0xa, 0x1, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x40, 0xb, 0x2, "479c"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x40, 0x1c, 0x1, 0x6}, 0x0, 0x0})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000a40), 0x4)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0xa0}, [@ldst={0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)

3.560980002s ago: executing program 5 (id=706):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'rose0\x00', 0x112})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400})

3.560184282s ago: executing program 2 (id=707):
mkdir(&(0x7f00000002c0)='./file0/file0\x00', 0x2)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, 0x0, 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0xffffffffffffffda}, 0x18)
utime(0x0, &(0x7f0000000280)={0xd3, 0x8})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[])
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r6}, 0x18)
socket$igmp(0x2, 0x3, 0x2)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, 0x0, 0x0)

3.559621751s ago: executing program 1 (id=708):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000a121a49dd2f5270393090b0756c2435cd930b18afbd683cf12eba9d6f9d904f49ca0a7cbe4dc9e1ab86c009d11678523e638137ab4276134c9fb5ad9d1f930347dc84f04ade53a9dc9494e64e947f7d1bd7e3504626f77f06519ed0d51d8eeec005608dd54858a13be92a29233be2e591211b3491f6c84ad991aba03abedb19cb37f7a16e9ec7319564200e7f7d9e0cb465e287df841c898", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=ANY=[@ANYBLOB="2c0000003e0007012dbd7000fcdbdf25047c00000400000008001100ffffff7f"], 0x2c}}, 0x0)
r1 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_UIE_ON(r1, 0x7003)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRESHEX=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x488ff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000400)={0x1, 0x1, {0x0, 0x1a, 0x11, 0xf, 0x2, 0x4f5c, 0x2, 0x5e}})

3.07442255s ago: executing program 5 (id=711):
syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
r0 = openat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x0, 0x0)
pwrite64(r0, &(0x7f0000000140), 0x0, 0xfecc)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000240)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\b\x00', 0x38, 0x3a, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x500, {0x6, 0x6, ':yE', 0x2, 0x3a, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, [], "91690662a867e819"}}}}}}}, 0x0)
recvmmsg(r1, &(0x7f0000001740)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x2000, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = gettid()
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
read$ptp(r3, 0x0, 0x0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

3.073651519s ago: executing program 0 (id=712):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x18, r6, 0x301, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4008800}, 0x4000800)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000300)={'team0\x00', <r7=>0x0})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000340)={@private, @rand_addr, <r8=>0x0}, &(0x7f0000000500)=0xc)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000640)={0x80, r6, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x8004}, 0x20040001)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x80, 0x80)
r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r9, 0xaf01, 0x0)
r10 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r9, 0x4004af07, &(0x7f0000000240)=r10)
ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r9, 0x4008af03, &(0x7f0000000e40)={0x3, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}, {0xdddd0000, 0x8e, &(0x7f0000000580)=""/142}, {0xffff1000, 0x1000, &(0x7f0000004200)=""/4096}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r9, 0x4004af61, &(0x7f0000000000)=0x1)
r11 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r11, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r0], 0x5b0}, 0x20008001)

2.969979632s ago: executing program 1 (id=713):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x4)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x400448e1, &(0x7f0000000300))

2.555252348s ago: executing program 4 (id=714):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x2000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000060000b0000000000000000085"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x8005, 0x0, &(0x7f0000000000)='\a\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f0000000240)={0x5f91dab8, r1, 'id1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000040), &(0x7f0000000080)=r3}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r6}, 0x10)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}})
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x1, 0x0, 0x6}}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r4}, 0x10)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={&(0x7f0000000ec0)=@name={0x1e, 0x2, 0x2, {{0x2, 0x4}}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000001c80)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c", 0xd4d}], 0x1}, 0x0)

2.362988901s ago: executing program 4 (id=715):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, 0x0, &(0x7f0000000280)={0x0, 0xa, 0x1, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x40, 0xb, 0x2, "479c"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x40, 0x1c, 0x1, 0x6}, 0x0, 0x0})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r1, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0xa0}, [@ldst={0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)

2.127763255s ago: executing program 0 (id=716):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x2000000000000111, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
socket$unix(0x1, 0x1, 0x0)
read$char_usb(r2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_open_procfs(r3, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x21, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

2.106627746s ago: executing program 5 (id=717):
prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@errors_remount}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x450, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLYgv2xF/MEPtYrGxh8tLagcvGg04WJiogc81lIIslBDayKESDUGj4a/QD2a+Bd40otRTxqvejcmxHARPZgxszsDS7tbd7tbtrCfTzLtezNv973vzLzdN/N2AhhYY/mfJGJ7RPwaESP17M0Fxur/rl29MPv31QuzSWTZG38mtXJ/Xb0wWxYtX7etyIynEenHSextUu/CufOnZqrVubNFfnLx9LuTC+fOP3vy9MyJuRNzZ6YPHz50cOqF56ef60mcO/K27vlgft/uI29dfm326OW3f/gqb+/2YntjHHWjXdc5FmM378sGT3T97hvLjoZ0MtTHhtCRSkTkh2u41v9HohI3Dt5IvPpRXxsHrKssy7LNK9ZWysRSBtzBkuh3C4D+KL/o8+vfcrmFw4++u/JS/QIoj/tasdS3DEValBledn3bS2MRcXTpn8/yJZrehwAA6K1v8vHPM83Gf2nc31Du7mJuaDQi7omInRFxb0Tsioj7ImplH4iIBzusf2xZfuX45+ctawqsTfn478Vibuvm8V85+ovRSpHbUYt/ODl+sjp3oNgn4zG8Oc9PrVLHt6/88mmrbY3jv3zJ6y/HgkU7/hhadoPu2MziTDcxN7ryYcSeoWbxJ9fnrvL/uyNizxreP99nJ5/6cl+r7f8f/yp6MM+UfRHxZP34L8Wy+EvJ6vOTk3dFde7AZHlWrPTjT5deb1V/V/H3QH78tzY9/6/HP5o0ztcudF7Hpd8+aXlNs9bzf1PyZi29qVj3/szi4tmpiE3J0sr10zdeW+bL8nn84/ub9/+dEf9+Xrxub0TkJ/FDEfFwRDxStP3RiHgsIvavEv/3Lz/+ztrjX195/Mc6Ov6dJyqnvvu6Vf3tHf9DtdR4saadz792G9jNvgMAAIDbRVr7DXySTlxPp+nERP03/Ltia1qdX1h8+vj8e2eO1X8rPxrDaXmna6ThfuhUcW+4zE8vyx+s3TfOsizbUstPzM5X12tOHWjPthb9P/d7pd+tA9ZdR/NorZ5oA25LnteEwaX/w+DS/2Fw6f8wuJr1/4sR1/rQFOAW8/0Pg0v/h8Gl/8Pg0v9hIHXzXP9qiZ1H1uud77REZWM0o+NEpBuiGWtLpBujGfXE5ohot/DFuFUN6/cnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG/8FwAA//8Hl+jb")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r5, 0x11, 0x67, &(0x7f0000000100)=0x1, 0x4)
sendmmsg$inet(r5, &(0x7f0000000980)=[{{&(0x7f00000002c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x240080e4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000003020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00')
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000040000000400000000000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080400000000cc815452889341aac92d681851e6b3107b8af8ff00000000bfa200000000000007020008f8ffff07b703000008000000b70400000000925e850000006b00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
getdents64(0xffffffffffffffff, &(0x7f0000002f40)=""/4098, 0x1002)

1.851768829s ago: executing program 2 (id=718):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
lseek(r0, 0x2000, 0x100000000000000)

1.851102409s ago: executing program 2 (id=719):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x2, &(0x7f0000000040)=@raw=[@map_idx={0x18, 0x9, 0x5, 0x0, 0x9}], &(0x7f0000000080)='GPL\x00', 0xe5, 0x7c, &(0x7f00000000c0)=""/124, 0x41100, 0x21, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0xa, 0x0, 0x1}, 0x10, 0x0, 0x0, 0x9, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000200)=[{0x3, 0x2, 0x0, 0xb}, {0x0, 0x3, 0x6}, {0x3, 0x3, 0x10, 0x2}, {0x1, 0x2, 0x4, 0xb}, {0x4, 0x4, 0x2, 0x5}, {0x3, 0x5, 0x8, 0xc}, {0x1, 0x3, 0x1, 0x8}, {0x7, 0x4, 0x10, 0xc}, {0x0, 0x5, 0x1, 0x9}], 0x10, 0x4}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='io_uring_cqe_overflow\x00', r0, 0x0, 0x4}, 0x18)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r3=>0x0})
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x16)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000400)={[{0x200, 0x2, 0x10, 0x85, 0x7, 0x0, 0xf7, 0x80, 0xd4, 0x4, 0xc6, 0x3, 0x8}, {0x10, 0x9, 0x9, 0x8, 0x80, 0x2, 0xa0, 0xa, 0x9, 0xa0, 0x2, 0x8, 0x56}, {0x8, 0x2, 0x1, 0x6, 0x2, 0x81, 0xff, 0xbb, 0x4, 0x4, 0xe, 0x1, 0x4}], 0xfffffff7})
pipe2(&(0x7f0000000480)={<r5=>0xffffffffffffffff}, 0x4880)
close_range(r4, r1, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000004c0)={0x5, 0x0, 0x100000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
io_uring_register$IORING_REGISTER_NAPI(r5, 0x1b, &(0x7f0000000500)={0xfffffeff, 0xa4}, 0x1)
r6 = dup(r0)
r7 = openat$incfs(r6, &(0x7f0000000540)='.pending_reads\x00', 0x2, 0x148)
ioctl$KVM_SET_TSS_ADDR(r7, 0xae47, 0x0)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000580)={0x1f, 0x2}, 0x6)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f00000005c0)={<r8=>0x0}, &(0x7f0000000600)=0xc)
syz_pidfd_open(r8, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000640)='irq_handler_entry\x00', r5, 0x0, 0x10000}, 0x18)
ioctl$TIOCL_GETKMSGREDIRECT(r5, 0x541c, &(0x7f00000006c0))
timer_create(0x3, &(0x7f00000007c0)={0x0, 0x4, 0x0, @thr={&(0x7f0000000700)="fa2d809e3039dac7d21150c16c82e730cee06d9d644b5886e93d42469248e81fa6104815ce571ec4a6fefac6c0363e84adbf74eeb795fcd3fe7c49c82fc350863c9b4f596c430513dec9e845bfdb19be544e8dcfb5547c328b417c5084d9f6d3d892450d88f85e1af7df6e9016", &(0x7f0000000780)="a23284c4432e747328a43e0b5fd54446aa8ad76d6bd93e91338405a50f47ca928567e26fc4d5e1e11098058c400b"}}, &(0x7f0000000800)=<r9=>0x0)
timer_settime(r9, 0x1, &(0x7f0000000840)={{0x77359400}, {0x77359400}}, &(0x7f0000000880))
prctl$PR_SCHED_CORE(0x3e, 0x3, r8, 0x3, &(0x7f00000008c0))
io_setup(0x10, &(0x7f0000000900))
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@bloom_filter={0x1e, 0x8001, 0xeac, 0x1d7, 0x800, 0x1, 0x3, '\x00', r3, r5, 0x0, 0x3, 0x4, 0xe}, 0x50)
ioctl$PPPIOCSMRU(r7, 0x40047452, &(0x7f00000009c0)=0x80000000)
r10 = openat$cgroup(r6, &(0x7f0000000a00)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r10, &(0x7f0000000a40)='blkio.bfq.io_serviced\x00', 0x0, 0x0)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000a80), 0x800, 0x0)

1.493999315s ago: executing program 2 (id=720):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x77359400}, {0x77359400}}, 0x0)
clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x77359400}, 0x0)

989.335444ms ago: executing program 0 (id=721):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'rose0\x00', 0x112})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, 0x0)
ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400})

987.950894ms ago: executing program 5 (id=722):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x800714, &(0x7f0000000280), 0xff, 0x4a1, &(0x7f0000000b00)="$eJzs3MtvVFUYAPDvTh+8aUVEQdAqGomPlhZUFi7UaOJCExNd4LK2BZGBGloTIY0WY3BpSNwblyb+Be7cGHVhTNxq4tKQEG1MKK5q7gum02mZlpYpnd8vmc45c1/nu+eemXPv6b0BtK2+9E8SsT0ifo+Injw7f4a+/G12Zmrk+szUSBJzc2/9nWTzXZuZGilnLZfbVmQOVSIqnyXxYrJwuxPnL5werlbHzhX5gckzHwxMnL/wzKkzwyfHTo6dHTp27OiRweefG3p2VeJM47q27+Px/Xtfe+fyGyPHL7/707dpsfYcyKfXxnFL1xsE1EBfutf+mcvUT3t8GWW/G+yoSSedLSwIy9IREWl1dWXtvyc64mbl9cSrn7a0cMCaSn+bNi0+eXoO2MCSaHUJgNYof+jT89/ydYe6HuvC1Zciuov07MzUyOyN+DujUnzetYbb74uI49P/fZW+YrnXIQAAViDr2zzdqP9XiT3Zez7WsbMYQ+mNiHsiYldE3BsRuyPivohs3vujOx7IF57raXL7fXX5hf2fypWGZV4laf/vhZq+32xN/MVbb0eR25HF35WcOFUdO1zsk0PRtSnNDy6xje9f+e2LxabV9v/SV7r9si9YFOBKZ90FutHhyeHV2glXL0bs62wUf3JjJCA9AvZGxL7lrXpnmTj15Df7F5vp1vEvYRXGmea+jngir//pqIu/lCw9PjmwOapjhwfKo2Khn3+99GaR7K6fdlvxr4K0/rfOP/6LKReL955/k3y8tiuq1bFzE8vfxqU/Pl/0nGalx3938nY2Zv3Le/lnHw1PTp4bjOhOXs/y5Y7OPh+6uWyZL+dP4z90sHH731Usk8b/YESkB/GBiHgoIh4uyv5IRDwaEQeXiP/Hlx97f4n4k0iipfU/2vD7L4nYnCV6k9rx+hUkOk7/8N1iI+bN1f/RmM6+a3PZ998tNFvA29+DAAAAsP5VImJ7JJX+PN23PSqV/v78f/h3x9ZKdXxi8qkT4x+eHc3vEeiNrkp5paun5nroYDJdrDHPDxXXisvpR4rrxl92bMny/SPj1dEWxw7tbtv89h9l+0/91dHq0gFrzv1a0L7q23+lReUA7rxmfv+dC8DG1KD9b2lFOYA7z/k/tK9G7f+Turz+P2xMC9v/nw0eWQdsRPr/0L60f2hf2j+0pWbv4i+fp7DihwDMS5Q3C6x8PZubvsN//SX61mTNZQ2tZeG3xM1PorJqa55eB5WyzhNpi1nJ4rGz+WdhzE80eFgNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAXej/AAAA//+q8eIl")
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x103500, 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000006880)=@v2={0x2, @adiantum, 0x4, '\x00', @a})
socket$pppl2tp(0x18, 0x1, 0x1)
read$FUSE(r3, &(0x7f0000001000)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000080)={0xaf, 0xfffffffffffffffe, r4, {0x7, 0x29, 0x456, 0xffffffff9080edc4, 0x0, 0x4, 0x358c, 0x4, 0x0, 0x0, 0x9, 0x3}}, 0x50)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000180)={0x50, 0x0, 0x1ff, {0x7, 0x2b, 0x2, 0x400000, 0xff, 0x0, 0x6, 0xa643, 0x0, 0x0, 0x8, 0x10001}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r5 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800812014000000006080003400000002b080003400000000808000240000000400800014000000000fb0001400000000708000140000044f10800034000000003080007"], 0xa8}}, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000040)={0xdddd0000, 0xa000, 0x8})
ioctl$KVM_CAP_PMU_CAPABILITY(r7, 0x4068aea3, &(0x7f0000000100)={0xd4, 0x0, 0x6})
syz_usb_connect(0x2, 0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="120100036ffa680863070120ff2c0102030109024000021109400c0904080601ff8bbd020a240107000d02010205240503"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})

934.668375ms ago: executing program 0 (id=723):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000300)=""/180}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r2}, 0x10)
setitimer(0x0, 0x0, 0x0)

879.493656ms ago: executing program 0 (id=724):
prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@errors_remount}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x450, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLYgv2xF/MEPtYrGxh8tLagcvGg04WJiogc81lIIslBDayKESDUGj4a/QD2a+Bd40otRTxqvejcmxHARPZgxszsDS7tbd7tbtrCfTzLtezNv973vzLzdN/N2AhhYY/mfJGJ7RPwaESP17M0Fxur/rl29MPv31QuzSWTZG38mtXJ/Xb0wWxYtX7etyIynEenHSextUu/CufOnZqrVubNFfnLx9LuTC+fOP3vy9MyJuRNzZ6YPHz50cOqF56ef60mcO/K27vlgft/uI29dfm326OW3f/gqb+/2YntjHHWjXdc5FmM378sGT3T97hvLjoZ0MtTHhtCRSkTkh2u41v9HohI3Dt5IvPpRXxsHrKssy7LNK9ZWysRSBtzBkuh3C4D+KL/o8+vfcrmFw4++u/JS/QIoj/tasdS3DEValBledn3bS2MRcXTpn8/yJZrehwAA6K1v8vHPM83Gf2nc31Du7mJuaDQi7omInRFxb0Tsioj7ImplH4iIBzusf2xZfuX45+ctawqsTfn478Vibuvm8V85+ovRSpHbUYt/ODl+sjp3oNgn4zG8Oc9PrVLHt6/88mmrbY3jv3zJ6y/HgkU7/hhadoPu2MziTDcxN7ryYcSeoWbxJ9fnrvL/uyNizxreP99nJ5/6cl+r7f8f/yp6MM+UfRHxZP34L8Wy+EvJ6vOTk3dFde7AZHlWrPTjT5deb1V/V/H3QH78tzY9/6/HP5o0ztcudF7Hpd8+aXlNs9bzf1PyZi29qVj3/szi4tmpiE3J0sr10zdeW+bL8nn84/ub9/+dEf9+Xrxub0TkJ/FDEfFwRDxStP3RiHgsIvavEv/3Lz/+ztrjX195/Mc6Ov6dJyqnvvu6Vf3tHf9DtdR4saadz792G9jNvgMAAIDbRVr7DXySTlxPp+nERP03/Ltia1qdX1h8+vj8e2eO1X8rPxrDaXmna6ThfuhUcW+4zE8vyx+s3TfOsizbUstPzM5X12tOHWjPthb9P/d7pd+tA9ZdR/NorZ5oA25LnteEwaX/w+DS/2Fw6f8wuJr1/4sR1/rQFOAW8/0Pg0v/h8Gl/8Pg0v9hIHXzXP9qiZ1H1uud77REZWM0o+NEpBuiGWtLpBujGfXE5ohot/DFuFUN6/cnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG/8FwAA//8Hl+jb")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r4, 0x11, 0x67, &(0x7f0000000100)=0x1, 0x4)
sendmmsg$inet(r4, &(0x7f0000000980)=[{{&(0x7f00000002c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x240080e4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00')
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000040000000400000000000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080400000000cc815452889341aac92d681851e6b3107b8af8ff00000000bfa200000000000007020008f8ffff07b703000008000000b70400000000925e850000006b00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
getdents64(0xffffffffffffffff, &(0x7f0000002f40)=""/4098, 0x1002)

766.691648ms ago: executing program 1 (id=725):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x2000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000060000b0000000000000000085"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x8005, 0x0, &(0x7f0000000000)='\a\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f0000000240)={0x5f91dab8, r1, 'id1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000040), &(0x7f0000000080)=r3}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r6}, 0x10)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}})
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x1, 0x0, 0x6}}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r4}, 0x10)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={&(0x7f0000000ec0)=@name={0x1e, 0x2, 0x2, {{0x2, 0x4}}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000001c80)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c", 0xd4d}], 0x1}, 0x0)

482.862612ms ago: executing program 1 (id=726):
syslog(0x3, &(0x7f0000000700)=""/231, 0xe7)

482.108452ms ago: executing program 2 (id=727):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x18, r6, 0x301, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4008800}, 0x4000800)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000300)={'team0\x00', <r7=>0x0})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000340)={@private, @rand_addr, <r8=>0x0}, &(0x7f0000000500)=0xc)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000640)={0x80, r6, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x8004}, 0x20040001)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x80, 0x80)
r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r9, 0xaf01, 0x0)
r10 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r9, 0x4004af07, &(0x7f0000000240)=r10)
ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r9, 0x4008af03, &(0x7f0000000e40)={0x3, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}, {0xdddd0000, 0x8e, &(0x7f0000000580)=""/142}, {0xffff1000, 0x1000, &(0x7f0000004200)=""/4096}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r9, 0x4004af61, &(0x7f0000000000)=0x1)
r11 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r11, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r0], 0x5b0}, 0x20008001)

307.197545ms ago: executing program 1 (id=728):
r0 = fsopen(&(0x7f0000000100)='fuseblk\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='source', &(0x7f00000001c0)='source', 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000540)={{0x12, 0x1, 0x0, 0x50, 0xbf, 0x29, 0x20, 0x19d2, 0xf2ac, 0x844f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0)
sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000040000000800000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000070000000900000000000000", @ANYRES32, @ANYBLOB="00000000000000ac00000f000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xd, 0x3, 0x4, 0x1, 0x0, r5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r6}, &(0x7f0000000840), &(0x7f0000000880)=r5}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e80)={r6, &(0x7f0000000d40), 0x0}, 0x20)

21.22504ms ago: executing program 4 (id=729):
mkdir(&(0x7f00000002c0)='./file0/file0\x00', 0x2)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, 0x0, 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0xffffffffffffffda}, 0x18)
utime(0x0, &(0x7f0000000280)={0xd3, 0x8})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[])
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r6}, 0x18)
socket$igmp(0x2, 0x3, 0x2)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 0 (id=730):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0x101880a, &(0x7f0000000400)=ANY=[], 0x1, 0x5521, &(0x7f000000cf00)="$eJzs3EtrY+UbAPAnvcz9P/8iLtzNgUFoYRKbXgbdVZ3BC3Yooy5caZqkITNJTmnStHblwqW48JuIgiuXfgYXrt2JoOJOUHLOqU69gNC0se3vByfPed+8ec7zhmHgOackgAtrLvn5x1LcjKsRMR0RNyKy81JxZNby8ExE3IqIqSeOUjH/+8SliLgWETdHyfOcpeKtT+4Mb69+//pPX359eeb6p198M7ldA5P2bER0t/PzvW4e01YeHxXztWE7i92VYRHzN7qPi3Gax73mZpZhr3a4rpbF5Va+Pt3e7Y/iVqdWH8VWeyub3+7lF+wPW4d5sg88qu1k40ZzM4vtfprF1kFe1/5B/n/bQX+Q52kU+d7P0sdgcBjz+eZ+M9/P9uMs1nuDYj7Pmzaa+6M4LGJxuainnUZWx+Zxvun/tjfavd39ZNjc6bfTXrJaqT5fqd4tV3fSRnPQXCnXuo27K8l8qzNaVh40a921Vpq2Os1KPe0uJPOter1crSbz95qb7VovqVYry5XF8upCcXYneeXB20mnkcyP4kvt3u6g3eknW+lOkn9iIVmqLL+wkNyuJm+ubyQbD+/fX99469177zx4cf21l4tFfykrmV9aXFoqVxfLS9WFC7T/D4uix7h/OJbSpAsAOHv0/8AknFz/v/Mw4uT7/9D/j8WZ6n/PX/+/91zERPcPx6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sL6d/ezV7GQuH18v5v9XTD1VjEsRMRURv/6N6bh0JOd0kWf2H9bP/qmGr0qRZRhd43JxXIuIteL45f8n/S0AAADA+fX5B7c+zrv1/GVu0gVxmvKbNlM33htTvlJEzM59N6ZsU6OXp8eULPv3PRP7Y8qW3cC6MqZk+S23mXFl+1emj4QrT4RSHqZOtRwAAOBUHO0EjnQhP0yiHgAAAE7KR5MugMkoxeGjzMNnwdlf3v/xQPDqkREAAABwBpUmXQAAAABw4rL+3+//AQAAwPmW//4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBv7NzPbeJAFAfgZ4MX9p8Wrfa+rewNytgS9rjHiALSBAXkQFpIA9RAbikhggiPQyDiEMljW4m+T3ImY5kfbxAcZkYaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0X60Xt1e/r9vm7Pbt5BkNAAAAcMm2Wi/qf2ap/7W5/7259bPpFxFRRsSlufsoPp1ljpqc6uX5m9Pnq1c13EXUCYf3mDTXl4j401yPP7r+FAAAAODj2ixX8zRbT39mQxdEn9KiTfntb6a8IiKq2UOmtPKQ9ytTWP39Hsf/TGn1AtY0U1hachvnSnuT+ud+XLWbnjRFasqLLzsWmW3sAABAj0ZnTb+zEAAAAPr0b+gCGEYRz1uZx63ASWqa7b3PZz0AAADgHSqGLgAAAADoXD3/7+n8v73z/wAAAGAY6fw/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAurSt1ovNcjVvm7Pbt5NnNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT+zPOwqAMBCGwfWtneSGHtkbyQ/aio3dDAQ+dgkhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG+6+1T/xJDYq2rMNDFl3KpqziqxZJVYs05sudA+Pnqcf34JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J+XFAiBIIiCOeN/J33/w0qCnkGECGh4VFGLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiY3/3yf2JqnEnmThtLxyPJ2lVj66qx96Bx9GC8/RsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42Lmf1jjKMADgz8xktrZVjFFyiIiCB73YdFtbexMPSvDgRxBCuqmxW/+0QWwp0ly8Sc69iF4EEUGJt36Hnlvopd562EMFz8rMzmSnbYRt0Zk1+f3gnffZyWTe550lIc+8kwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNronUmcFZv5cZxW+27dv7pW9Lcf6gs3tu8sFa2IkzaT/n94qfkiWYyIo90lAwAAwMGQ1fV9RNzNd1aKPp0v6/+8Pqao+b97ZhxX9fwXdcn6cP1f1/5F++3Xey/sDjQ/Hqc46frGcHD80VTm/qs5zrpn//lL1eW+VoblvZesfEPS97eeH+Xl9Uy+uXnz3V4ZHmorYwDgcR2r+yqo/x4q+n6XiQFwYMw1Cu+6/s/mu80JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoA2jrThax0lELM1N4sLt+1fX9upvbN9Zqtvp69e349rknMUp8ohY3xgOjrc6m9l26fKV86vD4eBi+8HLEdHV6G9X0z//4RQHR3RyfQT/UpBWb/as5NNeUP+UP8m3d/P7CACA/SuvWlHX3813Vop9yULEX98/WP+/1ohjyvr/3kenbzXHatb//dZmOPuWNy98tnzp8pU3Ni6snhucG3zy5on+W/2TZ06dOrO8vvFDdZQ7JgAAADy5XtWa9X+68Oj6/5FGHFPW/59/2/+qOVam/t/TZNGv60wAAAAOtude+fOPZI/9Sa8XX65ubl7sj7e7r0+Mtx2k+tgOVa1Z/2cLXWcFAAAAtGG0lTyw/n+2EceU6/9P//jiz81zZhFxuFr/P7b26fBse9OZaW38N3LXcwQAAKBbh6vWXP/Py+f/091HHtKIeP3VcVx9DOBU9X/23tc/NcdqPv9/sr0pzqR0cXw9yn4xYm6x64wAAADYz56qWlHs/57vrHz8y5EPep7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjb3wEAAP//IhQ5eQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000240), 0x0}, 0x20)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10)
write(r4, &(0x7f0000002ac0), 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0xa, 0x0, 0x700, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x1, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x50}, 0x1, 0x7}, 0x0)

kernel console output (not intermixed with test programs):

t4_clear_blocks:883: inode #13: comm syz.1.236: attempt to clear invalid blocks 2 len 1
[   97.053579][ T1312] EXT4-fs (loop1): Remounting filesystem read-only
[   97.064197][ T1312] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[   97.085876][ T1312] EXT4-fs (loop1): Remounting filesystem read-only
[   97.105829][ T1312] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.236: invalid indirect mapped block 1819239214 (level 0)
[   97.137344][ T1312] EXT4-fs (loop1): Remounting filesystem read-only
[   97.144432][ T1312] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.236: invalid indirect mapped block 1819239214 (level 1)
[   97.160658][ T1315] fuse: Bad value for 'fd'
[   97.173162][ T1312] EXT4-fs (loop1): Remounting filesystem read-only
[   97.190623][ T1312] EXT4-fs (loop1): 1 truncate cleaned up
[   97.196360][ T1312] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   97.272815][  T288] EXT4-fs (loop3): unmounting filesystem.
[   97.320536][ T1320] loop3: detected capacity change from 0 to 4096
[   97.561974][ T1325] loop0: detected capacity change from 0 to 256
[   97.573378][   T28] audit: type=1400 audit(1753659522.776:261): avc:  denied  { mounton } for  pid=1321 comm="syz.0.241" path="/syzcgroup/unified/syz0/file0" dev="cgroup2" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   97.602701][ T1325] FAT-fs (loop0): Directory bread(block 64) failed
[   97.607261][ T1320] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   97.609385][ T1325] FAT-fs (loop0): Directory bread(block 65) failed
[   97.624864][ T1325] FAT-fs (loop0): Directory bread(block 66) failed
[   97.631593][ T1325] FAT-fs (loop0): Directory bread(block 67) failed
[   97.638303][ T1325] FAT-fs (loop0): Directory bread(block 68) failed
[   97.644938][ T1325] FAT-fs (loop0): Directory bread(block 69) failed
[   97.651654][ T1325] FAT-fs (loop0): Directory bread(block 70) failed
[   97.658313][ T1325] FAT-fs (loop0): Directory bread(block 71) failed
[   97.665025][ T1325] FAT-fs (loop0): Directory bread(block 72) failed
[   97.671621][ T1325] FAT-fs (loop0): Directory bread(block 73) failed
[   97.681205][  T437] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[   97.689374][  T437] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input11
[   97.702598][  T437] usb 5-1: USB disconnect, device number 7
[   97.708547][    C0] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[   97.814715][   T28] audit: type=1400 audit(1753659523.016:262): avc:  denied  { rmdir } for  pid=288 comm="syz-executor" name="lost+found" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   97.815665][  T284] EXT4-fs (loop1): unmounting filesystem.
[   97.843320][ T1245] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 137: padding at end of block bitmap is not set
[   97.858584][  T288] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor: bg 0: block 137: padding at end of block bitmap is not set
[   97.876832][  T288] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem
[   97.895361][   T28] audit: type=1400 audit(1753659523.096:263): avc:  denied  { unlink } for  pid=288 comm="syz-executor" name="file0" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   97.933719][   T28] audit: type=1400 audit(1753659523.096:264): avc:  denied  { unlink } for  pid=288 comm="syz-executor" name="file1" dev="loop3" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[   97.962019][ T1339] loop1: detected capacity change from 0 to 512
[   97.978429][ T1339] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.247: casefold flag without casefold feature
[   97.992798][ T1339] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.247: couldn't read orphan inode 15 (err -117)
[   98.005659][ T1339] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   98.019476][ T1339] EXT4-fs warning (device loop1): ext4_empty_dir:3147: inode #2: comm syz.1.247: directory missing '.'
[   98.032007][ T1339] netlink: 64 bytes leftover after parsing attributes in process `syz.1.247'.
[   98.042018][ T1329] EXT4-fs (loop3): unmounting filesystem.
[   98.197191][ T1347] fuse: Bad value for 'fd'
[   98.304547][ T1348] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.311716][ T1348] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.319551][ T1348] device bridge_slave_0 entered promiscuous mode
[   98.326924][ T1348] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.334788][ T1348] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.345737][ T1348] device bridge_slave_1 entered promiscuous mode
[   98.377604][  T295] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   98.448365][ T1348] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.455468][ T1348] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.462807][ T1348] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.469897][ T1348] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.528503][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   98.541353][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.554721][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.563623][  T295] usb 2-1: unable to get BOS descriptor or descriptor too short
[   98.573950][  T295] usb 2-1: not running at top speed; connect to a high speed hub
[   98.589208][  T405] device bridge_slave_1 left promiscuous mode
[   98.592461][  T295] usb 2-1: config 17 has an invalid interface number: 8 but max is 1
[   98.595441][  T405] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.608069][  T295] usb 2-1: config 17 has 1 interface, different from the descriptor's value: 2
[   98.620740][  T405] device bridge_slave_0 left promiscuous mode
[   98.626148][  T295] usb 2-1: config 17 has no interface number 0
[   98.631376][  T405] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.636639][  T295] usb 2-1: config 17 interface 8 has no altsetting 0
[   98.647972][  T405] device veth0_vlan left promiscuous mode
[   98.654025][  T295] usb 2-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[   98.667732][  T295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.682006][  T295] usb 2-1: Product: syz
[   98.688454][  T295] usb 2-1: Manufacturer: syz
[   98.699657][  T295] usb 2-1: SerialNumber: syz
[   98.811050][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   98.822243][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.829365][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.853522][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   98.870304][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.877404][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.908917][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   98.916628][  T295] usb 2-1: selecting invalid altsetting 0
[   98.921424][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   98.931725][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   98.944303][  T295] usb 2-1: USB disconnect, device number 2
[   98.955891][ T1348] device veth0_vlan entered promiscuous mode
[   98.963070][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   98.973259][  T359] udevd[359]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.8/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   98.990877][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   99.012276][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   99.027604][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   99.036056][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   99.046194][ T1348] device veth1_macvtap entered promiscuous mode
[   99.060448][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   99.069822][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   99.080323][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   99.113987][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   99.135705][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   99.411654][ T1382] netlink: 36 bytes leftover after parsing attributes in process `syz.0.257'.
[   99.672711][  T284] EXT4-fs (loop1): unmounting filesystem.
[   99.747764][    T6] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   99.931494][ T1390] netlink: 36 bytes leftover after parsing attributes in process `syz.2.259'.
[  100.237554][    T6] usb 6-1: Using ep0 maxpacket: 8
[  100.243741][    T6] usb 6-1: config 0 has an invalid descriptor of length 21, skipping remainder of the config
[  100.264555][ T1392] fuse: Bad value for 'fd'
[  100.267568][    T6] usb 6-1: too many endpoints for config 0 interface 0 altsetting 152: 184, using maximum allowed: 30
[  100.280032][  T541] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  100.287566][    T6] usb 6-1: config 0 interface 0 altsetting 152 has 0 endpoint descriptors, different from the interface descriptor's value: 184
[  100.311565][    T6] usb 6-1: config 0 interface 0 has no altsetting 0
[  100.327561][    T6] usb 6-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  100.346808][    T6] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.358289][    T6] usb 6-1: config 0 descriptor??
[  100.490903][  T541] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  100.502161][  T541] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  100.511615][  T541] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.523856][ T1388] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  100.729689][ T1406] loop4: detected capacity change from 0 to 512
[  100.745052][ T1406] EXT4-fs: Ignoring removed mblk_io_submit option
[  100.767173][ T1406] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  100.775881][ T1406] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.267: attempt to clear invalid blocks 2 len 1
[  100.776768][ T1401] loop2: detected capacity change from 0 to 40427
[  100.789238][ T1406] EXT4-fs (loop4): Remounting filesystem read-only
[  100.803388][ T1406] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  100.818576][ T1406] EXT4-fs (loop4): Remounting filesystem read-only
[  100.825299][ T1406] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.267: invalid indirect mapped block 1819239214 (level 0)
[  100.839897][ T1406] EXT4-fs (loop4): Remounting filesystem read-only
[  100.846529][ T1406] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.267: invalid indirect mapped block 1819239214 (level 1)
[  100.860803][ T1406] EXT4-fs (loop4): Remounting filesystem read-only
[  100.868299][ T1406] EXT4-fs (loop4): 1 truncate cleaned up
[  100.877632][ T1406] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  100.883629][ T1401] F2FS-fs (loop2): invalid crc value
[  100.933364][ T1401] F2FS-fs (loop2): Found nat_bits in checkpoint
[  100.942764][  T541] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  100.951749][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  100.951765][   T28] audit: type=1400 audit(1753659526.166:267): avc:  denied  { shutdown } for  pid=1375 comm="syz.5.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  101.100297][ T1401] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  101.192542][   T28] audit: type=1400 audit(1753659526.206:268): avc:  denied  { write } for  pid=1375 comm="syz.5.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  101.222011][  T541] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input12
[  101.236978][  T541] usb 2-1: USB disconnect, device number 3
[  101.242896][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  101.359618][   T28] audit: type=1400 audit(1753659526.566:269): avc:  denied  { setopt } for  pid=1416 comm="syz.0.268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  101.382246][   T28] audit: type=1400 audit(1753659526.566:270): avc:  denied  { bind } for  pid=1416 comm="syz.0.268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  101.805126][  T285] EXT4-fs (loop4): unmounting filesystem.
[  101.854120][  T287] syz-executor: attempt to access beyond end of device
[  101.854120][  T287] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  101.980592][ T1432] fuse: Bad value for 'fd'
[  102.043735][ T1434] netlink: 36 bytes leftover after parsing attributes in process `syz.1.271'.
[  102.355738][   T28] audit: type=1400 audit(1753659527.556:271): avc:  denied  { unmount } for  pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  102.376588][    T6] usb 6-1: string descriptor 0 read error: -71
[  102.384117][    T6] usb 6-1: USB disconnect, device number 2
[  102.413144][   T28] audit: type=1400 audit(1753659527.606:272): avc:  denied  { create } for  pid=1437 comm="syz.0.274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  102.455415][ T1446] loop5: detected capacity change from 0 to 512
[  102.474296][ T1449] loop4: detected capacity change from 0 to 128
[  102.478142][ T1446] EXT4-fs: Ignoring removed mblk_io_submit option
[  102.481597][   T28] audit: type=1400 audit(1753659527.606:273): avc:  denied  { execute } for  pid=1441 comm="syz.5.277" path=2F6D656D66643A1A6A7E97C1202864656C6574656429 dev="tmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  102.525798][ T1449] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  102.535424][ T1446] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  102.545043][ T1449] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  102.576938][   T28] audit: type=1400 audit(1753659527.606:274): avc:  denied  { setopt } for  pid=1441 comm="syz.5.277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  102.598695][ T1446] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.278: attempt to clear invalid blocks 2 len 1
[  102.616665][ T1446] EXT4-fs (loop5): Remounting filesystem read-only
[  102.624232][ T1446] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  102.641795][ T1449] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:406: inode #2: comm syz.4.279: No space for directory leaf checksum. Please run e2fsck -D.
[  102.660427][ T1449] EXT4-fs error (device loop4): __ext4_find_entry:1696: inode #2: comm syz.4.279: checksumming directory block 0
[  102.664662][   T28] audit: type=1400 audit(1753659527.616:275): avc:  denied  { ioctl } for  pid=1441 comm="syz.5.277" path="socket:[20935]" dev="sockfs" ino=20935 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  102.674780][ T1449] netlink: 24 bytes leftover after parsing attributes in process `syz.4.279'.
[  102.707989][ T1446] EXT4-fs (loop5): Remounting filesystem read-only
[  102.716356][ T1446] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.278: invalid indirect mapped block 1819239214 (level 0)
[  102.747978][ T1449] netlink: 4 bytes leftover after parsing attributes in process `syz.4.279'.
[  102.752022][   T28] audit: type=1400 audit(1753659527.726:276): avc:  denied  { setattr } for  pid=1447 comm="syz.2.280" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  102.787854][ T1446] EXT4-fs (loop5): Remounting filesystem read-only
[  102.794438][ T1446] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.278: invalid indirect mapped block 1819239214 (level 1)
[  102.810845][ T1449] netlink: 16 bytes leftover after parsing attributes in process `syz.4.279'.
[  102.818057][ T1446] EXT4-fs (loop5): Remounting filesystem read-only
[  102.827590][   T39] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  102.832666][ T1449] tc_dump_action: action bad kind
[  102.840668][ T1446] EXT4-fs (loop5): 1 truncate cleaned up
[  102.856542][ T1446] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  102.905225][ T1449] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0
[  103.011117][ T1458] loop1: detected capacity change from 0 to 40427
[  103.020665][ T1458] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  103.034903][ T1458] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  103.037954][   T39] usb 3-1: Using ep0 maxpacket: 32
[  103.058278][   T39] usb 3-1: unable to get BOS descriptor or descriptor too short
[  103.075575][   T39] usb 3-1: config 1 interface 0 has no altsetting 0
[  103.094195][ T1458] netlink: 32 bytes leftover after parsing attributes in process `syz.1.282'.
[  103.099673][   T39] usb 3-1: string descriptor 0 read error: -22
[  103.122257][ T1465] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:406: inode #2: comm syz.4.279: No space for directory leaf checksum. Please run e2fsck -D.
[  103.127271][ T1458] netlink: 12 bytes leftover after parsing attributes in process `syz.1.282'.
[  103.158064][   T39] usb 3-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.40
[  103.182880][   T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.197714][ T1465] EXT4-fs error (device loop4): __ext4_find_entry:1696: inode #2: comm syz.4.279: checksumming directory block 0
[  103.476773][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  103.484132][   T39] usbhid 3-1:1.0: can't add hid device: -71
[  103.490189][   T39] usbhid: probe of 3-1:1.0 failed with error -71
[  103.518312][   T39] usb 3-1: USB disconnect, device number 8
[  103.525155][  T285] EXT4-fs (loop4): unmounting filesystem.
[  104.301992][ T1479] loop1: detected capacity change from 0 to 512
[  104.529350][ T1479] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  104.548572][ T1479] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.189207][ T1502] mmap: syz.0.292 (1502) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  105.233196][ T1506] loop2: detected capacity change from 0 to 512
[  105.262540][ T1506] EXT4-fs: Ignoring removed mblk_io_submit option
[  105.291141][ T1506] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  105.309561][ T1506] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.294: attempt to clear invalid blocks 2 len 1
[  105.347365][ T1506] EXT4-fs (loop2): Remounting filesystem read-only
[  105.367230][ T1506] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  105.437487][ T1506] EXT4-fs (loop2): Remounting filesystem read-only
[  105.444157][ T1506] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.294: invalid indirect mapped block 1819239214 (level 0)
[  105.516109][ T1511] loop5: detected capacity change from 0 to 4096
[  105.522770][ T1506] EXT4-fs (loop2): Remounting filesystem read-only
[  105.537598][ T1506] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.294: invalid indirect mapped block 1819239214 (level 1)
[  105.563008][ T1506] EXT4-fs (loop2): Remounting filesystem read-only
[  105.574457][ T1511] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  105.577947][ T1506] EXT4-fs (loop2): 1 truncate cleaned up
[  105.685427][ T1506] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  106.777455][  T287] EXT4-fs (loop2): unmounting filesystem.
[  107.459051][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  108.005955][ T1530] loop4: detected capacity change from 0 to 512
[  108.074422][ T1530] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  108.093773][ T1530] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.120800][  T284] EXT4-fs (loop1): unmounting filesystem.
[  110.049068][   T28] kauditd_printk_skb: 3 callbacks suppressed
[  110.049084][   T28] audit: type=1400 audit(1753659535.256:280): avc:  denied  { ioctl } for  pid=1546 comm="syz.5.301" path="/dev/rtc0" dev="devtmpfs" ino=263 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  110.240651][  T285] EXT4-fs (loop4): unmounting filesystem.
[  110.427271][   T28] audit: type=1400 audit(1753659535.566:281): avc:  denied  { read write } for  pid=1546 comm="syz.5.301" name="uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  110.497383][   T28] audit: type=1400 audit(1753659535.566:282): avc:  denied  { open } for  pid=1546 comm="syz.5.301" path="/dev/uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  110.536378][ T1553] loop4: detected capacity change from 0 to 512
[  110.593011][ T1553] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.302: casefold flag without casefold feature
[  110.636185][ T1553] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.302: couldn't read orphan inode 15 (err -117)
[  110.655734][ T1553] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  110.685478][ T1553] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #2: comm syz.4.302: directory missing '.'
[  110.697472][ T1553] netlink: 64 bytes leftover after parsing attributes in process `syz.4.302'.
[  110.969311][ T1546] rtc_cmos 00:00: Alarms can be up to one day in the future
[  111.747433][  T541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  111.763443][  T541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  111.783714][ T1568] loop1: detected capacity change from 0 to 512
[  111.798008][ T1568] EXT4-fs: Ignoring removed mblk_io_submit option
[  111.823694][  T541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  111.835141][  T541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  111.843068][  T541] rtc rtc0: __rtc_set_alarm: err=-22
[  111.854573][ T1568] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  111.868922][ T1568] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.307: attempt to clear invalid blocks 2 len 1
[  111.882219][ T1568] EXT4-fs (loop1): Remounting filesystem read-only
[  111.889036][  T276] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  111.897052][ T1568] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  111.912666][ T1568] EXT4-fs (loop1): Remounting filesystem read-only
[  111.920032][ T1568] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.307: invalid indirect mapped block 1819239214 (level 0)
[  111.934439][ T1568] EXT4-fs (loop1): Remounting filesystem read-only
[  111.941220][ T1568] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.307: invalid indirect mapped block 1819239214 (level 1)
[  111.996579][ T1568] EXT4-fs (loop1): Remounting filesystem read-only
[  112.010607][ T1568] EXT4-fs (loop1): 1 truncate cleaned up
[  112.019031][ T1580] netlink: 12 bytes leftover after parsing attributes in process `syz.5.310'.
[  112.028093][ T1568] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  112.326451][ T1580] loop5: detected capacity change from 0 to 256
[  113.109398][  T284] EXT4-fs (loop1): unmounting filesystem.
[  113.163543][ T1585] loop1: detected capacity change from 0 to 128
[  113.209629][ T1585] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  113.237606][ T1585] FAT-fs (loop1): Filesystem has been set read-only
[  113.262905][ T1585] syz.1.311: attempt to access beyond end of device
[  113.262905][ T1585] loop1: rw=0, sector=2066, nr_sectors = 7 limit=128
[  113.372396][ T1587] loop1: detected capacity change from 0 to 1024
[  113.397782][  T276] usb 5-1: unable to get BOS descriptor or descriptor too short
[  113.409750][  T276] usb 5-1: not running at top speed; connect to a high speed hub
[  113.422347][  T276] usb 5-1: config 17 has an invalid interface number: 8 but max is 1
[  113.435116][  T276] usb 5-1: config 17 has 1 interface, different from the descriptor's value: 2
[  113.444379][  T276] usb 5-1: config 17 has no interface number 0
[  113.450630][  T276] usb 5-1: config 17 interface 8 has no altsetting 0
[  113.450977][ T1587] EXT4-fs: Ignoring removed oldalloc option
[  113.465514][  T276] usb 5-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  113.484805][  T276] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.493089][ T1587] EXT4-fs: Ignoring removed bh option
[  113.498637][  T276] usb 5-1: Product: syz
[  113.502828][  T276] usb 5-1: Manufacturer: syz
[  113.508264][ T1587] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  113.517614][  T276] usb 5-1: SerialNumber: syz
[  113.539437][  T276] usb 5-1: selecting invalid altsetting 0
[  113.564546][  T276] usb 5-1: USB disconnect, device number 8
[  113.589867][ T1587] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  113.639390][  T285] EXT4-fs (loop4): unmounting filesystem.
[  113.658779][ T1587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'.
[  113.701332][ T1595] loop4: detected capacity change from 0 to 256
[  113.804757][  T284] EXT4-fs (loop1): unmounting filesystem.
[  113.810904][ T1595] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  113.908797][ T1601] loop1: detected capacity change from 0 to 512
[  114.005061][ T1601] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  114.016752][ T1608] loop2: detected capacity change from 0 to 512
[  114.151954][ T1601] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  114.282913][ T1608] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  114.314448][ T1608] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  115.088595][  T287] EXT4-fs (loop2): unmounting filesystem.
[  115.157690][  T295] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  115.209111][  T284] EXT4-fs (loop1): unmounting filesystem.
[  115.449111][  T295] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.466450][  T295] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.476799][   T28] audit: type=1400 audit(1753659540.646:283): avc:  denied  { associate } for  pid=1623 comm="syz.1.322" name="current" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  115.552288][  T295] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  115.619080][  T295] usb 5-1: New USB device found, idVendor=056a, idProduct=0047, bcdDevice= 0.00
[  115.632630][  T295] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.659397][  T295] usb 5-1: config 0 descriptor??
[  116.082768][  T295] wacom 0003:056A:0047.0003: Unknown device_type for 'HID 056a:0047'. Assuming pen.
[  116.119819][  T295] wacom 0003:056A:0047.0003: hidraw0: USB HID v0.00 Device [HID 056a:0047] on usb-dummy_hcd.4-1/input0
[  116.131908][  T295] input: Wacom Intuos2 6x8 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0047.0003/input/input13
[  116.329122][  T295] usb 5-1: USB disconnect, device number 9
[  116.763854][ T1655] loop5: detected capacity change from 0 to 512
[  116.796414][ T1655] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  116.815783][ T1655] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  117.641573][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  117.686211][   T28] audit: type=1400 audit(1753659542.886:284): avc:  denied  { mount } for  pid=1674 comm="syz.5.338" name="/" dev="configfs" ino=14503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  117.782183][ T1676] loop1: detected capacity change from 0 to 512
[  117.796321][ T1676] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  117.887139][   T28] audit: type=1400 audit(1753659543.086:285): avc:  denied  { wake_alarm } for  pid=1674 comm="syz.5.338" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  118.237163][ T1676] EXT4-fs (loop1): 1 truncate cleaned up
[  118.353183][ T1676] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  118.469515][   T28] audit: type=1400 audit(1753659543.666:286): avc:  denied  { map } for  pid=1681 comm="root" path="pipe:[20206]" dev="pipefs" ino=20206 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  118.669107][ T1684] SELinux: security_context_str_to_sid (unconfined_uobj_type=fsconte,) failed with errno=-22
[  118.708029][   T28] audit: type=1400 audit(1753659543.866:287): avc:  denied  { getopt } for  pid=1683 comm="syz.0.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  118.742820][  T647] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  118.760967][  T647] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  118.872372][ T1690] fido_id[1690]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  122.813296][ T1740] loop2: detected capacity change from 0 to 512
[  122.820064][ T1740] EXT4-fs: Ignoring removed nobh option
[  122.842966][ T1740] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  122.854540][ T1740] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[  122.864725][ T1740] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.355: Corrupt directory, running e2fsck is recommended
[  122.878310][ T1740] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[  122.886551][ T1740] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.355: corrupted in-inode xattr
[  122.899790][ T1740] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.355: couldn't read orphan inode 15 (err -117)
[  122.911818][ T1740] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  123.096261][  T284] EXT4-fs (loop1): unmounting filesystem.
[  123.117666][  T295] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  123.329506][  T295] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  123.381776][  T295] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  123.389742][   T28] audit: type=1400 audit(1753659548.596:288): avc:  denied  { create } for  pid=1755 comm="syz.0.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  123.402582][  T295] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.423469][ T1748] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  123.439644][   T28] audit: type=1400 audit(1753659548.626:289): avc:  denied  { setopt } for  pid=1755 comm="syz.0.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  123.465897][  T287] EXT4-fs (loop2): unmounting filesystem.
[  123.640272][  T336] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  123.777584][  T647] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  123.934684][  T295] aiptek 6-1:17.0: Aiptek using 400 ms programming speed
[  123.984356][  T295] input: Aiptek as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:17.0/input/input16
[  124.067173][ T1764] loop4: detected capacity change from 0 to 512
[  124.142296][    C1] aiptek 6-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  124.167762][  T647] usb 1-1: Using ep0 maxpacket: 32
[  124.182978][  T647] usb 1-1: New USB device found, idVendor=19d2, idProduct=f2ac, bcdDevice=84.4f
[  124.193718][  T295] usb 6-1: USB disconnect, device number 3
[  124.313929][  T647] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.706258][  T647] usb 1-1: Product: syz
[  124.710789][  T647] usb 1-1: Manufacturer: syz
[  124.715404][  T647] usb 1-1: SerialNumber: syz
[  124.724494][  T647] usb 1-1: config 0 descriptor??
[  124.740922][  T647] usb 1-1: bad CDC descriptors
[  124.755836][ T1764] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  124.765035][ T1764] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.878765][  T336] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  124.890136][  T336] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  124.899266][  T336] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.934996][ T1754] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  125.087634][  T437] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  125.142594][  T285] EXT4-fs (loop4): unmounting filesystem.
[  125.267564][  T437] usb 3-1: Using ep0 maxpacket: 32
[  125.277210][  T437] usb 3-1: New USB device found, idVendor=19d2, idProduct=f2ac, bcdDevice=84.4f
[  125.291693][  T437] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.302703][  T437] usb 3-1: Product: syz
[  125.307380][  T437] usb 3-1: Manufacturer: syz
[  125.316203][  T437] usb 3-1: SerialNumber: syz
[  125.519101][  T437] usb 3-1: config 0 descriptor??
[  125.543937][  T336] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  125.580742][  T437] usb 3-1: bad CDC descriptors
[  125.614479][  T336] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input17
[  125.842394][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  125.875749][  T336] usb 2-1: USB disconnect, device number 4
[  126.501745][  T295] usb 1-1: USB disconnect, device number 6
[  127.653246][   T28] audit: type=1400 audit(1753659552.846:290): avc:  denied  { create } for  pid=1809 comm="syz.0.375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  129.149698][  T336] usb 3-1: USB disconnect, device number 9
[  130.971033][ T1845] loop1: detected capacity change from 0 to 128
[  131.320303][ T1853] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  132.039793][  T336] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  132.378677][ T1859] loop4: detected capacity change from 0 to 256
[  132.385412][ T1859] FAT-fs (loop4): Unrecognized mount option "uoi_xlate=0" or missing value
[  132.450618][ T1861] loop2: detected capacity change from 0 to 512
[  132.487742][ T1861] EXT4-fs: Ignoring removed mblk_io_submit option
[  132.506370][  T359] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  132.540639][ T1861] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  132.570226][ T1861] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.390: attempt to clear invalid blocks 2 len 1
[  132.596632][ T1861] EXT4-fs (loop2): Remounting filesystem read-only
[  132.611748][ T1861] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  132.641946][ T1861] EXT4-fs (loop2): Remounting filesystem read-only
[  132.655884][ T1861] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.390: invalid indirect mapped block 1819239214 (level 0)
[  132.685920][ T1861] EXT4-fs (loop2): Remounting filesystem read-only
[  132.725541][ T1861] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.390: invalid indirect mapped block 1819239214 (level 1)
[  132.739982][ T1861] EXT4-fs (loop2): Remounting filesystem read-only
[  132.747865][ T1861] EXT4-fs (loop2): 1 truncate cleaned up
[  132.753642][ T1861] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  132.905403][ T1871] fuse: Bad value for 'fd'
[  133.045084][ T1878] netlink: 64 bytes leftover after parsing attributes in process `syz.0.395'.
[  133.107558][  T348] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  133.317852][  T287] EXT4-fs (loop2): unmounting filesystem.
[  133.323328][ T1888] loop5: detected capacity change from 0 to 128
[  133.324094][  T348] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  133.337603][  T541] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  133.351010][ T1888] EXT4-fs (loop5): Test dummy encryption mode enabled
[  133.357445][  T348] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  133.371451][ T1888] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  133.372899][  T348] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.380676][ T1888] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  133.398477][ T1868] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  133.420340][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  133.539010][  T541] usb 1-1: unable to get BOS descriptor or descriptor too short
[  133.547122][  T541] usb 1-1: not running at top speed; connect to a high speed hub
[  133.555646][  T541] usb 1-1: config 17 has an invalid interface number: 8 but max is 1
[  133.563814][  T541] usb 1-1: config 17 has 1 interface, different from the descriptor's value: 2
[  133.572889][  T541] usb 1-1: config 17 has no interface number 0
[  133.579123][  T541] usb 1-1: config 17 interface 8 has no altsetting 0
[  133.587247][  T541] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  133.596355][  T541] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.604390][  T541] usb 1-1: Product: syz
[  133.608635][  T541] usb 1-1: Manufacturer: syz
[  133.613266][  T541] usb 1-1: SerialNumber: syz
[  133.727585][  T437] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  133.740100][  T336] usb 3-1: Using ep0 maxpacket: 32
[  133.746709][  T336] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.757815][  T336] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.767671][  T336] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  133.776785][  T336] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.785964][  T336] usb 3-1: config 0 descriptor??
[  133.812918][  T348] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  133.820755][  T348] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input18
[  133.824665][  T541] usb 1-1: selecting invalid altsetting 0
[  133.833174][  T348] usb 5-1: USB disconnect, device number 10
[  133.835758][    C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  133.854016][  T541] usb 1-1: USB disconnect, device number 7
[  133.864338][  T358] udevd[358]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.8/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  133.917681][  T437] usb 6-1: Using ep0 maxpacket: 32
[  133.925235][  T437] usb 6-1: New USB device found, idVendor=19d2, idProduct=f2ac, bcdDevice=84.4f
[  133.934424][  T437] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.942608][  T437] usb 6-1: Product: syz
[  133.946779][  T437] usb 6-1: Manufacturer: syz
[  133.951420][  T437] usb 6-1: SerialNumber: syz
[  133.956698][  T437] usb 6-1: config 0 descriptor??
[  133.962484][  T437] usb 6-1: bad CDC descriptors
[  134.037566][  T402] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  134.194247][  T336] hid-steam 0003:28DE:1142.0005: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  134.207770][  T336] hid-steam 0003:28DE:1142.0006: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  134.218735][  T402] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.236861][  T402] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.246747][  T402] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  134.259659][  T402] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  134.268720][  T402] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.277235][  T402] usb 2-1: config 0 descriptor??
[  134.287692][  T336] hid-steam 0003:28DE:1142.0005: Steam wireless receiver connected
[  134.455506][ T1906] fuse: Bad value for 'fd'
[  134.694315][  T402] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  134.742537][  T402] plantronics 0003:047F:FFFF.0007: hiddev96,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  134.760954][ T1913] netlink: 80 bytes leftover after parsing attributes in process `syz.2.399'.
[  134.763368][   T28] audit: type=1400 audit(1753659559.966:291): avc:  denied  { ioctl } for  pid=1889 comm="syz.2.399" path="/dev/input/event0" dev="devtmpfs" ino=260 ioctlcmd=0x4506 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  134.795506][ T1913] netlink: 16 bytes leftover after parsing attributes in process `syz.2.399'.
[  134.804920][ T1913] tipc: MTU too low for tipc bearer
[  134.924661][ T1890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.942663][ T1890] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  135.309272][    C0] plantronics 0003:047F:FFFF.0007: hid_field_extract() called with n (132) > 32! (syz.2.399)
[  135.330219][ T1925] loop4: detected capacity change from 0 to 512
[  135.337080][ T1925] EXT4-fs: Ignoring removed mblk_io_submit option
[  135.358301][ T1925] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  135.368014][ T1925] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.409: attempt to clear invalid blocks 2 len 1
[  135.412290][ T1925] EXT4-fs (loop4): Remounting filesystem read-only
[  135.435266][ T1925] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  135.477597][  T541] usb 3-1: reset high-speed USB device number 10 using dummy_hcd
[  135.485637][ T1925] EXT4-fs (loop4): Remounting filesystem read-only
[  135.507606][ T1925] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.409: invalid indirect mapped block 1819239214 (level 0)
[  135.544544][ T1925] EXT4-fs (loop4): Remounting filesystem read-only
[  135.558790][ T1925] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.409: invalid indirect mapped block 1819239214 (level 1)
[  135.573306][ T1925] EXT4-fs (loop4): Remounting filesystem read-only
[  135.601455][ T1925] EXT4-fs (loop4): 1 truncate cleaned up
[  135.615959][ T1925] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  136.157563][  T402] usb 2-1: reset high-speed USB device number 5 using dummy_hcd
[  136.208463][  T285] EXT4-fs (loop4): unmounting filesystem.
[  136.417931][  T336] usb 3-1: USB disconnect, device number 10
[  136.428275][  T336] hid-steam 0003:28DE:1142.0005: Steam wireless receiver disconnected
[  136.464413][   T39] usb 6-1: USB disconnect, device number 4
[  136.497631][  T348] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  136.690367][ T1946] fuse: Bad value for 'fd'
[  136.750248][  T348] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  136.799358][ T1950] netlink: 36 bytes leftover after parsing attributes in process `syz.5.415'.
[  136.852770][  T348] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  136.992180][  T348] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.012156][ T1942] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  137.570967][   T28] audit: type=1400 audit(1753659562.776:292): avc:  denied  { create } for  pid=1949 comm="syz.2.417" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  137.578328][ T1951] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  137.616830][   T28] audit: type=1400 audit(1753659562.776:293): avc:  denied  { mounton } for  pid=1949 comm="syz.2.417" path="/75/file0" dev="tmpfs" ino=426 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  137.634625][ T1951] FAT-fs (loop4): unable to read boot sector
[  137.684845][ T1966] netlink: 64 bytes leftover after parsing attributes in process `syz.0.423'.
[  137.702477][   T28] audit: type=1400 audit(1753659562.906:294): avc:  denied  { load_policy } for  pid=1963 comm="syz.5.422" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  137.728554][ T1964] SELinux: ebitmap: truncated map
[  137.739203][ T1964] SELinux: failed to load policy
[  137.755164][   T28] audit: type=1400 audit(1753659562.946:295): avc:  denied  { unlink } for  pid=287 comm="syz-executor" name="file0" dev="tmpfs" ino=426 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  137.779249][  T348] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  137.788871][ T1970] loop2: detected capacity change from 0 to 512
[  137.794362][  T348] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input20
[  137.797393][ T1970] EXT4-fs: Ignoring removed mblk_io_submit option
[  137.823032][  T348] usb 5-1: USB disconnect, device number 11
[  137.823073][    C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  137.845574][ T1970] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  137.878390][ T1970] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.424: attempt to clear invalid blocks 2 len 1
[  137.892038][ T1952] rtc_cmos 00:00: Alarms can be up to one day in the future
[  137.895674][ T1970] EXT4-fs (loop2): Remounting filesystem read-only
[  137.908379][ T1970] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  137.923205][ T1970] EXT4-fs (loop2): Remounting filesystem read-only
[  137.929816][ T1970] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.424: invalid indirect mapped block 1819239214 (level 0)
[  137.944199][ T1970] EXT4-fs (loop2): Remounting filesystem read-only
[  137.951695][  T710] usb 2-1: USB disconnect, device number 5
[  137.958126][ T1970] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.424: invalid indirect mapped block 1819239214 (level 1)
[  137.987662][ T1970] EXT4-fs (loop2): Remounting filesystem read-only
[  137.994630][ T1970] EXT4-fs (loop2): 1 truncate cleaned up
[  138.001309][ T1970] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  138.016865][ T1979] fuse: Bad value for 'fd'
[  138.127625][  T336] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  138.260975][ T1987] netlink: 36 bytes leftover after parsing attributes in process `syz.1.429'.
[  138.586607][ T1995] loop4: detected capacity change from 0 to 512
[  138.602296][ T1995] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  138.612688][ T1995] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  138.661031][  T287] EXT4-fs (loop2): unmounting filesystem.
[  138.759610][  T541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  138.767942][  T541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  138.775927][  T541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  138.784613][  T541] rtc_cmos 00:00: Alarms can be up to one day in the future
[  138.792760][  T541] rtc rtc0: __rtc_set_alarm: err=-22
[  138.799661][  T336] usb 1-1: unable to get BOS descriptor or descriptor too short
[  138.808224][  T336] usb 1-1: not running at top speed; connect to a high speed hub
[  139.038228][ T2004] netlink: 36 bytes leftover after parsing attributes in process `syz.2.434'.
[  140.038553][ T2015] loop2: detected capacity change from 0 to 512
[  140.079430][ T2015] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  140.095291][ T2015] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.496625][  T336] usb 1-1: config 17 has an invalid interface number: 8 but max is 1
[  140.506341][  T336] usb 1-1: config 17 has 1 interface, different from the descriptor's value: 2
[  140.515891][  T336] usb 1-1: config 17 has no interface number 0
[  140.522224][  T336] usb 1-1: config 17 interface 8 has no altsetting 0
[  140.566277][  T336] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  140.578778][  T336] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.593357][  T336] usb 1-1: Product: syz
[  140.628007][  T336] usb 1-1: Manufacturer: syz
[  140.632702][  T336] usb 1-1: SerialNumber: syz
[  140.674031][  T336] usb 1-1: selecting invalid altsetting 0
[  141.033853][  T336] usb 1-1: USB disconnect, device number 8
[  141.103319][  T287] EXT4-fs (loop2): unmounting filesystem.
[  141.215885][ T2039] netlink: 12 bytes leftover after parsing attributes in process `syz.0.441'.
[  141.244672][ T2042] loop2: detected capacity change from 0 to 512
[  141.285743][ T2042] EXT4-fs: Ignoring removed mblk_io_submit option
[  141.335556][ T2042] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  141.410833][ T2042] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.444: attempt to clear invalid blocks 2 len 1
[  141.428567][ T2042] EXT4-fs (loop2): Remounting filesystem read-only
[  141.440724][ T2045] loop5: detected capacity change from 0 to 512
[  141.442819][ T2042] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  141.462288][ T2042] EXT4-fs (loop2): Remounting filesystem read-only
[  141.477658][ T2042] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.444: invalid indirect mapped block 1819239214 (level 0)
[  141.503263][ T2045] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  141.521713][ T2042] EXT4-fs (loop2): Remounting filesystem read-only
[  141.534685][ T2045] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.547290][ T2042] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.444: invalid indirect mapped block 1819239214 (level 1)
[  141.567727][ T2042] EXT4-fs (loop2): Remounting filesystem read-only
[  141.587269][ T2042] EXT4-fs (loop2): 1 truncate cleaned up
[  141.607902][ T2042] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  141.785462][  T285] EXT4-fs (loop4): unmounting filesystem.
[  141.792888][  T287] EXT4-fs (loop2): unmounting filesystem.
[  141.843878][ T2055] loop2: detected capacity change from 0 to 512
[  142.267579][ T2061] netlink: 36 bytes leftover after parsing attributes in process `syz.1.446'.
[  142.658497][ T2064] netlink: 36 bytes leftover after parsing attributes in process `syz.4.449'.
[  143.055992][ T2055] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  143.070228][ T2055] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.072811][ T2068] loop4: detected capacity change from 0 to 1024
[  143.188737][ T2068] EXT4-fs: Mount option(s) incompatible with ext2
[  143.207753][ T2068] loop4: detected capacity change from 0 to 512
[  143.227810][ T2068] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  143.265704][ T2068] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  143.287652][ T2068] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.316763][ T2068] syz.4.451[2068] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.316847][ T2068] syz.4.451[2068] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.349905][   T28] audit: type=1400 audit(1753659568.556:296): avc:  denied  { mounton } for  pid=2067 comm="syz.4.451" path="/92/file0/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  143.350309][  T348] kernel write not supported for file /user (pid: 348 comm: kworker/1:4)
[  143.467837][ T2066] loop1: detected capacity change from 0 to 40427
[  143.486518][ T2066] F2FS-fs (loop1): invalid crc value
[  143.513580][  T285] EXT4-fs (loop4): unmounting filesystem.
[  143.520458][  T287] EXT4-fs (loop2): unmounting filesystem.
[  143.526842][ T2066] F2FS-fs (loop1): Found nat_bits in checkpoint
[  143.562618][   T28] audit: type=1400 audit(1753659568.766:297): avc:  denied  { ioctl } for  pid=2075 comm="syz.2.453" path="socket:[22115]" dev="sockfs" ino=22115 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  143.651328][ T2080] loop2: detected capacity change from 0 to 512
[  143.658719][ T2066] F2FS-fs (loop1): Start checkpoint disabled!
[  143.674251][ T2066] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  143.730007][ T2080] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  143.757348][ T2080] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.901952][   T28] audit: type=1400 audit(1753659569.106:298): avc:  denied  { create } for  pid=2065 comm="syz.1.450" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  144.192427][ T2091] netlink: 24 bytes leftover after parsing attributes in process `syz.1.450'.
[  144.494652][ T2088] syz.1.450: attempt to access beyond end of device
[  144.494652][ T2088] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  144.540420][ T2088] F2FS-fs (loop1): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  144.742142][   T43] kworker/u4:2: attempt to access beyond end of device
[  144.742142][   T43] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  144.792154][  T287] EXT4-fs (loop2): unmounting filesystem.
[  144.909067][ T2101] loop2: detected capacity change from 0 to 512
[  144.928226][ T2101] EXT4-fs: Ignoring removed mblk_io_submit option
[  144.950014][ T2101] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  145.012171][ T2104] netlink: 36 bytes leftover after parsing attributes in process `syz.0.460'.
[  145.071402][ T2101] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.459: attempt to clear invalid blocks 2 len 1
[  145.146151][ T2101] EXT4-fs (loop2): Remounting filesystem read-only
[  145.258536][ T2101] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  145.273146][ T2101] EXT4-fs (loop2): Remounting filesystem read-only
[  145.281409][ T2101] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.459: invalid indirect mapped block 1819239214 (level 0)
[  145.296154][ T2101] EXT4-fs (loop2): Remounting filesystem read-only
[  145.300468][ T2106] loop1: detected capacity change from 0 to 512
[  145.309941][ T2101] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.459: invalid indirect mapped block 1819239214 (level 1)
[  145.331665][ T2101] EXT4-fs (loop2): Remounting filesystem read-only
[  145.339008][ T2101] EXT4-fs (loop2): 1 truncate cleaned up
[  145.345113][ T2101] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  145.355819][ T2106] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  145.365423][ T2106] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.385530][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  145.489903][  T287] EXT4-fs (loop2): unmounting filesystem.
[  145.558447][ T2114] loop2: detected capacity change from 0 to 1024
[  145.584559][ T2114] EXT4-fs: Ignoring removed oldalloc option
[  145.597640][ T2114] EXT4-fs: Ignoring removed bh option
[  145.607584][ T2114] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  145.703606][ T2114] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  145.753497][ T2116] loop4: detected capacity change from 0 to 40427
[  145.838881][ T2114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.463'.
[  145.849164][ T2116] F2FS-fs (loop4): invalid crc value
[  145.943423][ T2131] netlink: 36 bytes leftover after parsing attributes in process `syz.0.465'.
[  146.052837][ T2116] F2FS-fs (loop4): Found nat_bits in checkpoint
[  146.218374][  T287] EXT4-fs (loop2): unmounting filesystem.
[  146.254474][ T2133] loop2: detected capacity change from 0 to 512
[  146.258000][ T2116] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  146.298636][ T2133] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.466: casefold flag without casefold feature
[  146.318773][ T2133] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.466: couldn't read orphan inode 15 (err -117)
[  146.338652][ T2133] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  146.388508][ T2133] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #2: comm syz.2.466: directory missing '.'
[  146.415862][ T2138] loop5: detected capacity change from 0 to 512
[  146.423985][ T2133] netlink: 64 bytes leftover after parsing attributes in process `syz.2.466'.
[  146.449719][ T2138] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  146.459371][ T2138] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.758763][  T348] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  146.959808][  T348] usb 3-1: unable to get BOS descriptor or descriptor too short
[  147.035172][  T348] usb 3-1: not running at top speed; connect to a high speed hub
[  147.153892][  T348] usb 3-1: config 17 has an invalid interface number: 8 but max is 1
[  147.697903][  T348] usb 3-1: config 17 has 1 interface, different from the descriptor's value: 2
[  147.757667][  T348] usb 3-1: config 17 has no interface number 0
[  147.777670][  T348] usb 3-1: config 17 interface 8 has no altsetting 0
[  147.890191][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  147.912906][  T348] usb 3-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  147.924259][ T2152] netlink: 12 bytes leftover after parsing attributes in process `syz.5.471'.
[  147.932551][  T348] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.942478][  T348] usb 3-1: Product: syz
[  147.947331][ T2152] loop5: detected capacity change from 0 to 256
[  147.947920][  T348] usb 3-1: Manufacturer: syz
[  147.980722][  T348] usb 3-1: SerialNumber: syz
[  147.994498][ T2154] loop5: detected capacity change from 0 to 512
[  148.039419][ T2154] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  148.058958][ T2154] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.211389][  T348] usb 3-1: selecting invalid altsetting 0
[  148.244107][  T348] usb 3-1: USB disconnect, device number 11
[  148.288724][  T284] EXT4-fs (loop1): unmounting filesystem.
[  148.309089][ T2161] fuse: Bad value for 'fd'
[  148.327644][ T2164] loop4: detected capacity change from 0 to 512
[  148.343328][ T2164] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.475: casefold flag without casefold feature
[  148.378041][ T2164] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.475: couldn't read orphan inode 15 (err -117)
[  148.397595][ T2164] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  148.430733][ T2164] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #2: comm syz.4.475: directory missing '.'
[  148.458995][ T2164] netlink: 64 bytes leftover after parsing attributes in process `syz.4.475'.
[  148.660962][ T2171] netlink: 4 bytes leftover after parsing attributes in process `syz.0.476'.
[  148.832244][  T348] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  148.846737][  T287] EXT4-fs (loop2): unmounting filesystem.
[  149.149758][  T348] usb 5-1: unable to get BOS descriptor or descriptor too short
[  149.173995][  T348] usb 5-1: not running at top speed; connect to a high speed hub
[  149.204426][  T348] usb 5-1: config 17 has an invalid interface number: 8 but max is 1
[  149.278931][  T348] usb 5-1: config 17 has 1 interface, different from the descriptor's value: 2
[  149.288041][  T348] usb 5-1: config 17 has no interface number 0
[  149.294317][  T348] usb 5-1: config 17 interface 8 has no altsetting 0
[  149.302665][  T348] usb 5-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  149.312147][  T348] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.322138][  T348] usb 5-1: Product: syz
[  149.326414][  T348] usb 5-1: Manufacturer: syz
[  151.540558][ T2174] rtc_cmos 00:00: Alarms can be up to one day in the future
[  151.603333][  T348] usb 5-1: SerialNumber: syz
[  152.121981][  T336] rtc_cmos 00:00: Alarms can be up to one day in the future
[  152.130755][  T336] rtc_cmos 00:00: Alarms can be up to one day in the future
[  152.157714][  T336] rtc_cmos 00:00: Alarms can be up to one day in the future
[  152.198022][  T336] rtc_cmos 00:00: Alarms can be up to one day in the future
[  152.214198][  T336] rtc rtc0: __rtc_set_alarm: err=-22
[  152.268228][  T348] usb 5-1: can't set config #17, error -71
[  152.277834][  T348] usb 5-1: USB disconnect, device number 12
[  152.300413][  T285] EXT4-fs (loop4): unmounting filesystem.
[  152.632536][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  153.120064][ T2194] loop1: detected capacity change from 0 to 40427
[  153.167151][ T2194] F2FS-fs (loop1): invalid crc value
[  153.308584][ T2194] F2FS-fs (loop1): Found nat_bits in checkpoint
[  153.415137][ T2194] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  153.457552][  T437] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  153.557267][ T2208] loop4: detected capacity change from 0 to 512
[  153.582569][ T2208] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  153.591794][ T2208] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.791673][  T437] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  154.029476][ T2220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.488'.
[  154.213498][  T437] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  154.228477][  T437] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.247568][ T2191] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  154.358975][ T2230] loop5: detected capacity change from 0 to 512
[  154.425317][ T2230] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  154.437167][ T2236] netlink: 36 bytes leftover after parsing attributes in process `syz.1.490'.
[  154.558854][ T2230] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.696830][  T285] EXT4-fs (loop4): unmounting filesystem.
[  154.800007][  T437] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  154.810361][  T437] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input21
[  154.838398][  T437] usb 3-1: USB disconnect, device number 12
[  154.844440][    C0] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  155.585068][ T2237] rtc_cmos 00:00: Alarms can be up to one day in the future
[  155.744025][  T276] rtc_cmos 00:00: Alarms can be up to one day in the future
[  155.767843][  T276] rtc_cmos 00:00: Alarms can be up to one day in the future
[  155.775436][  T276] rtc_cmos 00:00: Alarms can be up to one day in the future
[  155.839336][ T2256] netlink: 36 bytes leftover after parsing attributes in process `syz.4.498'.
[  156.042278][  T276] rtc_cmos 00:00: Alarms can be up to one day in the future
[  156.049656][  T276] rtc rtc0: __rtc_set_alarm: err=-22
[  156.261545][ T2254] loop2: detected capacity change from 0 to 40427
[  156.278471][ T2254] F2FS-fs (loop2): invalid crc value
[  156.371550][ T2261] loop1: detected capacity change from 0 to 512
[  156.380946][ T2261] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  156.449421][   T28] audit: type=1400 audit(1753659581.636:299): avc:  denied  { ioctl } for  pid=2257 comm="syz.1.499" path="socket:[23449]" dev="sockfs" ino=23449 ioctlcmd=0x6628 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  156.606284][ T2264] loop4: detected capacity change from 0 to 1024
[  156.619548][ T2254] F2FS-fs (loop2): Found nat_bits in checkpoint
[  156.658858][ T2264] EXT4-fs: Ignoring removed oldalloc option
[  156.672277][ T2264] EXT4-fs: Ignoring removed bh option
[  156.688798][ T2264] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  156.722626][ T2254] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  156.740555][ T2264] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  156.790017][ T2264] netlink: 4 bytes leftover after parsing attributes in process `syz.4.500'.
[  156.889905][  T285] EXT4-fs (loop4): unmounting filesystem.
[  156.920509][  T287] syz-executor: attempt to access beyond end of device
[  156.920509][  T287] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  157.274160][ T2270] loop4: detected capacity change from 0 to 40427
[  157.300995][ T2270] F2FS-fs (loop4): invalid crc value
[  157.341362][ T2270] F2FS-fs (loop4): Found nat_bits in checkpoint
[  157.458934][ T2270] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  157.636432][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  157.811583][ T2292] loop2: detected capacity change from 0 to 512
[  157.846269][ T2292] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  157.855912][ T2292] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.897945][  T287] EXT4-fs (loop2): unmounting filesystem.
[  157.903871][ T2297] loop5: detected capacity change from 0 to 1024
[  157.928172][ T2297] EXT4-fs: Ignoring removed oldalloc option
[  157.934970][ T2297] EXT4-fs: Ignoring removed bh option
[  157.955200][ T2297] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  157.979393][ T2297] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  158.007253][ T2297] netlink: 4 bytes leftover after parsing attributes in process `syz.5.508'.
[  158.122488][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  159.155179][ T2308] loop4: detected capacity change from 0 to 1024
[  159.182835][ T2308] EXT4-fs: Ignoring removed oldalloc option
[  159.197588][ T2308] EXT4-fs: Ignoring removed bh option
[  159.227677][ T2308] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  159.257538][  T276] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  159.277730][ T2312] fuse: Bad value for 'fd'
[  159.278417][ T2308] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  159.335395][ T2308] netlink: 4 bytes leftover after parsing attributes in process `syz.4.512'.
[  159.428832][  T285] EXT4-fs (loop4): unmounting filesystem.
[  159.441386][ T2310] loop1: detected capacity change from 0 to 40427
[  159.448948][  T276] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  159.558831][ T2310] F2FS-fs (loop1): invalid crc value
[  159.732405][ T2310] F2FS-fs (loop1): Found nat_bits in checkpoint
[  160.009178][ T2310] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  160.467541][  T276] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  160.482563][  T276] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.628281][ T2302] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  160.638404][ T2333] loop5: detected capacity change from 0 to 512
[  160.664589][ T2333] EXT4-fs: Ignoring removed mblk_io_submit option
[  160.682718][  T284] syz-executor: attempt to access beyond end of device
[  160.682718][  T284] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  160.708718][ T2333] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  160.730671][ T2333] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.518: attempt to clear invalid blocks 2 len 1
[  160.769120][ T2333] EXT4-fs (loop5): Remounting filesystem read-only
[  160.775904][ T2333] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  160.825148][ T2333] EXT4-fs (loop5): Remounting filesystem read-only
[  160.837322][ T2333] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.518: invalid indirect mapped block 1819239214 (level 0)
[  160.877822][ T2333] EXT4-fs (loop5): Remounting filesystem read-only
[  160.886079][ T2333] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.518: invalid indirect mapped block 1819239214 (level 1)
[  160.889422][ T2339] loop1: detected capacity change from 0 to 512
[  160.906600][ T2333] EXT4-fs (loop5): Remounting filesystem read-only
[  160.917837][ T2333] EXT4-fs (loop5): 1 truncate cleaned up
[  160.927987][ T2333] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  161.060420][  T276] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  161.070610][  T276] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input22
[  161.081171][ T2339] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  161.098010][ T2339] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.218457][  T284] EXT4-fs (loop1): unmounting filesystem.
[  161.520254][    C0] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  161.528568][  T276] usb 3-1: USB disconnect, device number 13
[  161.621314][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  161.641365][ T2346] loop1: detected capacity change from 0 to 1024
[  161.661376][ T2346] EXT4-fs: Ignoring removed oldalloc option
[  161.667356][ T2346] EXT4-fs: Ignoring removed bh option
[  161.694403][ T2346] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  161.766255][ T2346] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  162.532265][ T2346] netlink: 4 bytes leftover after parsing attributes in process `syz.1.521'.
[  163.581886][  T284] EXT4-fs (loop1): unmounting filesystem.
[  163.610856][ T2363] loop2: detected capacity change from 0 to 512
[  163.622078][ T2362] loop5: detected capacity change from 0 to 512
[  163.669926][ T2363] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.527: casefold flag without casefold feature
[  163.689863][ T2362] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  163.705761][ T2362] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  163.720914][ T2363] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.527: couldn't read orphan inode 15 (err -117)
[  163.752679][ T2363] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  163.767300][ T2369] netlink: 'syz.0.528': attribute type 8 has an invalid length.
[  163.783503][ T2371] loop1: detected capacity change from 0 to 1024
[  163.807997][ T2370] netlink: 'syz.0.528': attribute type 8 has an invalid length.
[  163.826669][ T2371] EXT4-fs: Ignoring removed oldalloc option
[  163.835345][   T28] audit: type=1400 audit(1753659589.046:300): avc:  denied  { ioctl } for  pid=2367 comm="syz.0.528" path="socket:[23618]" dev="sockfs" ino=23618 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  163.863141][ T2363] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #2: comm syz.2.527: directory missing '.'
[  163.887757][ T2371] EXT4-fs: Ignoring removed bh option
[  163.900675][ T2371] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  163.914483][ T2363] netlink: 64 bytes leftover after parsing attributes in process `syz.2.527'.
[  163.942150][ T2371] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  163.953961][ T2371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.526'.
[  163.996485][  T284] EXT4-fs (loop1): unmounting filesystem.
[  164.097553][  T348] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  164.122155][ T2379] process 'syz.4.530' launched './file0' with NULL argv: empty string added
[  164.131696][   T28] audit: type=1400 audit(1753659589.336:301): avc:  denied  { execute_no_trans } for  pid=2378 comm="syz.4.530" path="/109/file0" dev="tmpfs" ino=620 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  164.170890][ T2381] loop4: detected capacity change from 0 to 512
[  164.195874][ T2381] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  164.205629][ T2381] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.222371][ T2377] loop1: detected capacity change from 0 to 40427
[  164.229145][  T448] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  164.238993][ T2377] F2FS-fs (loop1): invalid crc value
[  164.246855][  T285] EXT4-fs (loop4): unmounting filesystem.
[  164.258667][ T2377] F2FS-fs (loop1): Found nat_bits in checkpoint
[  164.294957][  T348] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  164.303271][  T348] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  164.309944][ T2377] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  164.314639][  T348] usb 1-1: config 0 has no interface number 0
[  164.392553][ T2391] netlink: 12 bytes leftover after parsing attributes in process `syz.4.532'.
[  164.407117][ T2391] loop4: detected capacity change from 0 to 256
[  164.441606][  T348] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  164.450883][  T348] usb 1-1: New USB device strings: Mfr=1, Product=26, SerialNumber=3
[  164.472484][  T348] usb 1-1: Product: syz
[  164.481385][  T348] usb 1-1: Manufacturer: syz
[  164.491194][  T348] usb 1-1: SerialNumber: syz
[  164.504599][  T348] usb 1-1: config 0 descriptor??
[  164.529036][  T448] usb 3-1: unable to get BOS descriptor or descriptor too short
[  164.541327][  T448] usb 3-1: not running at top speed; connect to a high speed hub
[  164.576017][  T448] usb 3-1: config 17 has an invalid interface number: 8 but max is 1
[  164.585170][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  164.601113][  T448] usb 3-1: config 17 has 1 interface, different from the descriptor's value: 2
[  164.620402][  T448] usb 3-1: config 17 has no interface number 0
[  164.634895][  T448] usb 3-1: config 17 interface 8 has no altsetting 0
[  164.651746][  T448] usb 3-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  164.670237][  T448] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.687215][  T448] usb 3-1: Product: syz
[  164.695637][  T448] usb 3-1: Manufacturer: syz
[  164.705465][  T448] usb 3-1: SerialNumber: syz
[  164.754336][   T39] usb 1-1: USB disconnect, device number 9
[  164.917889][  T284] syz-executor: attempt to access beyond end of device
[  164.917889][  T284] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  164.936661][  T448] usb 3-1: selecting invalid altsetting 0
[  164.984546][  T448] usb 3-1: USB disconnect, device number 14
[  165.570048][ T2397] loop1: detected capacity change from 0 to 40427
[  165.587701][ T2397] F2FS-fs (loop1): invalid crc value
[  165.614914][ T2397] F2FS-fs (loop1): Found nat_bits in checkpoint
[  165.662731][ T2397] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  166.181554][  T287] EXT4-fs (loop2): unmounting filesystem.
[  166.847258][ T2425] loop1: detected capacity change from 0 to 1024
[  166.943748][ T2425] EXT4-fs: Ignoring removed oldalloc option
[  167.458731][ T2425] EXT4-fs: Ignoring removed bh option
[  167.470918][ T2425] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  167.499749][   T28] audit: type=1400 audit(1753659592.706:302): avc:  denied  { mount } for  pid=2427 comm="syz.0.543" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  167.607627][   T28] audit: type=1400 audit(1753659592.736:303): avc:  denied  { unmount } for  pid=2427 comm="syz.0.543" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  167.928691][ T2425] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  168.008780][ T2425] netlink: 4 bytes leftover after parsing attributes in process `syz.1.540'.
[  168.027640][ T2440] netlink: 12 bytes leftover after parsing attributes in process `syz.4.545'.
[  168.042122][ T2440] loop4: detected capacity change from 0 to 256
[  168.118021][  T284] EXT4-fs (loop1): unmounting filesystem.
[  168.168631][ T2430] loop2: detected capacity change from 0 to 40427
[  168.186280][ T2430] F2FS-fs (loop2): invalid crc value
[  168.209545][ T2430] F2FS-fs (loop2): Found nat_bits in checkpoint
[  168.256330][ T2430] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  168.440673][ T2451] netlink: 64 bytes leftover after parsing attributes in process `syz.0.547'.
[  168.615709][  T287] syz-executor: attempt to access beyond end of device
[  168.615709][  T287] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  168.733225][   T28] audit: type=1400 audit(1753659593.936:304): avc:  denied  { getopt } for  pid=2455 comm="syz.2.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  168.754062][ T2456] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=274 sclass=netlink_xfrm_socket pid=2456 comm=syz.2.548
[  168.757570][  T276] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  168.779313][ T2456] loop2: detected capacity change from 0 to 1024
[  168.786090][ T2456] EXT4-fs: Ignoring removed i_version option
[  168.792286][ T2456] EXT4-fs: Ignoring removed nobh option
[  168.798269][ T2456] EXT4-fs (loop2): Test dummy encryption mode enabled
[  168.868584][ T2456] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  168.891744][ T2456] fscrypt: AES-256-XTS using blk-crypto-fallback
[  168.919270][   T28] audit: type=1400 audit(1753659594.116:305): avc:  denied  { map } for  pid=2455 comm="syz.2.548" path="/98/file0/cpuset.effective_mems" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  169.103288][  T287] EXT4-fs (loop2): unmounting filesystem.
[  169.177562][   T28] audit: type=1400 audit(1753659594.336:306): avc:  denied  { set_context_mgr } for  pid=2465 comm="syz.1.551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  169.278266][   T28] audit: type=1400 audit(1753659594.336:307): avc:  denied  { write } for  pid=2465 comm="syz.1.551" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  169.978435][  T276] usb 1-1: unable to get BOS descriptor or descriptor too short
[  169.987547][  T276] usb 1-1: not running at top speed; connect to a high speed hub
[  170.000956][  T276] usb 1-1: config 17 has an invalid interface number: 8 but max is 1
[  170.017594][  T276] usb 1-1: config 17 has 1 interface, different from the descriptor's value: 2
[  170.026799][  T276] usb 1-1: config 17 has no interface number 0
[  170.037526][  T437] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  170.045102][  T276] usb 1-1: config 17 interface 8 has no altsetting 0
[  170.050409][   T28] audit: type=1400 audit(1753659595.246:308): avc:  denied  { sqpoll } for  pid=2475 comm="syz.4.554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  170.054266][  T276] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  170.107524][  T276] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.115567][  T276] usb 1-1: Product: syz
[  170.119998][  T276] usb 1-1: Manufacturer: syz
[  170.124615][  T276] usb 1-1: SerialNumber: syz
[  170.228571][  T437] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  170.239732][  T437] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  170.249089][  T437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.268433][ T2461] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  170.287565][  T348] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  170.339999][  T276] usb 1-1: selecting invalid altsetting 0
[  170.358030][  T276] usb 1-1: USB disconnect, device number 10
[  170.468716][  T348] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.481537][  T348] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.493319][  T348] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  170.506579][  T348] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  170.515858][  T348] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.525303][  T348] usb 3-1: config 0 descriptor??
[  170.697902][  T437] aiptek 6-1:17.0: Aiptek using 400 ms programming speed
[  170.705610][  T437] input: Aiptek as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:17.0/input/input23
[  170.717592][  T437] usb 6-1: USB disconnect, device number 5
[  170.723490][    C0] aiptek 6-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  170.804384][ T2481] netlink: 36 bytes leftover after parsing attributes in process `syz.1.555'.
[  170.984540][  T348] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  171.045390][  T348] plantronics 0003:047F:FFFF.0008: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  171.070421][ T2485] netlink: 4 bytes leftover after parsing attributes in process `syz.0.557'.
[  171.088604][ T2483] fuse: Bad value for 'fd'
[  171.218609][ T2491] netlink: 12 bytes leftover after parsing attributes in process `syz.0.559'.
[  171.245073][ T2488] loop4: detected capacity change from 0 to 40427
[  171.254952][ T2488] F2FS-fs (loop4): invalid crc value
[  171.285372][ T2488] F2FS-fs (loop4): Found nat_bits in checkpoint
[  171.334287][ T2488] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  172.225048][ T2495] rtc_cmos 00:00: Alarms can be up to one day in the future
[  172.274319][ T2507] loop5: detected capacity change from 0 to 512
[  172.287997][ T2507] EXT4-fs: Ignoring removed mblk_io_submit option
[  172.332574][ T2507] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  172.355023][ T2507] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.563: attempt to clear invalid blocks 2 len 1
[  172.368061][ T2507] EXT4-fs (loop5): Remounting filesystem read-only
[  172.374688][ T2507] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  172.389455][ T2507] EXT4-fs (loop5): Remounting filesystem read-only
[  172.396115][ T2507] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.563: invalid indirect mapped block 1819239214 (level 0)
[  172.410264][ T2507] EXT4-fs (loop5): Remounting filesystem read-only
[  172.416864][ T2507] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.563: invalid indirect mapped block 1819239214 (level 1)
[  172.431013][ T2507] EXT4-fs (loop5): Remounting filesystem read-only
[  172.437555][  T276] usb 3-1: reset high-speed USB device number 15 using dummy_hcd
[  172.437904][ T2507] EXT4-fs (loop5): 1 truncate cleaned up
[  172.451110][ T2507] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  172.587519][  T285] syz-executor: attempt to access beyond end of device
[  172.587519][  T285] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  172.743148][ T1002] rtc_cmos 00:00: Alarms can be up to one day in the future
[  172.751295][ T1002] rtc_cmos 00:00: Alarms can be up to one day in the future
[  172.759185][ T1002] rtc_cmos 00:00: Alarms can be up to one day in the future
[  172.767059][ T1002] rtc_cmos 00:00: Alarms can be up to one day in the future
[  172.774961][ T1002] rtc rtc0: __rtc_set_alarm: err=-22
[  172.825800][ T2524] loop4: detected capacity change from 0 to 2048
[  173.154986][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  173.442858][ T2532] loop5: detected capacity change from 0 to 512
[  173.449673][ T2532] EXT4-fs: Ignoring removed mblk_io_submit option
[  173.491499][ T2532] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  173.500410][ T2532] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.568: attempt to clear invalid blocks 2 len 1
[  173.514423][ T2532] EXT4-fs (loop5): Remounting filesystem read-only
[  173.533282][ T2535] loop4: detected capacity change from 0 to 128
[  173.536026][ T2532] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  173.541371][ T2535] EXT4-fs (loop4): Test dummy encryption mode enabled
[  173.561548][ T2532] EXT4-fs (loop5): Remounting filesystem read-only
[  173.568251][ T2532] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.568: invalid indirect mapped block 1819239214 (level 0)
[  173.579067][ T2535] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  173.582825][ T2532] EXT4-fs (loop5): Remounting filesystem read-only
[  173.591503][ T2535] ext4 filesystem being mounted at /122/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  173.597409][ T2532] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.568: invalid indirect mapped block 1819239214 (level 1)
[  173.638530][ T2532] EXT4-fs (loop5): Remounting filesystem read-only
[  173.647748][ T2532] EXT4-fs (loop5): 1 truncate cleaned up
[  173.657413][ T2532] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  173.665350][  T285] EXT4-fs (loop4): unmounting filesystem.
[  173.738862][ T2541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.571'.
[  173.753293][ T2541] loop2: detected capacity change from 0 to 256
[  174.939858][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  175.028952][ T2560] netlink: 36 bytes leftover after parsing attributes in process `syz.0.576'.
[  175.933409][ T2546] loop4: detected capacity change from 0 to 40427
[  175.950959][ T2546] F2FS-fs (loop4): invalid crc value
[  175.965160][ T2546] F2FS-fs (loop4): Found nat_bits in checkpoint
[  176.021430][ T2546] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  176.039197][  T437] usb 3-1: USB disconnect, device number 15
[  176.174738][ T2571] netlink: 32 bytes leftover after parsing attributes in process `syz.1.579'.
[  176.253104][ T2576] loop5: detected capacity change from 0 to 128
[  176.271461][ T2577] netlink: 4 bytes leftover after parsing attributes in process `syz.2.580'.
[  177.316606][ T2585] netlink: 12 bytes leftover after parsing attributes in process `syz.5.583'.
[  177.351716][ T2585] loop5: detected capacity change from 0 to 256
[  177.735303][  T285] syz-executor: attempt to access beyond end of device
[  177.735303][  T285] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  177.821264][ T2580] rtc_cmos 00:00: Alarms can be up to one day in the future
[  177.874247][   T28] audit: type=1400 audit(1753659603.076:309): avc:  denied  { read } for  pid=2602 comm="syz.2.589" name="usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  177.900222][   T28] audit: type=1400 audit(1753659603.076:310): avc:  denied  { open } for  pid=2602 comm="syz.2.589" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  177.955583][   T28] audit: type=1400 audit(1753659603.076:311): avc:  denied  { map } for  pid=2602 comm="syz.2.589" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  177.981788][   T28] audit: type=1400 audit(1753659603.136:312): avc:  denied  { ioctl } for  pid=2602 comm="syz.2.589" path="/dev/usbmon0" dev="devtmpfs" ino=159 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  178.014299][ T2608] loop4: detected capacity change from 0 to 2048
[  178.021356][  T276] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  178.279505][  T276] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  178.342262][ T2614] loop2: detected capacity change from 0 to 512
[  178.484914][ T2614] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  178.502560][ T2614] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.651476][ T2621] loop4: detected capacity change from 0 to 1024
[  179.680088][ T2621] EXT4-fs: Ignoring removed oldalloc option
[  179.686067][ T2621] EXT4-fs: Ignoring removed bh option
[  179.719565][ T2621] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  179.771221][ T2621] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  179.799633][ T2621] netlink: 4 bytes leftover after parsing attributes in process `syz.4.591'.
[  179.896274][  T285] EXT4-fs (loop4): unmounting filesystem.
[  179.910733][  T276] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  179.911475][  T287] EXT4-fs (loop2): unmounting filesystem.
[  179.920625][  T276] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.935485][  T437] rtc_cmos 00:00: Alarms can be up to one day in the future
[  179.942913][ T2597] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  179.950748][  T437] rtc_cmos 00:00: Alarms can be up to one day in the future
[  179.959249][  T437] rtc_cmos 00:00: Alarms can be up to one day in the future
[  179.967956][  T437] rtc_cmos 00:00: Alarms can be up to one day in the future
[  179.975380][  T437] rtc rtc0: __rtc_set_alarm: err=-22
[  179.981971][ T2626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.593'.
[  179.996284][ T2627] loop4: detected capacity change from 0 to 512
[  180.039144][ T2631] loop2: detected capacity change from 0 to 512
[  180.060556][ T2627] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  180.069802][ T2627] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.132275][ T2631] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  180.142426][ T2631] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.186952][   T28] audit: type=1400 audit(1753659605.386:313): avc:  denied  { bind } for  pid=2633 comm="syz.0.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  182.182633][  T285] EXT4-fs (loop4): unmounting filesystem.
[  182.220197][  T276] aiptek 6-1:17.0: Aiptek using 400 ms programming speed
[  182.243764][  T276] input: Aiptek as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:17.0/input/input25
[  182.385129][ T2654] netlink: 12 bytes leftover after parsing attributes in process `syz.1.598'.
[  182.399494][ T2654] loop1: detected capacity change from 0 to 256
[  182.408771][  T287] EXT4-fs (loop2): unmounting filesystem.
[  182.439951][ T2660] loop2: detected capacity change from 0 to 1024
[  182.451711][  T276] usb 6-1: USB disconnect, device number 6
[  182.457687][    C0] aiptek 6-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  182.537852][ T2660] EXT4-fs: Ignoring removed oldalloc option
[  182.543962][ T2660] EXT4-fs: Ignoring removed bh option
[  182.566490][ T2660] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  182.609108][ T2660] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  183.400437][ T2670] loop5: detected capacity change from 0 to 2048
[  184.557127][ T2660] netlink: 4 bytes leftover after parsing attributes in process `syz.2.602'.
[  184.766464][ T2673] loop1: detected capacity change from 0 to 1024
[  184.783769][ T2673] EXT4-fs: Ignoring removed oldalloc option
[  184.795617][ T2657] loop4: detected capacity change from 0 to 40427
[  184.807809][ T2673] EXT4-fs: Ignoring removed bh option
[  185.606846][ T2657] F2FS-fs (loop4): invalid crc value
[  185.622724][ T2673] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  185.635624][  T287] EXT4-fs (loop2): unmounting filesystem.
[  185.655031][ T2657] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-4)
[  185.709768][ T2673] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  185.730354][ T2673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.605'.
[  185.746499][  T284] EXT4-fs (loop1): unmounting filesystem.
[  185.851000][ T2693] loop2: detected capacity change from 0 to 1024
[  185.869245][ T2693] EXT4-fs: Ignoring removed oldalloc option
[  185.875216][ T2693] EXT4-fs: Ignoring removed bh option
[  185.889010][ T2693] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  187.443970][ T2693] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  187.702926][ T2710] netlink: 4 bytes leftover after parsing attributes in process `syz.2.607'.
[  187.877112][ T2681] Bluetooth: hci0: Opcode 0x080f failed: -110
[  187.894520][  T405] Bluetooth: hci0: Frame reassembly failed (-84)
[  188.114460][ T2717] loop4: detected capacity change from 0 to 16
[  188.126733][ T2717] erofs: (device loop4): mounted with root inode @ nid 36.
[  188.143188][ T2717] syz.4.614: attempt to access beyond end of device
[  188.143188][ T2717] loop4: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  188.158855][  T287] EXT4-fs (loop2): unmounting filesystem.
[  188.165356][ T2717] syz.4.614: attempt to access beyond end of device
[  188.165356][ T2717] loop4: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  188.210673][   T28] audit: type=1400 audit(1753659613.416:314): avc:  denied  { unlink } for  pid=2720 comm="syz.4.616" name="#3" dev="tmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  188.331462][  T276] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  188.769006][  T276] usb 2-1: unable to get BOS descriptor or descriptor too short
[  188.777545][  T276] usb 2-1: config 10 has an invalid interface number: 41 but max is 0
[  188.785814][  T276] usb 2-1: config 10 has no interface number 0
[  188.792134][  T276] usb 2-1: config 10 interface 41 has no altsetting 0
[  188.800677][  T276] usb 2-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[  188.809871][  T276] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.817908][  T276] usb 2-1: Product: syz
[  188.822140][  T276] usb 2-1: Manufacturer: syz
[  188.826746][  T276] usb 2-1: SerialNumber: syz
[  189.033164][ T2713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.045397][ T2713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.053724][ T2713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.062385][ T2713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.069133][ T2718] rtc_cmos 00:00: Alarms can be up to one day in the future
[  189.070879][ T2713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.115341][ T2713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.124347][ T2713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.138503][ T2713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.147213][ T2713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.151266][ T2731] loop2: detected capacity change from 0 to 1024
[  189.157755][ T2713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.163067][ T2731] EXT4-fs: Ignoring removed oldalloc option
[  189.184174][ T2731] EXT4-fs: Ignoring removed bh option
[  189.200792][  T276] snd-usb-audio: probe of 2-1:10.41 failed with error -2
[  189.209231][ T2731] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  189.223764][  T276] usb 2-1: USB disconnect, device number 6
[  189.243750][ T2731] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  189.266059][ T2731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.619'.
[  189.326371][  T287] EXT4-fs (loop2): unmounting filesystem.
[  189.410265][ T2738] loop4: detected capacity change from 0 to 16
[  189.438022][  T359] udevd[359]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:10.41/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  189.447573][   T28] audit: type=1400 audit(1753659614.646:315): avc:  denied  { bind } for  pid=2739 comm="syz.2.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  189.473436][   T28] audit: type=1400 audit(1753659614.646:316): avc:  denied  { listen } for  pid=2739 comm="syz.2.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  189.493129][   T28] audit: type=1400 audit(1753659614.646:317): avc:  denied  { accept } for  pid=2739 comm="syz.2.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  189.513362][  T358] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  189.523035][   T28] audit: type=1400 audit(1753659614.726:318): avc:  denied  { create } for  pid=2729 comm="syz.4.618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  189.523384][ T2740] tmpfs: Bad value for 'nr_inodes'
[  189.639042][ T2744] loop2: detected capacity change from 0 to 512
[  189.646059][ T2744] EXT4-fs: Ignoring removed mblk_io_submit option
[  189.654617][ T2744] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  189.663578][ T2744] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.622: attempt to clear invalid blocks 2 len 1
[  189.676823][ T2744] EXT4-fs (loop2): Remounting filesystem read-only
[  189.683693][ T2744] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  189.698468][ T2744] EXT4-fs (loop2): Remounting filesystem read-only
[  189.705260][ T2744] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.622: invalid indirect mapped block 1819239214 (level 0)
[  189.719552][ T2744] EXT4-fs (loop2): Remounting filesystem read-only
[  189.726260][ T2744] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.622: invalid indirect mapped block 1819239214 (level 1)
[  189.740853][ T2744] EXT4-fs (loop2): Remounting filesystem read-only
[  189.741536][  T276] rtc_cmos 00:00: Alarms can be up to one day in the future
[  189.747728][ T2744] EXT4-fs (loop2): 1 truncate cleaned up
[  189.756527][  T276] rtc_cmos 00:00: Alarms can be up to one day in the future
[  189.760687][ T2744] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  189.771773][  T276] rtc_cmos 00:00: Alarms can be up to one day in the future
[  189.792116][  T276] rtc_cmos 00:00: Alarms can be up to one day in the future
[  189.799891][  T276] rtc rtc0: __rtc_set_alarm: err=-22
[  189.907546][ T2687] Bluetooth: hci0: command 0x080f tx timeout
[  189.907586][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  189.913690][ T2687] Bluetooth: hci0: sending frame failed (-49)
[  190.909451][  T287] EXT4-fs (loop2): unmounting filesystem.
[  190.971156][ T2763] loop1: detected capacity change from 0 to 512
[  190.978340][ T2763] EXT4-fs: Ignoring removed mblk_io_submit option
[  190.986672][ T2763] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  191.000440][ T2763] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.628: attempt to clear invalid blocks 2 len 1
[  191.013677][ T2763] EXT4-fs (loop1): Remounting filesystem read-only
[  191.020696][ T2763] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  191.042196][  T276] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  191.097726][ T2763] EXT4-fs (loop1): Remounting filesystem read-only
[  191.107883][ T2763] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.628: invalid indirect mapped block 1819239214 (level 0)
[  191.160689][ T2771] fuse: Unknown parameter 'fV'
[  191.374894][ T2763] EXT4-fs (loop1): Remounting filesystem read-only
[  191.420434][ T2763] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.628: invalid indirect mapped block 1819239214 (level 1)
[  191.447931][ T2778] device pim6reg1 entered promiscuous mode
[  191.450503][ T2763] EXT4-fs (loop1): Remounting filesystem read-only
[  191.461130][ T2763] EXT4-fs (loop1): 1 truncate cleaned up
[  191.466979][ T2763] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  191.557513][  T276] usb 5-1: Using ep0 maxpacket: 32
[  191.565254][  T276] usb 5-1: New USB device found, idVendor=19d2, idProduct=f2ac, bcdDevice=84.4f
[  191.574421][  T276] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.582530][  T276] usb 5-1: Product: syz
[  191.586735][  T276] usb 5-1: Manufacturer: syz
[  191.591550][  T276] usb 5-1: SerialNumber: syz
[  191.884838][  T276] usb 5-1: config 0 descriptor??
[  191.890885][  T276] usb 5-1: bad CDC descriptors
[  191.899659][  T284] EXT4-fs (loop1): unmounting filesystem.
[  191.927394][ T2782] loop1: detected capacity change from 0 to 512
[  191.978872][ T2782] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  192.017292][ T2788] loop5: detected capacity change from 0 to 512
[  192.026077][ T2782] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  192.068216][ T2788] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  192.083504][ T2788] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.488011][   T39] usb 5-1: USB disconnect, device number 13
[  193.498415][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  193.606601][  T284] EXT4-fs (loop1): unmounting filesystem.
[  193.919657][ T2810] netlink: 36 bytes leftover after parsing attributes in process `syz.0.638'.
[  194.250557][   T28] audit: type=1400 audit(1753659619.456:319): avc:  denied  { mount } for  pid=2806 comm="syz.1.640" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  194.251194][ T2809] incfs: Can't find or create .index dir in ./file0
[  194.272954][   T28] audit: type=1400 audit(1753659619.456:320): avc:  denied  { mounton } for  pid=2806 comm="syz.1.640" path="/128/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  194.279423][ T2809] incfs: mount failed -1
[  194.302351][   T28] audit: type=1400 audit(1753659619.456:321): avc:  denied  { search } for  pid=2806 comm="syz.1.640" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  195.045112][   T28] audit: type=1400 audit(1753659619.456:322): avc:  denied  { write } for  pid=2806 comm="syz.1.640" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  195.110089][ T2818] loop2: detected capacity change from 0 to 512
[  195.279072][ T2818] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  195.290278][ T2818] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  195.614222][   T28] audit: type=1400 audit(1753659620.806:323): avc:  denied  { unmount } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  195.749115][ T2839] loop5: detected capacity change from 0 to 512
[  195.869748][ T2839] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.648: casefold flag without casefold feature
[  195.883594][ T2839] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.648: couldn't read orphan inode 15 (err -117)
[  195.896429][ T2839] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  196.471516][ T2839] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #2: comm syz.5.648: directory missing '.'
[  196.619339][ T2839] netlink: 64 bytes leftover after parsing attributes in process `syz.5.648'.
[  196.789501][ T2848] loop4: detected capacity change from 0 to 512
[  196.797549][ T2852] loop1: detected capacity change from 0 to 1024
[  196.807433][ T2852] EXT4-fs: Ignoring removed oldalloc option
[  196.812960][ T2848] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  196.813446][ T2852] EXT4-fs: Ignoring removed bh option
[  196.833704][ T2852] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  196.847666][ T2848] ext4 filesystem being mounted at /135/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  196.869821][  T287] EXT4-fs (loop2): unmounting filesystem.
[  196.878420][ T2852] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  196.921925][ T2852] netlink: 4 bytes leftover after parsing attributes in process `syz.1.651'.
[  196.966921][ T2861] loop2: detected capacity change from 0 to 128
[  196.974437][ T2861] FAT-fs (loop2): Directory bread(block 162) failed
[  196.981550][ T2861] FAT-fs (loop2): Directory bread(block 163) failed
[  196.989868][ T2861] FAT-fs (loop2): Directory bread(block 164) failed
[  196.996542][ T2861] FAT-fs (loop2): Directory bread(block 165) failed
[  196.997061][  T284] EXT4-fs (loop1): unmounting filesystem.
[  197.004132][ T2861] FAT-fs (loop2): Directory bread(block 166) failed
[  197.016369][ T2861] FAT-fs (loop2): Directory bread(block 167) failed
[  197.023211][ T2861] FAT-fs (loop2): Directory bread(block 168) failed
[  197.030092][  T710] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  197.032904][ T2861] FAT-fs (loop2): Directory bread(block 169) failed
[  197.057291][ T2861] FAT-fs (loop2): Directory bread(block 162) failed
[  197.064377][ T2861] FAT-fs (loop2): Directory bread(block 163) failed
[  197.074675][ T2861] syz.2.652: attempt to access beyond end of device
[  197.074675][ T2861] loop2: rw=3, sector=226, nr_sectors = 6 limit=128
[  197.088171][ T2861] syz.2.652: attempt to access beyond end of device
[  197.088171][ T2861] loop2: rw=2051, sector=232, nr_sectors = 2 limit=128
[  197.140955][ T2861] syz.2.652: attempt to access beyond end of device
[  197.140955][ T2861] loop2: rw=3, sector=234, nr_sectors = 6 limit=128
[  197.154179][ T2861] syz.2.652: attempt to access beyond end of device
[  197.154179][ T2861] loop2: rw=2051, sector=240, nr_sectors = 2 limit=128
[  197.167525][ T1002] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  197.232005][ T2865] loop1: detected capacity change from 0 to 40427
[  197.240099][ T2865] F2FS-fs (loop1): invalid crc value
[  197.276092][  T710] usb 6-1: unable to get BOS descriptor or descriptor too short
[  197.284677][  T710] usb 6-1: not running at top speed; connect to a high speed hub
[  197.285530][ T2865] F2FS-fs (loop1): Found nat_bits in checkpoint
[  197.293513][  T710] usb 6-1: config 17 has an invalid interface number: 8 but max is 1
[  197.307962][  T710] usb 6-1: config 17 has 1 interface, different from the descriptor's value: 2
[  197.316969][  T710] usb 6-1: config 17 has no interface number 0
[  197.323579][  T710] usb 6-1: config 17 interface 8 has no altsetting 0
[  197.332011][  T710] usb 6-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  197.340078][ T2865] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  197.341424][  T710] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.356786][  T710] usb 6-1: Product: syz
[  197.361260][  T710] usb 6-1: Manufacturer: syz
[  197.366044][  T710] usb 6-1: SerialNumber: syz
[  197.588074][ T1002] usb 1-1: Using ep0 maxpacket: 32
[  197.610085][ T1002] usb 1-1: New USB device found, idVendor=19d2, idProduct=f2ac, bcdDevice=84.4f
[  197.619964][  T285] EXT4-fs (loop4): unmounting filesystem.
[  197.627033][  T710] usb 6-1: selecting invalid altsetting 0
[  197.639777][  T710] usb 6-1: USB disconnect, device number 7
[  197.650374][ T1002] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.675072][ T1002] usb 1-1: Product: syz
[  197.687783][ T1002] usb 1-1: Manufacturer: syz
[  197.700779][ T1002] usb 1-1: SerialNumber: syz
[  197.712782][ T1002] usb 1-1: config 0 descriptor??
[  197.799464][ T1002] usb 1-1: bad CDC descriptors
[  198.176735][ T2888] loop2: detected capacity change from 0 to 512
[  198.209919][  T284] syz-executor: attempt to access beyond end of device
[  198.209919][  T284] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  198.211253][ T2888] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  198.247573][ T2888] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  198.325297][  T541] usb 1-1: USB disconnect, device number 11
[  198.368796][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  198.541711][ T2898] netlink: 36 bytes leftover after parsing attributes in process `syz.1.660'.
[  200.123320][  T287] EXT4-fs (loop2): unmounting filesystem.
[  200.295760][ T2918] loop1: detected capacity change from 0 to 512
[  200.442764][   T28] audit: type=1400 audit(1753659625.646:324): avc:  denied  { write } for  pid=2917 comm="syz.0.668" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  200.478351][ T2918] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  200.523864][ T2918] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  201.277136][  T284] EXT4-fs (loop1): unmounting filesystem.
[  201.286835][ T2938] netlink: 12 bytes leftover after parsing attributes in process `syz.0.671'.
[  201.920376][ T2945] loop4: detected capacity change from 0 to 2048
[  202.419535][ T2932] loop2: detected capacity change from 0 to 40427
[  202.455013][ T2932] F2FS-fs (loop2): invalid crc value
[  202.533418][   T43] Bluetooth: hci0: Frame reassembly failed (-84)
[  202.726565][ T2932] F2FS-fs (loop2): Found nat_bits in checkpoint
[  202.934681][ T2932] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  203.962580][ T2967] loop5: detected capacity change from 0 to 512
[  203.970872][ T2967] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  204.311260][ T2967] EXT4-fs (loop5): orphan cleanup on readonly fs
[  204.550024][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  204.550074][ T2687] Bluetooth: hci0: command 0x1003 tx timeout
[  205.997433][ T2947] Bluetooth: hci0: Opcode 0x080f failed: -22
[  206.615381][ T2967] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.677: bg 0: block 248: padding at end of block bitmap is not set
[  206.637660][ T2967] Quota error (device loop5): write_blk: dquota write failed
[  206.645691][ T2967] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  206.655842][ T2967] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.677: Failed to acquire dquot type 1
[  206.671124][ T2967] EXT4-fs (loop5): 1 truncate cleaned up
[  206.691972][ T2967] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  208.187589][  T287] syz-executor: attempt to access beyond end of device
[  208.187589][  T287] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  208.260751][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  208.830842][ T2997] loop2: detected capacity change from 0 to 1024
[  208.839406][ T2997] EXT4-fs: Ignoring removed nobh option
[  208.845159][ T2997] EXT4-fs: Ignoring removed bh option
[  208.855229][ T2997] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  208.879779][ T2997] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  208.911268][   T28] audit: type=1400 audit(1753659634.116:325): avc:  denied  { read write } for  pid=2996 comm="syz.2.684" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  208.943754][   T28] audit: type=1400 audit(1753659634.136:326): avc:  denied  { open } for  pid=2996 comm="syz.2.684" path="/126/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  209.088359][ T3004] netlink: 36 bytes leftover after parsing attributes in process `syz.4.685'.
[  209.620294][   T28] audit: type=1326 audit(1753659634.816:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2996 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6898d8e9a9 code=0x7ffc0000
[  209.847649][ T3006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.686'.
[  209.866019][ T3014] loop1: detected capacity change from 0 to 512
[  209.882180][   T28] audit: type=1326 audit(1753659634.816:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2996 comm="syz.2.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6898d8e9a9 code=0x7ffc0000
[  209.917558][ T3014] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.688: casefold flag without casefold feature
[  209.930895][ T3014] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.688: couldn't read orphan inode 15 (err -117)
[  209.969827][ T3014] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  209.991730][ T3014] EXT4-fs warning (device loop1): ext4_empty_dir:3147: inode #2: comm syz.1.688: directory missing '.'
[  210.004544][ T3014] netlink: 64 bytes leftover after parsing attributes in process `syz.1.688'.
[  210.365148][ T3020] netlink: 12 bytes leftover after parsing attributes in process `syz.0.690'.
[  210.416310][  T287] EXT4-fs (loop2): unmounting filesystem.
[  210.797676][  T276] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  211.238502][  T283] Bluetooth: hci0: Frame reassembly failed (-84)
[  211.398928][  T276] usb 2-1: unable to get BOS descriptor or descriptor too short
[  211.415754][  T276] usb 2-1: not running at top speed; connect to a high speed hub
[  211.432609][ T3032] loop2: detected capacity change from 0 to 512
[  211.448481][  T276] usb 2-1: config 17 has an invalid interface number: 8 but max is 1
[  211.458030][ T3032] EXT4-fs: Ignoring removed mblk_io_submit option
[  211.477825][  T276] usb 2-1: config 17 has 1 interface, different from the descriptor's value: 2
[  211.495096][  T276] usb 2-1: config 17 has no interface number 0
[  211.495598][ T3032] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  211.502300][  T276] usb 2-1: config 17 interface 8 has no altsetting 0
[  211.522569][ T3032] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.691: attempt to clear invalid blocks 2 len 1
[  211.543103][ T3032] EXT4-fs (loop2): Remounting filesystem read-only
[  211.550806][  T276] usb 2-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  211.566550][ T3032] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  211.587889][  T276] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.602514][  T276] usb 2-1: Product: syz
[  211.607650][  T276] usb 2-1: Manufacturer: syz
[  211.614163][ T3032] EXT4-fs (loop2): Remounting filesystem read-only
[  211.621062][  T276] usb 2-1: SerialNumber: syz
[  211.625804][ T3032] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.691: invalid indirect mapped block 1819239214 (level 0)
[  211.663605][ T3032] EXT4-fs (loop2): Remounting filesystem read-only
[  211.679790][ T3032] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.691: invalid indirect mapped block 1819239214 (level 1)
[  211.695210][ T3032] EXT4-fs (loop2): Remounting filesystem read-only
[  211.702297][ T3032] EXT4-fs (loop2): 1 truncate cleaned up
[  211.708419][ T3032] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  211.868696][  T276] usb 2-1: selecting invalid altsetting 0
[  211.883355][  T276] usb 2-1: USB disconnect, device number 7
[  212.297567][    T6] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  212.330254][  T287] EXT4-fs (loop2): unmounting filesystem.
[  212.349588][ T3042] device pim6reg1 entered promiscuous mode
[  212.500249][    T6] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  212.511431][    T6] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  212.520529][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.529892][ T3038] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  212.834240][  T284] EXT4-fs (loop1): unmounting filesystem.
[  212.945582][    T6] aiptek 1-1:17.0: Aiptek using 400 ms programming speed
[  212.953339][    T6] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input26
[  212.965205][    C0] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  212.973599][    T6] usb 1-1: USB disconnect, device number 12
[  212.984516][ T3051] tipc: Started in network mode
[  212.989512][ T3051] tipc: Node identity e284e92dc482, cluster identity 4711
[  212.996816][ T3051] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  213.004253][ T3051] device syzkaller0 entered promiscuous mode
[  213.252474][   T28] audit: type=1400 audit(1753659638.456:329): avc:  denied  { getopt } for  pid=3052 comm="syz.2.700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  213.277550][ T2686] Bluetooth: hci0: command 0x1003 tx timeout
[  213.277723][ T2970] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  213.294938][ T3027] Bluetooth: hci0: Opcode 0x080f failed: -22
[  213.306730][ T3058] loop2: detected capacity change from 0 to 512
[  213.341082][ T3058] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  213.346983][ T3062] loop5: detected capacity change from 0 to 1024
[  213.350583][ T3058] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.364444][ T3062] EXT4-fs: Ignoring removed oldalloc option
[  213.373574][ T3062] EXT4-fs: Ignoring removed bh option
[  213.383755][ T3062] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  213.415098][ T3065] fuse: Bad value for 'fd'
[  213.441812][ T3062] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  213.481360][ T3062] netlink: 4 bytes leftover after parsing attributes in process `syz.5.702'.
[  214.240891][ T3049] tipc: Resetting bearer <eth:syzkaller0>
[  214.249342][ T3049] tipc: Disabling bearer <eth:syzkaller0>
[  214.256681][  T295] tipc: Node number set to 637987117
[  214.274557][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  214.704611][  T287] EXT4-fs (loop2): unmounting filesystem.
[  215.901099][ T3076] rtc_cmos 00:00: Alarms can be up to one day in the future
[  215.937552][    T6] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  216.060707][ T2971] Bluetooth: hci0: Frame reassembly failed (-84)
[  216.437364][    T6] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  216.451625][    T6] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  216.519793][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.552712][ T3104] fuse: Bad value for 'fd'
[  216.728797][    T6] usb 5-1: can't set config #17, error -71
[  216.860416][    T6] usb 5-1: USB disconnect, device number 14
[  216.868363][ T1002] rtc_cmos 00:00: Alarms can be up to one day in the future
[  216.876195][ T1002] rtc_cmos 00:00: Alarms can be up to one day in the future
[  216.883952][ T1002] rtc_cmos 00:00: Alarms can be up to one day in the future
[  216.924437][ T1002] rtc_cmos 00:00: Alarms can be up to one day in the future
[  216.933504][ T1002] rtc rtc0: __rtc_set_alarm: err=-22
[  217.131258][ T3110] loop5: detected capacity change from 0 to 512
[  217.138311][ T3110] EXT4-fs: Ignoring removed mblk_io_submit option
[  217.179414][ T3110] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  217.188144][ T3110] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.717: attempt to clear invalid blocks 2 len 1
[  217.201501][ T3110] EXT4-fs (loop5): Remounting filesystem read-only
[  217.208177][ T3110] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  217.223096][ T3110] EXT4-fs (loop5): Remounting filesystem read-only
[  217.229789][ T3110] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.717: invalid indirect mapped block 1819239214 (level 0)
[  217.240639][    T6] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  217.244400][ T3110] EXT4-fs (loop5): Remounting filesystem read-only
[  217.257879][ T3110] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.717: invalid indirect mapped block 1819239214 (level 1)
[  217.272089][ T3110] EXT4-fs (loop5): Remounting filesystem read-only
[  217.278977][ T3110] EXT4-fs (loop5): 1 truncate cleaned up
[  217.284652][ T3110] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  217.392231][ T3118] tipc: Started in network mode
[  217.397295][ T3118] tipc: Node identity e2f7a929218e, cluster identity 4711
[  217.404801][ T3118] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  217.618914][    T6] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 64
[  217.630502][    T6] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  217.916275][ T3107] tipc: Disabling bearer <eth:syzkaller0>
[  217.937094][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.946498][ T3106] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  218.031159][ T1348] EXT4-fs (loop5): unmounting filesystem.
[  218.050694][ T3126] loop5: detected capacity change from 0 to 512
[  218.067549][ T2687] Bluetooth: hci0: command 0x1003 tx timeout
[  218.073702][ T2970] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  218.078817][ T3126] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.722: casefold flag without casefold feature
[  218.093816][ T3126] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.722: couldn't read orphan inode 15 (err -117)
[  218.098646][ T3096] Bluetooth: hci0: Opcode 0x080f failed: -22
[  218.112297][ T3126] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  218.127751][ T3126] EXT4-fs warning (device loop5): ext4_empty_dir:3147: inode #2: comm syz.5.722: directory missing '.'
[  218.139678][ T3126] netlink: 64 bytes leftover after parsing attributes in process `syz.5.722'.
[  218.262551][ T3135] fuse: Bad value for 'fd'
[  218.625961][    T6] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  218.634135][    T6] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input27
[  218.646612][    T6] usb 5-1: USB disconnect, device number 15
[  218.652637][    C0] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  218.986429][  T336] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  219.067655][  T336] ==================================================================
[  219.075778][  T336] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480
[  219.082832][  T336] Write of size 8 at addr ffff888114958a00 by task kworker/0:3/336
[  219.090748][  T336] 
[  219.093079][  T336] CPU: 0 PID: 336 Comm: kworker/0:3 Not tainted 6.1.145-syzkaller-00015-g2ff414a09808 #0
[  219.102880][  T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  219.112938][  T336] Workqueue: usb_hub_wq hub_event
[  219.118075][  T336] Call Trace:
[  219.121375][  T336]  <TASK>
[  219.124303][  T336]  __dump_stack+0x21/0x24
[  219.128656][  T336]  dump_stack_lvl+0xee/0x150
[  219.133256][  T336]  ? __cfi_dump_stack_lvl+0x8/0x8
[  219.138292][  T336]  ? enqueue_timer+0xae/0x480
[  219.142977][  T336]  print_address_description+0x71/0x210
[  219.148532][  T336]  print_report+0x4a/0x60
[  219.152866][  T336]  kasan_report+0x122/0x150
[  219.157367][  T336]  ? enqueue_timer+0xae/0x480
[  219.162048][  T336]  __asan_report_store8_noabort+0x17/0x20
[  219.167778][  T336]  enqueue_timer+0xae/0x480
[  219.172288][  T336]  __mod_timer+0x79f/0xb30
[  219.176706][  T336]  schedule_timeout+0x127/0x2e0
[  219.181563][  T336]  ? __cfi_schedule_timeout+0x10/0x10
[  219.186939][  T336]  ? __cfi_process_timeout+0x10/0x10
[  219.192230][  T336]  ? __cfi__raw_spin_lock+0x10/0x10
[  219.197433][  T336]  ? _raw_spin_lock+0x8e/0xe0
[  219.202141][  T336]  wait_for_common+0x354/0x620
[  219.206907][  T336]  ? usb_hcd_giveback_urb+0x351/0x410
[  219.212813][  T336]  ? wait_for_completion+0x20/0x20
[  219.217938][  T336]  ? usb_submit_urb+0x122d/0x1900
[  219.222967][  T336]  wait_for_completion_timeout+0xe/0x10
[  219.228514][  T336]  usb_start_wait_urb+0x166/0x2f0
[  219.233542][  T336]  ? usb_api_blocking_completion+0xb0/0xb0
[  219.239355][  T336]  ? usb_alloc_urb+0x44/0x140
[  219.244034][  T336]  ? __kasan_check_write+0x14/0x20
[  219.249150][  T336]  usb_control_msg+0x241/0x3f0
[  219.253920][  T336]  hub_ext_port_status+0x100/0x6b0
[  219.259052][  T336]  hub_port_reset+0x652/0x16e0
[  219.263831][  T336]  hub_port_init+0x988/0x2880
[  219.268515][  T336]  ? __kasan_check_write+0x14/0x20
[  219.273808][  T336]  hub_event+0x2643/0x4680
[  219.278243][  T336]  ? __cfi_hub_event+0x10/0x10
[  219.283037][  T336]  ? __kasan_check_write+0x14/0x20
[  219.288159][  T336]  ? _raw_spin_lock_irq+0x8f/0xe0
[  219.293194][  T336]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  219.298745][  T336]  ? wg_packet_tx_worker+0x4d1/0x4e0
[  219.304039][  T336]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[  219.309420][  T336]  process_one_work+0x71f/0xc40
[  219.314272][  T336]  worker_thread+0xa29/0x11f0
[  219.318970][  T336]  kthread+0x281/0x320
[  219.323041][  T336]  ? __cfi_worker_thread+0x10/0x10
[  219.328149][  T336]  ? __cfi_kthread+0x10/0x10
[  219.332740][  T336]  ret_from_fork+0x1f/0x30
[  219.337168][  T336]  </TASK>
[  219.340182][  T336] 
[  219.342511][  T336] Allocated by task 3096:
[  219.346852][  T336]  kasan_set_track+0x4b/0x70
[  219.351444][  T336]  kasan_save_alloc_info+0x25/0x30
[  219.356555][  T336]  __kasan_kmalloc+0x95/0xb0
[  219.361142][  T336]  __kmalloc+0xb1/0x1e0
[  219.365299][  T336]  hci_alloc_dev_priv+0x27/0x1bd0
[  219.370322][  T336]  hci_uart_tty_ioctl+0x3d6/0xa20
[  219.375346][  T336]  tty_ioctl+0x8ef/0xc60
[  219.379589][  T336]  __se_sys_ioctl+0x12f/0x1b0
[  219.384276][  T336]  __x64_sys_ioctl+0x7b/0x90
[  219.388870][  T336]  x64_sys_call+0x58b/0x9a0
[  219.393381][  T336]  do_syscall_64+0x4c/0xa0
[  219.397803][  T336]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  219.403692][  T336] 
[  219.406009][  T336] Freed by task 3096:
[  219.410014][  T336]  kasan_set_track+0x4b/0x70
[  219.414624][  T336]  kasan_save_free_info+0x31/0x50
[  219.419650][  T336]  ____kasan_slab_free+0x132/0x180
[  219.424762][  T336]  __kasan_slab_free+0x11/0x20
[  219.429525][  T336]  slab_free_freelist_hook+0xc2/0x190
[  219.434896][  T336]  __kmem_cache_free+0xb7/0x1b0
[  219.439749][  T336]  kfree+0x6f/0xf0
[  219.443472][  T336]  hci_release_dev+0x12a3/0x13b0
[  219.448405][  T336]  bt_host_release+0x82/0x90
[  219.452994][  T336]  device_release+0xa4/0x1d0
[  219.457583][  T336]  kobject_put+0x19d/0x280
[  219.461996][  T336]  put_device+0x1f/0x30
[  219.466168][  T336]  hci_dev_cmd+0x265/0x720
[  219.470676][  T336]  hci_sock_ioctl+0x41e/0x7f0
[  219.475349][  T336]  sock_do_ioctl+0x101/0x310
[  219.479957][  T336]  sock_ioctl+0x4d8/0x6e0
[  219.484286][  T336]  __se_sys_ioctl+0x12f/0x1b0
[  219.488967][  T336]  __x64_sys_ioctl+0x7b/0x90
[  219.493562][  T336]  x64_sys_call+0x58b/0x9a0
[  219.498067][  T336]  do_syscall_64+0x4c/0xa0
[  219.502491][  T336]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  219.508383][  T336] 
[  219.510705][  T336] Last potentially related work creation:
[  219.516412][  T336]  kasan_save_stack+0x3a/0x60
[  219.521088][  T336]  __kasan_record_aux_stack+0xb6/0xc0
[  219.526459][  T336]  kasan_record_aux_stack_noalloc+0xb/0x10
[  219.532266][  T336]  insert_work+0x51/0x300
[  219.536622][  T336]  __queue_work+0x9b1/0xd30
[  219.541131][  T336]  queue_work_on+0xd2/0x140
[  219.545636][  T336]  __hci_cmd_sync_sk+0xa3e/0xcf0
[  219.550570][  T336]  hci_cmd_sync_status+0x53/0x120
[  219.555592][  T336]  hci_dev_cmd+0x628/0x720
[  219.560034][  T336]  hci_sock_ioctl+0x41e/0x7f0
[  219.564712][  T336]  sock_do_ioctl+0x101/0x310
[  219.569303][  T336]  sock_ioctl+0x4d8/0x6e0
[  219.573632][  T336]  __se_sys_ioctl+0x12f/0x1b0
[  219.578311][  T336]  __x64_sys_ioctl+0x7b/0x90
[  219.582904][  T336]  x64_sys_call+0x58b/0x9a0
[  219.587430][  T336]  do_syscall_64+0x4c/0xa0
[  219.591853][  T336]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  219.597742][  T336] 
[  219.600063][  T336] Second to last potentially related work creation:
[  219.606638][  T336]  kasan_save_stack+0x3a/0x60
[  219.611316][  T336]  __kasan_record_aux_stack+0xb6/0xc0
[  219.616691][  T336]  kasan_record_aux_stack_noalloc+0xb/0x10
[  219.622498][  T336]  insert_work+0x51/0x300
[  219.626831][  T336]  __queue_work+0x9b1/0xd30
[  219.631334][  T336]  queue_work_on+0xd2/0x140
[  219.635845][  T336]  hci_cmd_timeout+0x191/0x200
[  219.640607][  T336]  process_one_work+0x71f/0xc40
[  219.645457][  T336]  worker_thread+0xa29/0x11f0
[  219.650136][  T336]  kthread+0x281/0x320
[  219.654204][  T336]  ret_from_fork+0x1f/0x30
[  219.658649][  T336] 
[  219.660966][  T336] The buggy address belongs to the object at ffff888114958000
[  219.660966][  T336]  which belongs to the cache kmalloc-8k of size 8192
[  219.675038][  T336] The buggy address is located 2560 bytes inside of
[  219.675038][  T336]  8192-byte region [ffff888114958000, ffff88811495a000)
[  219.688491][  T336] 
[  219.690813][  T336] The buggy address belongs to the physical page:
[  219.697224][  T336] page:ffffea0004525600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114958
[  219.707467][  T336] head:ffffea0004525600 order:3 compound_mapcount:0 compound_pincount:0
[  219.715794][  T336] flags: 0x4000000000010200(slab|head|zone=1)
[  219.721874][  T336] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[  219.730458][  T336] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  219.739139][  T336] page dumped because: kasan: bad access detected
[  219.745639][  T336] page_owner tracks the page as allocated
[  219.751344][  T336] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3096, tgid 3095 (syz.1.713), ts 216058602465, free_ts 214689843657
[  219.774011][  T336]  post_alloc_hook+0x1f5/0x210
[  219.778780][  T336]  prep_new_page+0x1c/0x110
[  219.783282][  T336]  get_page_from_freelist+0x2c7b/0x2cf0
[  219.788838][  T336]  __alloc_pages+0x19e/0x3a0
[  219.793428][  T336]  alloc_slab_page+0x6e/0xf0
[  219.798107][  T336]  new_slab+0x98/0x3d0
[  219.802185][  T336]  ___slab_alloc+0x6f6/0xb50
[  219.806780][  T336]  __slab_alloc+0x5e/0xa0
[  219.811109][  T336]  __kmem_cache_alloc_node+0x203/0x2c0
[  219.816575][  T336]  __kmalloc+0xa1/0x1e0
[  219.820735][  T336]  hci_alloc_dev_priv+0x27/0x1bd0
[  219.825757][  T336]  hci_uart_tty_ioctl+0x3d6/0xa20
[  219.830778][  T336]  tty_ioctl+0x8ef/0xc60
[  219.835017][  T336]  __se_sys_ioctl+0x12f/0x1b0
[  219.839698][  T336]  __x64_sys_ioctl+0x7b/0x90
[  219.844292][  T336]  x64_sys_call+0x58b/0x9a0
[  219.848802][  T336] page last free stack trace:
[  219.853464][  T336]  free_unref_page_prepare+0x742/0x750
[  219.858927][  T336]  free_unref_page+0x8f/0x530
[  219.863603][  T336]  __free_pages+0x67/0x100
[  219.868013][  T336]  __free_slab+0xca/0x1a0
[  219.872426][  T336]  __unfreeze_partials+0x160/0x190
[  219.877539][  T336]  put_cpu_partial+0xa9/0x100
[  219.882220][  T336]  __slab_free+0x1c4/0x280
[  219.886634][  T336]  ___cache_free+0xbf/0xd0
[  219.891079][  T336]  qlist_free_all+0xc6/0x140
[  219.895672][  T336]  kasan_quarantine_reduce+0x14a/0x170
[  219.901159][  T336]  __kasan_slab_alloc+0x24/0x80
[  219.906007][  T336]  slab_post_alloc_hook+0x4f/0x2d0
[  219.911117][  T336]  kmem_cache_alloc+0x16e/0x330
[  219.915962][  T336]  jbd2__journal_start+0x13d/0x6e0
[  219.921071][  T336]  __ext4_journal_start_sb+0x242/0x4a0
[  219.926535][  T336]  ext4_dirty_inode+0x8f/0x100
[  219.931303][  T336] 
[  219.933624][  T336] Memory state around the buggy address:
[  219.939244][  T336]  ffff888114958900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.947310][  T336]  ffff888114958980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.955370][  T336] >ffff888114958a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.963423][  T336]                    ^
[  219.967485][  T336]  ffff888114958a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.975547][  T336]  ffff888114958b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  219.983600][  T336] ==================================================================
[  219.991654][  T336] Disabling lock debugging due to kernel taint
[  220.013939][   T28] audit: type=1400 audit(1753659645.216:330): avc:  denied  { read } for  pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  220.038486][   T28] audit: type=1400 audit(1753659645.236:331): avc:  denied  { search } for  pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  220.147545][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  220.159318][    C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  220.167262][   T28] audit: type=1400 audit(1753659645.236:332): avc:  denied  { write } for  pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  220.167744][    C0] CPU: 0 PID: 3151 Comm: syz.4.729 Tainted: G    B              6.1.145-syzkaller-00015-g2ff414a09808 #0
[  220.167769][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  220.167795][    C0] RIP: 0010:__queue_work+0x575/0xd30
[  220.212658][   T28] audit: type=1400 audit(1753659645.236:333): avc:  denied  { add_name } for  pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  220.215516][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 d3 28 00 4c 89 ff e8 d0 29 a9 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 7c 2f 6d 00 49 8b 7d 00 e8 b3 25
[  220.215540][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[  220.261699][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881087d8000
[  220.269677][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  220.277654][    C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007
[  220.285633][    C0] R10: ffffed102292b139 R11: 1ffff1102292b139 R12: dffffc0000000000
[  220.293614][    C0] R13: 0000000000000000 R14: ffff8881149589c8 R15: 0000000000000008
[  220.301591][    C0] FS:  00007fa21dbd56c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  220.310530][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  220.317121][    C0] CR2: 00007fa21dbd4f98 CR3: 0000000112bc9000 CR4: 00000000003526b0
[  220.325103][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  220.333083][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  220.341069][    C0] Call Trace:
[  220.344372][    C0]  <IRQ>
[  220.347225][    C0]  delayed_work_timer_fn+0x61/0x80
[  220.352353][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  220.358168][    C0]  call_timer_fn+0x46/0x2a0
[  220.362685][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  220.368502][    C0]  __run_timers+0x667/0x9a0
[  220.373024][    C0]  ? calc_index+0x200/0x200
[  220.377537][    C0]  ? kvm_sched_clock_read+0x18/0x40
[  220.382751][    C0]  run_timer_softirq+0x6a/0xf0
[  220.387526][    C0]  handle_softirqs+0x1d7/0x600
[  220.392297][    C0]  ? irqtime_account_irq+0xc4/0x240
[  220.397513][    C0]  __irq_exit_rcu+0x52/0xf0
[  220.402027][    C0]  irq_exit_rcu+0x9/0x10
[  220.406280][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  220.411929][    C0]  </IRQ>
[  220.414864][    C0]  <TASK>
[  220.417799][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  220.423810][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x55/0x80
[  220.430244][    C0] Code: 00 d5 ed 86 e8 1c 05 c4 fc 4c 89 f7 48 83 3d 71 7f fd 01 00 74 30 e8 1e 0d 00 00 90 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> c6 46 5b fc 65 8b 05 17 18 12 7b 85 c0 74 05 5b 41 5e 5d c3 e8
[  220.449900][    C0] RSP: 0018:ffffc90013e775a0 EFLAGS: 00000206
[  220.455978][    C0] RAX: 0000000000000001 RBX: 0000000000000a06 RCX: dffffc0000000000
[  220.463956][    C0] RDX: ffffc9000344f698 RSI: 0000000000000a06 RDI: 0000000000000001
[  220.471938][    C0] RBP: ffffc90013e775b0 R08: dffffc0000000000 R09: ffffed1020f4c289
[  220.479917][    C0] R10: ffffed1020f4c289 R11: 1ffff11020f4c288 R12: ffff888132b90400
[  220.487922][    C0] R13: 0000000000000010 R14: 0000000000000001 R15: 0000000000000000
[  220.495904][    C0]  __wake_up_sync_key+0x166/0x280
[  220.500944][    C0]  ? __cfi___wake_up_sync_key+0x10/0x10
[  220.506511][    C0]  ? __skb_try_recv_datagram+0x3da/0x4d0
[  220.512166][    C0]  ? __cfi_sk_busy_loop_end+0x10/0x10
[  220.517552][    C0]  __unix_dgram_recvmsg+0x496/0xd70
[  220.522759][    C0]  ? __cfi___unix_dgram_recvmsg+0x10/0x10
[  220.528510][    C0]  ? exc_page_fault+0x51/0xb0
[  220.533199][    C0]  ? page_ext_put+0x1c/0x30
[  220.537716][    C0]  unix_dgram_recvmsg+0xc7/0xe0
[  220.542577][    C0]  ? __cfi_unix_dgram_recvmsg+0x10/0x10
[  220.548133][    C0]  ____sys_recvmsg+0x2a0/0x590
[  220.552904][    C0]  ? __sys_recvmsg_sock+0x50/0x50
[  220.557946][    C0]  ? import_iovec+0x7c/0xb0
[  220.562589][    C0]  ___sys_recvmsg+0x1b2/0x510
[  220.567303][    C0]  ? __sys_recvmsg+0x270/0x270
[  220.572097][    C0]  ? cgroup_rstat_updated+0xf5/0x370
[  220.577394][    C0]  ? __fget_files+0x2d5/0x330
[  220.582093][    C0]  ? __fdget+0x19c/0x220
[  220.586347][    C0]  ? do_recvmmsg+0x176/0x7a0
[  220.590940][    C0]  do_recvmmsg+0x359/0x7a0
[  220.595381][    C0]  ? __sys_recvmmsg+0x280/0x280
[  220.600249][    C0]  __x64_sys_recvmmsg+0x18d/0x240
[  220.605292][    C0]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  220.610849][    C0]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  220.616929][    C0]  x64_sys_call+0x3e7/0x9a0
[  220.621440][    C0]  do_syscall_64+0x4c/0xa0
[  220.625890][    C0]  ? clear_bhb_loop+0x30/0x80
[  220.630577][    C0]  ? clear_bhb_loop+0x30/0x80
[  220.635261][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  220.641162][    C0] RIP: 0033:0x7fa21cd8e9a9
[  220.645605][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.665218][    C0] RSP: 002b:00007fa21dbd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  220.673651][    C0] RAX: ffffffffffffffda RBX: 00007fa21cfb6080 RCX: 00007fa21cd8e9a9
[  220.681627][    C0] RDX: 03fffffffffffeda RSI: 00002000000000c0 RDI: 0000000000000007
[  220.689610][    C0] RBP: 00007fa21ce10d69 R08: 0000000000000000 R09: 0000000000000000
[  220.697593][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  220.705656][    C0] R13: 0000000000000001 R14: 00007fa21cfb6080 R15: 00007ffd11c1a9b8
[  220.713664][    C0]  </TASK>
[  220.716699][    C0] Modules linked in:
[  220.720615][    C0] ---[ end trace 0000000000000000 ]---
[  220.726069][    C0] RIP: 0010:__queue_work+0x575/0xd30
[  220.731368][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 d3 28 00 4c 89 ff e8 d0 29 a9 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 7c 2f 6d 00 49 8b 7d 00 e8 b3 25
[  220.750979][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[  220.757066][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881087d8000
[  220.765059][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  220.773045][    C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007
[  220.781021][    C0] R10: ffffed102292b139 R11: 1ffff1102292b139 R12: dffffc0000000000
[  220.789005][    C0] R13: 0000000000000000 R14: ffff8881149589c8 R15: 0000000000000008
[  220.796985][    C0] FS:  00007fa21dbd56c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  220.805919][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  220.812588][    C0] CR2: 00007fa21dbd4f98 CR3: 0000000112bc9000 CR4: 00000000003526b0
[  220.820598][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  220.828585][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  220.836587][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  220.844067][    C0] Kernel Offset: disabled
[  220.848394][    C0] Rebooting in 86400 seconds..