last executing test programs:

3m31.865906748s ago: executing program 2 (id=7095):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00'})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
listen(r1, 0xcf5a)
landlock_restrict_self(0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x87)
connect$inet6(r2, &(0x7f0000000500)={0xa, 0xfffd, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, 0x0, 0x8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000440), 0x1000a)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
sendfile(r2, r3, &(0x7f0000000000)=0x4, 0xffff)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)

3m30.874790765s ago: executing program 2 (id=7100):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_key={0x2, 0x9, 0x8, 0x0, "1c"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, 0x60}, 0x1, 0x7}, 0x0)

3m30.454621912s ago: executing program 2 (id=7103):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x402)
pselect6(0x40, &(0x7f0000000180)={0x6, 0x0, 0x1fd, 0x7d, 0xfffffffffffffffd, 0x11f, 0x104, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xae07, 0x9, 0x4, 0x12, 0x80000006, 0x6}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3m28.526384679s ago: executing program 2 (id=7108):
socket$inet(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x600, 0x1000000})

3m25.562704043s ago: executing program 2 (id=7115):
io_setup(0x4, &(0x7f00000014c0))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r2, 0x84, 0x81, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x32}, 0x28)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(r2, &(0x7f00000002c0), 0x0, 0x400c0d4, 0x0, 0x0)
close(r2)
ioctl$SNDCTL_SEQ_OUTOFBAND(r1, 0x40085112, &(0x7f0000000040)=@e={0xff, 0x9, 0x0, 0x3, @SEQ_NOTEON=@note=0x7e, 0xa, 0x7f, 0x2})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000100)={0x24, 0x0, 0x1, 0x70bd26, 0x0, {{0x2}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x999}]]}, 0x24}, 0x1, 0x0, 0x0, 0x4020000}, 0x800)
sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x8000)
syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00')
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)

3m24.471534868s ago: executing program 2 (id=7119):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40046f41, &(0x7f0000000440)=0x10)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64, @ANYRES8=r1], &(0x7f0000000000)='GPL\x00', 0x2, 0xb1, &(0x7f0000000140)=""/177, 0x41000, 0xaa}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0x200000fff, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$qrtrtun(0xffffff9c, &(0x7f00000000c0), 0x4102)

3m9.34495562s ago: executing program 32 (id=7119):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40046f41, &(0x7f0000000440)=0x10)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64, @ANYRES8=r1], &(0x7f0000000000)='GPL\x00', 0x2, 0xb1, &(0x7f0000000140)=""/177, 0x41000, 0xaa}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0x200000fff, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$qrtrtun(0xffffff9c, &(0x7f00000000c0), 0x4102)

2m55.055968507s ago: executing program 5 (id=7192):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x7, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ptrace$PTRACE_SETSIGMASK(0x420b, r0, 0x8, &(0x7f0000000340)={[0x4]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, 0x1c)
listen(r3, 0xffff7ffc)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
socket$netlink(0x10, 0x3, 0x4)
syz_io_uring_setup(0x370d, &(0x7f0000000680)={0x0, 0xfffffff6, 0x4000, 0x2, 0x2cf}, 0x0, &(0x7f0000000000), &(0x7f00000003c0))
lseek(0xffffffffffffffff, 0x2004, 0x0)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, &(0x7f0000000280)={0x2, &(0x7f0000000380)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @local}]})
r4 = gettid()
timer_create(0x0, &(0x7f0000000400)={0x0, 0x25, 0x4, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
r5 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(0x0, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x430})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000800000/0x800000)=nil, &(0x7f000022a000/0x4000)=nil, 0x800000})

2m52.667444991s ago: executing program 5 (id=7199):
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_netprio_ifpriomap(r0, 0x0, 0x2, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
write$UHID_INPUT(r1, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f360068090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000400000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617679314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec230911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918c91243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac5a4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4b333bd5bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3be3b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ce0700c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d486046b2c0e2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29c60acebdbe8ddbd75c2f998d8a57f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95ff80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513007000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d946a2daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810300000000000000a12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf000000800000000007b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae0e797e8bd1f4108b7807fb36207685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ad50dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b9048017848416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1db44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de9c0587c2cb5fe36d7d3e5db21b013b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cf4b23329072e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06810002000000000000957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f3e90d5943dbc10360a1a49700d1dfbf66d69f6fbafe1e83cdde8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000100", 0x35e}}, 0x1006)
socket$unix(0x1, 0x5, 0x0)
r2 = gettid()
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x1)
timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x22581)
capset(&(0x7f0000000040)={0x20071026}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
ioctl$CEC_RECEIVE(r4, 0xc0386106, &(0x7f0000000000)={0x4, 0xb, 0x80005, 0xfffffffe, 0x8, 0x16, "260000000000000754439400", 0xc, 0x0, 0x5, 0x2, 0x0, 0x0, 0x9e})
setrlimit(0xf, &(0x7f0000000000))
socket$inet(0x2, 0x4, 0x1)
openat$cgroup_root(0xffffff9c, 0x0, 0x200002, 0x0)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x3, 0x0, 0x5, "750538440ff92fe2aaf1beea7cdcc151042cd9893bc31f80716a120d8be6d7f81cd81ec275000386e7255f0669b740a5418d69d00000d51de08a00ee1d9a34", 0x400000011}, 0x60)

2m50.786337897s ago: executing program 5 (id=7201):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x40000)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
r2 = memfd_create(&(0x7f0000001780)='[\vx\'\xa5)\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\x01\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xc7\x91%||\xa0\x8ez\xadT\xc0\f\xe5\x89\xbf3:\x99\x1e\xbd`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x9d\x83\xcd\b\xd1\x02R\x9b7\xaf\xb7o\x01\xf9\x15\xb8KB\x04\x06\xa5\xea\x0ft\xbb\x1er\x14\xdb\xd1\xcd\xfd\x00'/146, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x6a040000)
syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
r6 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r6, &(0x7f0000001e80)=""/96, 0x60)
ioctl$FITHAW(r2, 0xc0045878)
sendmsg$NFC_CMD_FW_DOWNLOAD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r1, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '&'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008c81}, 0x4044)
add_key(&(0x7f0000000080)='cifs.idmap\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)

2m37.002345148s ago: executing program 5 (id=7240):
r0 = syz_open_dev$dri(&(0x7f0000000840), 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000440)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4040850)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_ublk_setup_io_uring(0x50c9, &(0x7f0000000340)={0x0, 0x0, 0x4808, 0x40002, 0x1e5}, 0x0, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_ublk_add_dev(r3, 0x0, r4, r5, 0x0, 0x0)
syz_ublk_setup_io_uring(0x20, 0x0, 0x0, &(0x7f0000000040), 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
ioctl$SOUND_MIXER_READ_RECMASK(0xffffffffffffffff, 0x80044dfd, &(0x7f00000000c0))
r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000100)={0x20004, <r7=>r1, 0x2})
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x100000000)
ioctl$BINDER_GET_EXTENDED_ERROR(r7, 0xc00c6211, &(0x7f0000000080))
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
r8 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f0000000580)={0x0, 0x0, 0x0, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r8, 0xc01864b0, &(0x7f0000000080)={0x0, r9, 0x1, 0x0, 0x3})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r7, 0xc01864b1, &(0x7f00000003c0)={r9, 0x1, 0x7, 0x1, &(0x7f0000000200)=[{0xcb90, 0x7, 0x1ff, 0xaa}]})

2m35.340874264s ago: executing program 5 (id=7244):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = semget$private(0x0, 0x4000000009, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r2, 0x560e, &(0x7f0000000000))
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000180)={0x2, 0x3, 0x40})
ioctl$TIOCSWINSZ(r2, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x6})
semop(r1, 0x0, 0x0)
semctl$IPC_RMID(r1, 0x0, 0x0)
pipe(&(0x7f0000002680))
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x4f, &(0x7f00000002c0)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x4000087, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x14, r4, 0x1, 0x70bd2b, 0x25dfdbff, {0x1a}}, 0x14}, 0x1, 0x0, 0x0, 0x8081}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)

2m32.772903018s ago: executing program 5 (id=7251):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x40000)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
r2 = memfd_create(&(0x7f0000001780)='[\vx\'\xa5)\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\x01\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xc7\x91%||\xa0\x8ez\xadT\xc0\f\xe5\x89\xbf3:\x99\x1e\xbd`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x9d\x83\xcd\b\xd1\x02R\x9b7\xaf\xb7o\x01\xf9\x15\xb8KB\x04\x06\xa5\xea\x0ft\xbb\x1er\x14\xdb\xd1\xcd\xfd\x00'/146, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x6a040000)
syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
r6 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r6, &(0x7f0000001e80)=""/96, 0x60)
ioctl$FITHAW(r2, 0xc0045878)
sendmsg$NFC_CMD_FW_DOWNLOAD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r1, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '&'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008c81}, 0x4044)
add_key(&(0x7f0000000080)='cifs.idmap\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)

2m17.16045558s ago: executing program 33 (id=7251):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x40000)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
r2 = memfd_create(&(0x7f0000001780)='[\vx\'\xa5)\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\x01\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xc7\x91%||\xa0\x8ez\xadT\xc0\f\xe5\x89\xbf3:\x99\x1e\xbd`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x9d\x83\xcd\b\xd1\x02R\x9b7\xaf\xb7o\x01\xf9\x15\xb8KB\x04\x06\xa5\xea\x0ft\xbb\x1er\x14\xdb\xd1\xcd\xfd\x00'/146, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x6a040000)
syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
r6 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r6, &(0x7f0000001e80)=""/96, 0x60)
ioctl$FITHAW(r2, 0xc0045878)
sendmsg$NFC_CMD_FW_DOWNLOAD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r1, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '&'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008c81}, 0x4044)
add_key(&(0x7f0000000080)='cifs.idmap\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)

1m3.462229746s ago: executing program 3 (id=7495):
lsetxattr$security_capability(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000100), &(0x7f0000000140)=@v2={0x2000000, [{0x4, 0x3}, {0x4, 0x4}]}, 0x14, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
close_range(r3, 0xffffffffffffffff, 0x0)
socket$unix(0x1, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee0000000000000000020000", 0x56}], 0x1)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick=0x15, {0x40, 0xff}, {0x10, 0x9}, @connect={{0x8}, {0xec, 0x5}}}], 0x1c)
write$sndseq(r5, &(0x7f00000005c0)=[{0x3, 0x4, 0x5, 0x1, @time={0x6, 0x9}, {0x1, 0x10}, {0x4, 0x10}, @raw32={[0x4, 0x1, 0x81]}}, {0x2, 0x7, 0x7f, 0x1, @time={0x40, 0xe69}, {0xe}, {0x7, 0x9}, @ext={0x0, 0x0}}, {0x5, 0x6a, 0xf7, 0x2, @time={0xb, 0x5d}, {0x9e, 0x66}, {0x52, 0x5}, @result={0xb4c, 0x1000}}, {0x3, 0x5, 0x7f, 0x0, @tick=0x6, {0x1, 0x2}, {0x9, 0x81}, @connect={{0x62, 0x83}, {0x1, 0x40}}}], 0x70)
read$FUSE(r5, 0x0, 0x0)

1m2.448367092s ago: executing program 3 (id=7498):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
syz_io_uring_setup(0x370a, 0x0, &(0x7f00000004c0), &(0x7f0000000000), &(0x7f0000000000))
r3 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
lseek(r3, 0x2004, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000400)={0x0, 0x25, 0x4, @tid=r4}, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x430})

1m0.416302274s ago: executing program 3 (id=7501):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0)
readv(r1, &(0x7f0000000040)=[{0x0}], 0x1)

1m0.013368132s ago: executing program 3 (id=7504):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f00000002c0)={'ip6_vti0\x00', 0x0, 0x4, 0x6, 0x7, 0x9, 0x54, @private1, @local, 0x40, 0x7808, 0x400, 0x5}})
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c756e695f786c6174653d312c757466383d312c757466383d312c646973636172642c757466383d302c756e695f786c6174653d302c666c7573682c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c646f733178666c6f7070792c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c757466382c0014697a7960fb374b723f64329787434c6c9f891d2e309efaf1d4e529e1ba0f697fedffb095592bc19d5a8f8141ee9bf46262f3a2b1452bf206c0e2ae8a465e6e1be6eeb5d588035a24458d476fc1f9a234cdc4ba352a4185614ce67df4870bff796357ee95fffb99cde9"], 0x1, 0x2bc, &(0x7f00000015c0)="$eJzs3U9rY1UUAPDz0uQ1QxftwpUIvsUs3Fims3VhBqkgdqVk4R/QwZmBoQkDDQRGxTArP4ELF34Pd+4FN34DwYVLdw5SuPLeS5NMkkmmHdMO5ffb9HLuOe/em3fbFMK7+fKN/vG9R4MHT779I9rtLBqd6MTTLPaiEWfSWAAA18LTlOLvC72/NxubmhMAsFkz7/+t56RsL4be3fS0AIAN+viTTz+8c3R0+FFRtCP63w+7WdQ/6/47D+Jh9OJ+3IrdOJ1+FpBS3X7/g6PDaBalvbjZHw27ZWX/i98mqXlU9QexG3vL6w+K2kz9aNis/vPIsoiHnXIit2M3XluoL/sPby+pj24eb7XHiyzH34/d+P2reBS9uFd9pjEd/7s8ivfSD/9881mZXNZno2F3u8qbSluXfW8AAAAAAAAAAAAAAAAAAAAAALi+9ouJvbjZL0P1+TvdrdOqf/+Z/up8nUbVX9dnEXnVmDsfaJTip7PzdW4VRZGyOn9yvs+NZrzejOaVLRwAAAAAAAAAAAAAAAAAAABeIYPHXx/f7fXun/wvjfFD/pPH+i96nc5M5M1Ynbx9rrFia5xeznU+5+DXz/uTSLmIi0x+2CoiVs25tRC5Uc5n/ZX/TSmlLIt4udvUepGx1jR2VueUL/AvP+68fXw3W/cats9u3M+zXXmcDB7P3dPIVg96+kwknWv75Sty8vGOeaHr7LzkL9E7f9aDjSPZmlW0ZiKtcSOet/3a59rPl/c3CAAAAAAAAAAAAAAAAAAAqE0f+l3S+WRlaWNjkwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACASzb9/v9pIxYic41R/FUVL89JKY0mkTxOBle9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6//wIAAP//qWdtxQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='configfs\x00', 0x16, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x2fe, 0x400, 0xe0, 0xfffffff9, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x4c842, 0x24)
truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd)
sendfile(r3, r3, 0x0, 0xe3aa6ea)

57.20808097s ago: executing program 3 (id=7510):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000300)={0x11, 0x63dcbf62d8600606, r2, 0x1, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}}, 0x14)
bind$packet(r1, &(0x7f0000000040)={0x11, 0x4, r2}, 0x14)
syz_emit_ethernet(0x1f, &(0x7f0000000580)=ANY=[], 0x0)

52.589657011s ago: executing program 3 (id=7518):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x7, 0x7ff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r1, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

51.609996779s ago: executing program 34 (id=7518):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x7, 0x7ff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r1, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

12.481533617s ago: executing program 6 (id=7621):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
write$uinput_user_dev(r0, &(0x7f0000000380)={'syz1\x00', {0x5286, 0x0, 0x0, 0x9}, 0x50, [0xa8, 0x200, 0x0, 0x3, 0x40000, 0x62, 0x3c49, 0xfffffff7, 0xb84, 0x0, 0x8000, 0x4, 0x1, 0x9d45, 0x9, 0x6, 0x10001, 0x7, 0x200, 0x9, 0x0, 0x7, 0x80, 0x5, 0x4, 0x3, 0x40, 0x2, 0x142, 0xf7cd, 0x65db3644, 0x7, 0xfffffff9, 0xff, 0x10, 0x8, 0x1, 0x0, 0x80, 0xfffff02c, 0x1, 0x1ff, 0x401, 0xb, 0x4, 0x3, 0x9, 0x5047, 0x0, 0x1000, 0xe53, 0x1, 0xa4, 0x2, 0x1, 0x3, 0xffffffff, 0x5, 0x0, 0x3, 0xeec, 0x0, 0x5, 0x457d], [0x3, 0x4, 0xa, 0x137, 0x7f, 0xffff, 0xff, 0x1, 0x7fffffff, 0x0, 0x2, 0x7, 0xf4b, 0xfffffffb, 0x5, 0xfffffff9, 0xffffffff, 0x7, 0x0, 0x400, 0x84, 0x0, 0x4, 0x5, 0x8, 0x7, 0x7fffffff, 0x9, 0xffff, 0x7, 0x3, 0x5, 0x4, 0x0, 0x4, 0x1, 0x1, 0x1, 0x5, 0x80000000, 0x400, 0x7, 0x6, 0x9, 0x8, 0x6, 0x1, 0x9, 0x9, 0x8, 0x4, 0x401, 0x7, 0x10, 0x8, 0x5, 0x7, 0x6, 0x8000, 0x9, 0xd0f1, 0x7d, 0x6, 0x3], [0x31, 0xfffffc01, 0x2, 0x8, 0x6, 0x9b4c, 0x7, 0x2, 0x0, 0x69d, 0x8, 0x6, 0xbad, 0x36a, 0x6, 0x0, 0xbf, 0x6, 0x0, 0x10, 0x200, 0x200, 0x4, 0xf5, 0x2, 0x1, 0x8, 0x5, 0x8, 0x10, 0x3, 0xe, 0x3ff, 0x10, 0x81, 0xff, 0x80000000, 0x8, 0x10000, 0x80, 0x2, 0x9, 0x7, 0x7, 0x5, 0x8b, 0xff, 0x3, 0x1000, 0xe6c, 0x6, 0x9, 0x100, 0x6, 0x8, 0x12, 0x1000, 0x232, 0x0, 0x4, 0x4, 0x93a, 0x81, 0x1], [0x7f, 0x5, 0x8, 0x5, 0x6, 0x8, 0x6, 0xfff, 0x1, 0x7, 0x0, 0x7f, 0x9, 0x3, 0xffff, 0x4, 0x10, 0x73e7, 0x73, 0xfffffff3, 0x6, 0xab, 0x1, 0x0, 0xa, 0xfffffffa, 0x8001, 0x5943, 0x2, 0x80000001, 0x7, 0x8, 0xfffc0000, 0x2, 0x74, 0xd, 0x5, 0xfffffffd, 0x8, 0x3c, 0x1, 0xfffffe01, 0x6, 0x8, 0x6, 0x9ce, 0x0, 0x1, 0x800, 0xffffff80, 0x4, 0x101, 0x5, 0x9, 0xff, 0x7, 0xfffffff9, 0x7fff, 0x7fff, 0x2, 0x1, 0x2, 0x7, 0x101]}, 0x45c)

11.355363723s ago: executing program 0 (id=7623):
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000000)='./file1\x00', 0x649)
r1 = inotify_init1(0x0)
timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
syz_clone3(&(0x7f0000000680)={0x40004000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
timer_gettime(r2, &(0x7f0000000200))
inotify_add_watch(r1, &(0x7f0000000040)='.\x00', 0x40000f9f)
unshare(0x22020400)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000040)=0x78, 0x4)
sendmmsg$inet6(r3, &(0x7f0000000300)=[{{&(0x7f0000000600)={0xa, 0x4e1d, 0x7f, @loopback, 0x4}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}, @hopopts={{0x18, 0x29, 0x36, {0x2b}}}], 0x40}}], 0x1, 0x4050)

11.161368895s ago: executing program 6 (id=7624):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/unix\x00')
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff720af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff0200007b010000000000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)
ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(r3, 0xc0106441, &(0x7f0000000300)={0x0, <r4=>0x0, 0xfffffffffffffffe})
ioctl$DRM_IOCTL_PANTHOR_TILER_HEAP_CREATE(0xffffffffffffffff, 0xc028644b, &(0x7f0000000340)={r4, 0x9, 0x680000, 0x9, 0x7, 0x0, 0x100000001, 0x2})
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000079003800000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e0c01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cd93263ff755d611c4cca1684b14708f6a83366aa430ad2d700b186da622d6fba700000000000000000000000002000000000000f2badf9815c5000000"], &(0x7f00000001c0)='syzkaller\x00', 0x2, 0xd1, &(0x7f0000000000)=""/209, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x36)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0x4001, 0x3, 0x4e4, 0x0, 0x0, 0x148, 0x0, 0x148, 0x450, 0x240, 0x240, 0x450, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x190, 0x1b0, 0x0, {}, [@common=@unspec=@mark={{0x2c}, {0x400, 0x4}}, @common=@inet=@recent0={{0xf4}, {0x20000000, 0x6, 0x1, 0x1, 'syz1\x00', 0xc}}]}, @unspec=@TRACE={0x20}}, {{@ip={@remote, @multicast1, 0xff000000, 0xff000000, 'tunl0\x00', 'pimreg1\x00', {}, {0xff}, 0x84, 0x0, 0x60}, 0x0, 0x258, 0x2a0, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0xa, 0x2, 0x1, 0x1, 'syz0\x00'}}, @common=@inet=@recent0={{0xf4}, {0x4, 0x3, 0x1, 0x1, 'syz1\x00', 0x1}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0xbb02, 0x2b, 0x10, 'syz1\x00', {0x6182}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x540)

9.009217512s ago: executing program 6 (id=7629):
r0 = gettid()
timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
rt_tgsigqueueinfo(0x0, 0x0, 0x8, &(0x7f0000000480)={0x2b, 0x0, 0xfffffffb})

8.488250018s ago: executing program 6 (id=7631):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c7535653364f9637e84cabf17b0"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000080)='./file4\x00', 0xa08c54, &(0x7f00000000c0)={[{@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@uni_xlate}, {@shortname_winnt}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '855'}}, {@uni_xlate}, {@shortname_lower}, {@shortname_lower}, {@fat=@discard}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@uni_xlate}, {@shortname_win95}]}, 0x89, 0x2c4, &(0x7f0000000b00)="$eJzs3c2qG1UcAPD/5Ca5iQrJwpUIDtSFq9D2CRrkCsWslCx0oxd7C5KEwg0E/MDYlXvBle/gO/gAIvgGLlwK7uxCHJlkJt9pDNVUrr/fonPmzP8/5yOnmRDIuR++Oho8eDR++Pjzn6PRSKJyL+7FkyTaUYnSlwEA3CRPsix+y+YOxVajHhFZqzirnKB7AMC/YPb8T/LH+uHnPwBwM7z73vtvd3u9i3fStBEx+mrSzz8M5Mf59e7D+DiGcRW3oxV/zD4mLL4tyP996X7vIqppWn4ZMGlGP2L0wQ/FeffXiFn+nWhFezO/XkSlM/H6aDrp5y3nx1q8kER0s2Qecjda8XJEVoviJvPDW/d7F3fT7fzo1+ONW98W/f/zKjrRip8+ikcxjAezWyzzv7iTpm9m3/z+2XwE/YhkOumfz+KWsrOTvCAAAAAAAAAAAAAAAAAAAAAAAPwvdNKF9ur+OeVugJ3O7ut79wcqdviZruyvcztN03Ibn0m/FvP8arxSjerzGzkAAAAAAAAAAAAAAAAAAAD8d4w/+XRwORxeXa8Vvs/yQvOpMZuF6kpN+bP+w1m7C4PvIg4HJ38jJi9Uit7kNXFWnAyTrSaS8tJ6ep5x9CjOjwlubjc6uIzKvjmsDmPe+a+Pn97Xdgzw+EK5MvbFlKtrcJkcmrrG7kWysurKxq7HyRELMtsxdWd7s+rPMhur93lx0FzU/HjriP8FzZ0TlY+4tpjM9axG/kqu1NSetfPrhc13iuSfecMBAAAAAAAAAAAAAAAAAAD2Wv7oN37Zuvj4uXQJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE5u+ff/F4Vob9ZsFqZF8qym8vTg8+vxjmbbJx4mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN9xfAQAA//8n3kVH")
creat(0x0, 0x40)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
epoll_create1(0x80000)
write(r1, &(0x7f0000000200)="c7", 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)
r4 = syz_open_dev$loop(&(0x7f0000000240), 0x75f, 0xa8182)
r5 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r5, 0x0, 0x0, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5)
ioctl$LOOP_SET_STATUS(r4, 0x4c02, 0x0)

8.281030767s ago: executing program 0 (id=7632):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

8.117707288s ago: executing program 0 (id=7633):
syz_usb_connect(0x3, 0x24, &(0x7f0000000340)={{0x12, 0x1, 0x310, 0x1a, 0xcf, 0x3, 0x40, 0x423, 0xa, 0x5fd8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0xac, 0x10, 0xf9, "", [{{0x9, 0x4, 0x8a, 0x1, 0x0, 0x40, 0x6c, 0x59, 0x9}}]}}]}}, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x40, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

6.744145308s ago: executing program 7 (id=7641):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)

6.158030293s ago: executing program 7 (id=7642):
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000200)='./file1\x00', 0x180c858, &(0x7f0000001cc0)={[{@utf8no}, {@shortname_winnt}, {@uni_xlateno}, {@shortname_win95}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@shortname_lower}, {@shortname_winnt}, {@fat=@check_strict}, {@rodir}, {@rodir}, {@shortname_mixed}, {@uni_xlate}]}, 0xfb, 0x371, &(0x7f0000002980)="$eJzs3U9oHNUfAPDvdvK30CaHH5SfIIzeBA39gwfFQ0pJobgXlaXqQVxsqpKNhSwupodu40U8Ch4VBC/iQQ8eehZBEW8evFpBq+JBeytYfLK7s7uz3U0aKWkNfj6H4Zvve2/ee5OX7GSSfXlxOdbOTcf569evxdxcJaaWTy3HjUosRhZ9l2PczIQcALA/3Egp/kg9u2xS2eMhAQB7rPv6//KhUubNL3eqn7z6A8C+V/z8P79Tnbnx1E9PdI4X9m5cAMDeGXv+/+BI8czor/qnSn8VAADsV8889/yTJ6sRT+f5XMT6W61aqxaPD8tPno9XoxGrcTQW4mZE70ahc6h0j6fPVFeO5nnejp8XoxYRH7RqEevtVq13p3Ay67afjWOxEItF++JuI6WUnf6sunIs74qIy+1u/7FeadWm42DR//cHYzWORx7/G2sfcaa6cjwvTlBb77dvR2wNn1t0xr8UC/HtS3EhGnFu/myk1L+tqa5cOpbnp1J1pH2rNhvnBldhwhMQAAAAAAAAAAAAAAAAAAAAAAC4A0v5wOJg/5s03L9naWlCeXd/nF77Yn+grd7+QGk2RUq/v/FI7e0sRvYHunV/nlZtKg7c26kDAAAAAAAAAAAAAAAAAADAv0ZzcybqjcbqRnPz4lo5aG80Nw9ERCfz2teffDEf43VuE0wVfZSK8iJ1ca2esn7llI3UKYKs03k/8/GVwYjLdWYHs5g4jNntixqNQw/8+N4wc3/WP/NfwzpZTJ5gdsswysH64d6QBpnp4ZS3vWIniuD4ba7q1ZTSdue59MJ4q6hETP3zT9zOQeoEX1175f8nmkce7WY+Tz0PPbxw9uq7H/66Vm90eu5ofDSz0byZ1urFx5MX2/ZBVlo/leIaVsorYWqn5lujmXr23W/P3vfON7vrPZUzr0+ok/Wm8+lGc7NSfKV0i2Z6QSd3S6v5xplsbCVMT1j8dxZMXGxH3l+uX7n0wy+7PU/pm4SNOgAAAAAAAAAAAAAAAAAA4K4ovVe8ULzZd3qnVo89VQRzezs6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALg7hv//vxRsjWV2E/zZjvGi2dWNZsThez1NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+4/4OAAD//5U3aTg=")
r0 = open(&(0x7f0000000040)='.\x00', 0x20000, 0x40)
getdents64(r0, &(0x7f0000000fc0)=""/224, 0xe0)

5.908630799s ago: executing program 8 (id=7644):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x78, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000300)=[{{&(0x7f0000000600)={0xa, 0x4e1d, 0x7f, @loopback, 0x4}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}, @hopopts={{0x18, 0x29, 0x36, {0x2b}}}], 0x40}}], 0x1, 0x4050)

5.714933409s ago: executing program 0 (id=7645):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
prlimit64(r0, 0xf, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
setsockopt$inet_tcp_buf(r3, 0x6, 0x21, &(0x7f0000000280)="dc8daf8d760c0b8caa98fa19c6a35a18", 0x10)
syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x211, &(0x7f0000000740)="$eJzsmb+LE0EUx78z+yPxlEMbCxsLTzzR2+xuVK454QRLQThFLYO3Hqd7F8mtcBcQDDY22lkItjZXWlhYWfgX2GqhgmBhSsFCGJnZye6w7MaEJDa+D2TynZk3M+89dl5gA4Ig/lu+fvn5+eml5WtnARzCAmp6/LuV23DD/tOLB2eer1x++frjq/fb8w/fFvdjAISoPO5XccoFw7tVCwmYnY4Igfl8fsFwQWtcB8dprW+AwUvlb6FIOxEYbmmbu4ZuHwAOSxFH3u12vH5nM4582QSyCWXTNP2TTvV7DOsA6so7IZgxv7PXvdeK46hTFI52pGRqXMEr06n9W+VYwSB7Qkj7m08e92Rf5wY+eJa/AByB1k0wrGm9jBo8z8tTYsR/zM73t0aJf2rCUeKiOuvZqKv2lTiyNEvHTDG4I+OskmmcuWNd8NGND/4DfyYSzlT2YcUReaGzkaP9QQ00bb6lAiVTs360/m5TH34ZZeHaP1nysH2Yi+MrE3joDstGXp9kZT9l1CcbdlY/GsnW/cbOXndpc6u1EW1E22HYvOCf8/3zYUMVorQdUv/qqj7NGfs7FbYuc7HbSpJOsAsknSDrh2mbB4C1N+0fcon6qej3OBZPqC1UTVVh18rPYPrD1bdUi1a55aPKmAiCIAiCIAiCIAiCIAiCIMo5Dob0nzDB9AvRMsKr6g3lnwAAAP//C/1c1Q==")

5.699568531s ago: executing program 8 (id=7646):
r0 = syz_usb_connect$uac2(0x5, 0x83, &(0x7f0000000000)=ANY=[@ANYBLOB="120100020000000882052500400001020301090271000301f81005080b020001052008090400000001012000092401fdff0a11004708240a0000057f000904010000010220000904010101010220000905010940000204d80825010230cc00000904020035633203193e"], 0x0)
syz_usb_control_io$uac2(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0xd)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x7, 0x3, &(0x7f0000000480)=@framed, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, 0x0)
close(0x3)
syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)

5.569374507s ago: executing program 7 (id=7647):
fanotify_init(0x8, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}], 0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0)
r1 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0xd0, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xa, 0x80000006, 0x400}, 0x0, 0x0)

5.222092291s ago: executing program 4 (id=7649):
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
sendmmsg(r1, &(0x7f0000004380), 0x34000, 0x0)

5.199024621s ago: executing program 1 (id=7650):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0xae0, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xb}, {0x4, 0xffe0}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x240408a0}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r5)
socket$unix(0x1, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

5.177942746s ago: executing program 6 (id=7651):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000002c0)=0x11)
setuid(0xee01)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)

4.426460513s ago: executing program 7 (id=7652):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/address_bits', 0x0, 0x0)
getdents(r0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x3, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x106f)
ioctl$XFS_IOC_GETBMAPX(r2, 0xc0205838, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006200)=[{{&(0x7f0000000500)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4085}}], 0x1, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg(r3, &(0x7f0000004380), 0x34000, 0x0)

3.953460445s ago: executing program 4 (id=7653):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40), 0x0, 0x20000044)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d302c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677ae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d63c810deed3cb637e9a737a0edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b490", @ANYRES8, @ANYRESOCT, @ANYRES16=0x0], 0x3, 0x248, &(0x7f0000000880)="$eJzs2k9rXFUYB+D3pqmpielE/EcL4kEX6ubSZO2iQVoQA4o2QhWkt+ZGh1xnwtwhMCJ2Vrr1I7gWl+4E6dJNNn4CF+6yybIL8cp0Uu2UiVKiTrXPs5kXzv3NOYc5czhczsErX368s13n20U/5rIs5i7GMG5lsRJzcccwXn7x6g/Pvn313dfXNzYuvZXS5fUrq2sppbPPff/ep988f7O/9M63Z79biP2V9w8O137ef3r/3MGvVz5q16ldp063n4p0vdvtF9erMm216508pTersqjL1O7UZW+ifbvq7u4OUtHZWl7c7ZV1nYrOIO2Ug9Tvpn5vkIoPi3Yn5XmelheDk9j8+lbTxGFz+lo0TfPoV7F0M5Z/ilZkj6fsiYvZU9eyZ4bZucOmac16qPwj/P4Pt7s29TMR1Rd7m3ub489x+/p2tKOKMi5EK36J0TI5Mq4vv7Zx6UK6bSU+r24c5W/sbZ6azK9GK1am51fH+TSZX4jFiNMRR/m1aMWT0/NrU/Nn4qUX7uo/j1b8+EF0o4qtGGX/yH+2mtKrb2zckz9/+zkAgP+bPP1u6vktz49rH+fv43x4z/lqPs7Pz3buRNSDT3aKqip7MynuvGM69pnHTt7X6PtnMcH5P5uX4mTFQtxXKosYjtbBAzH4Rx6Iv95fFUsz25L4F03ukwAAAAAAAAAAAPxX/O2XB09Nv4ELAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwnN8CAAD//1uOxe4=")
r3 = creat(&(0x7f0000000240)='./file1\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x6000)
io_setup(0x200, &(0x7f0000000140)=<r4=>0x0)
truncate(&(0x7f0000000940)='./file1\x00', 0x8da6)
io_submit(r4, 0x0, &(0x7f0000000540))

3.723425382s ago: executing program 1 (id=7654):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000003"], 0x48)
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xba7e}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000280), &(0x7f0000000000)=""/3, 0x2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r3, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xa39, &(0x7f0000001740)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0xa03, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @loopback={0x0, 0x1ff0000aa}, @mcast2, [{0x1f, 0x13b, "717e7a0636890e4bb5dc09d96895be0f63e7a56026028ce8a331ec43377d5debd8da890a46b823f243b38a9883fad56ec6c08e89418d0661b408bae97493a9d311c203b97dc9b11b1bbfeb5a603dbc5a52baa04dc9f18dcbc13aff83a02eb2c82e3019b20167ca7f3d554b6b34b2a07aabe1d3bb4448ce6f35e529c36a56f5c270bf89cf25c09bfc4f7eaf1ada07e1277afd853d8e6d9edea427c211002cc3f39f0a9e52dcd979c7b9f499e2db7dccbb8f7270d236fde4d19710a2fe1d57900f51e7b3d7389e86002595822ab5a83dd09883aee227f30801f64c63469ab4be9a9d3c6a7779fe3dcf96e9297ba45bfce3310ed133e61245b95567985c33efc2f1d51ab3cf0904e0a713533d59f60e64e95fd2c7dbdad59970f8ba0eb138b8216f1f07b378da7de22abc95e59656ccc6128a805f49f6352033ad683a5776ba4449935a58ae04cfcbde9c30d51e3eb89de6b3fc7a37841e219fa6363dbca52afd2cf8c7cf7464a1debc253bc79be13f7c0b520c76cc69d608cff989cd83d64f34f8d89da32ca79ec41db441dce7bbb65f6218e649823c038b28bddf6837a31e219be940c8d941aea4f8fb4b1253441d89ab446958836a1f1e6b0115fe71ace449fa3738c1a0c23543ce8375dd2de1ae34348b3503af2e83a53213bb560a174f6562c6857f49fac42551bfb01b5cd74dda0db32d28033b4158310daed9358372521e94200ee3131e43b12c66e169e46858febde37bff5cb1c5ddefc812c175edd1b3fb27988301fcd52ba3fdb92cbfa384f3e4d0148fdbac04dfa7c474a6de2ee52a0d5941964038b0a5428ef1607545ab42027502b5e4eafb19f56d38ec1908e10f652d03b1c0926ad77bb00fa552643a60149d27f677f18a81ed127efe193e2b54e5dc17bd858dc84c828422517dacbefbb86727e4b9ae0078266e2b517b658970241ca0c74bee1fa6e8a839c9755f797355898e91cacf7a6633facfb282f6e5b7db5e1b5aeb349f5bc14c8132234d5ff4dc0af305e891a579b3ad384783d670a5f414042970ca80f4b1c3d63112f976e0604cc30db698a3ca7881c21b889a407917528004dcb4081126a690b4b2502de19005f345e1f7efdbc1cf65ffc07578a9e671bbb39de2b2ea7372f2c76ab2bd6a36aa09bf7709fdcb78064453e07d3d212f4f478d8e187c9bc9d13f1802db111739de8d27a885f2050ddaeb244f3737805db6440cbac4920f6c32c62ffa7ef241e12d09de86590362918a62475d73d45a67c7160274591b4617d3a9d5cbdf51b6d545260df2a5c075b4bcdc980bc2f5515511152bb3858c9ca9fb8d6909194c3d6c9e5324e56d8dc5dd2565dff4728c713b25fef232a88b9fa1fa96b0f2fe0138c3522a8530f40398e48ed05782584537917f379ba3acae59ba9094f4fde238898b3e96412cfbf23dd419fa794f33946021282504bb5b909e168bd50638114585e26fd6ea23fb200a2724183d99fc4a651a51a5b67a25c573509ffd46adf5aa03deea20ea374315c5a6c97d0a17cf1484f0b6f303849d5bbd7c93631ba1bb8af14f575282cee74a894aa306c38b55f9a63747c2a046eb361e6cee44d08da736f464d9b5a1bd80a281d77ef33c1dcc31ee6879b10ada5b85a6604bb621ebe266b82a7b57f2ae7939c30b8b7a8704b10a5e1016db6646a24b0304a61d52deb705f7c758c7f916af9e8109e1e7a772eb28b16a704f13b750440976eccab8432ed2a10f631c75e4bd2a79b220f9afef1e53e714da10b012f941861d07df4e044053fd9eb863f149a424d4c8e6e1105987525da52b06e22f4ba2dbe60ee370d9c8a7eaeaafb9f0d435c1c499e63e57fc1ec921e3fec9c11fc256e156a8573b8bf8f0266f0e568e47209e792088e6801d1d9a9f18e31391b4b738c6887cfa8f038db074d0b3c3aa9c2767d43e3eafebb6e235a243cf5c2f37d7f9702fdb58b913b93689ac2b8da49736c6f8eed1ed044505501c661f8c53836f6b15f4ca465eefda36689971392813d727fdada49f969f280496087209e60a2a1502944aa47d6215c8433d9d3e83ec38a758ddf0cb6c89153862ae0c6481bea9be0bb3d011e225642c09df734ed66dbab3d693d934282b18893a68266590cfff04414d5bf6c58f40d4282c3ae80256d36ff543f99fea10f992a90fb3e41777d540cecf564feb29a6c4bffbf850ec4fbd117f004ceed7e2663ae20fe8a2ec995fd563be30963156fe568c740e83fab6225b3b702700da94d03082a5a7a9fa3bf67a5909b47ce46256a725ddaf253f8da7f50ce083f64ac398eed19df6b87f052dc67e5f1445e8fdfc67181119b97f2b58e120954818f1b65d1e51db51e108c95da91797eb179bf9f0092f07860ac496993511df71d45d2e045f271e8c75bdc56e94a39110c04052291953ed5bf5d8cd55b45fa59b0d30d25cbc008bff3d846f2257134621c15914c00a9c3b63ad2201602b9589a70c2eae57539583907d2831f361132249fa1f0a92d0b4b6c018130a08c30fcdc8e3fa77999fe53f07a02ea5a1d6739c604b7ea215f15902d6adfbc615574aafb7fdc1d751572f304b0c073c94c6886ccb043206b5074a452c5e86aac3d98783b8df864fa9e56a6784bf96f3f7a978424f75041ae8cece3b0998f29e60ca433feac4d66bb5b34c51e391558b3082db1bc3f3d0136a82d88056e68cb5c6f160649e6c4206c61d4b16dbdbd842823a38c9ed83a4eaa7848e5f32e0292868d6c99f7e6c35b9938f21131a18be7bce5fbe8eda00d8eade7930dae13711e52d42d3e241fc762287cb5d22498b2db0c6c5e43afd5521e909e5682c18a3d5ba351b45e43426065e65dd70bcc8b631916d761f5fcf05fc09e5bfec06bcb8910058f00eb8c1e09a480f28d927bfa6233e1f0a575a7145451040dddc827d8b8c664dfab46467cdd593da779f6567586ca484200a1ac1992226045b37a27e217ac2ef6b5a61a1f4304a90ef7071aabd2d85ae0526e3797e6fc724d112a44f87156962edec72e23a85fead91de8220200fc8df2e9a998fd6ed7c3075af44a1d0e0129daf8228099bd6364e4d92c123427fec8a2ab090fbcfc2405d53925a99d692fb9ebeaa5fc9c718751a292a36082c1b1fa3c1df7e1c62cf8b60b96dd0385aa66570db3f418424c470d9af162693603c3eababa2e82829f9728a9fdd76dcc9b68591e75b2c53ef0b7f085ac1ba0d216d33634cb231fcd020f76895e4f7c68c4dcac77e5690342c3400680cde787b7a7e0095fc821e780232c4616216341c977478f27eb0f368a117a1cc4169dcc001faafbd6040d625c0e2959d76b30213895acdcf1aaab227ef477a7999dec720a7536d23038da35cc0ffc31a44a53089bec73649bed2efc673f50866091019457d2cb740d68a4dbe60dc9aef0694b4301ce6251f29de519651ae3fd45fa5fb51a90c75d9251c4e2d3ba28b3d9993be1fa9ec43c612ad6870811e6b26c7bb161a2fca89a51700f9d5cee20044e96533cefbcb7ceae601ca42f2ce843fac0b50628ee6d6e74cf6033554382ff3b1306c0d1f1503300c0f40"}]}}}}}}, 0x0)

2.955806147s ago: executing program 7 (id=7655):
r0 = syz_usbip_server_init(0x3)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000014000000000000000000000000a60000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a300000000034000480300001800a0001006d617463680000002000028005000300000000000b000100736f636b657400000800024000000002"], 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0)
ppoll(&(0x7f0000000000)=[{r0, 0x281}, {r0, 0x4005}], 0x2, &(0x7f0000000040)={0x0, 0x989680}, &(0x7f0000000080)={[0x74]}, 0x8)
fsopen(&(0x7f00000000c0)='qnx4\x00', 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r2, 0x5607, 0x2c)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
mmap$IORING_OFF_SQ_RING(0x0, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_MOVE(r3, 0xc028aa05, &(0x7f00000001c0)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x2000})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x34}}, 0x800)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r6, &(0x7f0000000400)=ANY=[@ANYBLOB="000008000100000000003d0000002a6ad5fde1b6554242ac10fef9878574f7e568ff42b7b7151d6986161da58b840d7a6e0eb304946c4b948e98ec852cd40c1b51c39a1487d8b9912cf4e3091607d53f02f0954c89d08eec9bb780ff23d2f0e347d88d0edf4ca5d5c4f8b2ed6a9e836bccb2c65020578c56730534689dc1cbb21044dc8cd15b50f1ed31887ebf8de493e0364362eec95799088df4f44503e5010000007867d80f8fdd6bdc48cab8187e71a8ff8f05285679ca69809a7b7d04e80a81a9e75924162806c973348c57c81c5ba24fde98d8006dafb1e0a6096257ced6ef5ff20b62e6e5042b0ebd20a4a1d845b4b3ca9750aba8758bcf311ae2e25444a729ef407df2abaac0ce"], 0x10b)
ioctl$TIOCL_SETVESABLANK(r5, 0x560e, &(0x7f0000000140))
ioctl$VT_ACTIVATE(r5, 0x5606, 0x2)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$TIOCL_BLANKSCREEN(r8, 0x541c, &(0x7f0000000000))

2.895238979s ago: executing program 1 (id=7656):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x3, &(0x7f0000000000)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@noauto_da_alloc}, {@noblock_validity}, {@noblock_validity}, {@grpjquota}]}, 0x41, 0x625, &(0x7f0000000800)="$eJzs3c1vFOUfAPDvbLfvv58txKh4kCbGQKK0tIIhxkS4G4IvN71UWgihUEJrYpHEkuhN48WDiScP4l9hJPHqP+DBiydDQozhIIbImpmdbaftbunb7pT280mGzsvuPN8Bvn2effZ5ZgLYt0bSPyoRhyLiWhIxVDhWjfzgSP119/+6eT5dkqjV3v0ziZufJovFcyX5zwP5m/8diiR9+8GJH9eUO7dw4/LkzMz09WyrN9+7cOPYpSuTF6cvTl+deG3i1MkTJ0+NH9/+9RUvJ+L97799mIz/8NvZJE7Ho676zvS6Vr+3d1slp2WPRK3uQXF/GsipbZ57t/h7aPkvtq4/kmpp4bBJF/L/j90R8WwMRVfhX3MoPn+71OCAtqol0aijgH0n2VL+9+18IECHNdoBjc/2zT4Hr1Vpc6sE6IR7Z+odAPXc746IRv5X876zvqxvYOB+sqKfJ4mI7fXM1aVl/PLz2c/SJVr0wwHtsXirN++3X13/J1luDkdftjVwv7Ii/yuFJd3/zhbLH1m1Lf+hcxZvRcRzef3fE5vK/5FC/n+4xfLlPwAAAAAAAOycO2ci4pVm4/8qS+N/epqM/xmMiNM7UP7jv/+r3M1Xkh0oDii4dybijabjf5fG+A535Vv/z8YDdCcXLs1MH4+IpyLiaHT3ptvjq85bHCF87MuD37Qqvzj+L13S8htjAfMz3a2umog7NTk/ud3rBiLu3Yp4Phv/ezjfs3L8T1r/J03q/zS/r22wjIMv3T7X6tjj8x9ol9p3EUea1v/Lze10bWz+yrWxuab35xjL2gNjjVZBw3IL4IVPvhpsVf46+e8uEtBmaf0/sH7+9ybF+/XMbe78PRHx6kK11ur4Vtv/Pcl7XY3zpz6enJ+/Ph7Rk7y1dv/E5mKGvaqRD418SfP/6Ivr9/8ttf8LedgfEYurT96ih+6ZR4O/t4pH+x/Kk+b/1Pr1//DK+n/zKxO3h39qVf65DdX/J7I6/Wi+R/8fFK29H8eaLByIpglaSrgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8ISrRMT/IqmMLq1XKqOjEYMR8XQMVGZm5+ZfvjD70dWp9Fj2/P9K40m/Q/XtpPH8/+HC9sTK7f60rAMR8XVXf3Z89PzszFTZFw8AAAAAAAAAAAAAAAAAAAC7xGA257/Wu3r+f+qPrrKjA9qumv9czvee0mIBOivP/y8+2PQ7a707Hw3QSdWyAwBKs/H8725rHEDntc7/Bw9rmY6GA3SQ9j/sX1vMf18Pwh6g/of9aoN9en3tjgMog/ofAAAAAAD2lAOH7/yaRMTi6/3ZEoXJvwb7w95WKTsAoDTG8ML+VZ0tOwKgLD7jA8nS2j9NJ/u3Hv2ftCcgAAAAAAAAAAAAAGCNI4fM/4f9av35/8b2w162zvz/LPmzRwM8rG3g5cCTpvWjP9T9sNet8xnfA79gn3hcbW/+PwAAAAAAAAAAAADsAn03Lk/OzExfn1t48lbe3B1hbG5lcXJXhLHdlf6IWNrzqD1ldUdE+Ve6cyvViMrGXty4BUeJMZf8ewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjyXwAAAP//CHogwg==")

2.586704817s ago: executing program 4 (id=7657):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2, 0x0, 0x0)
listen(0xffffffffffffffff, 0x364)
listen(r3, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
waitid(0x1, r0, 0x0, 0x1000000, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000022c0)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x8000, 0x2}, {0xfffffffffffffffc, 0x1, 0x0, 0x5, 0x5, 0xfffffffffffffffa, 0x0, 0x8}, {0x200, 0x6, 0x0, 0x2}, 0x8, 0x0, 0x1, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x33}, 0xa, @in=@empty, 0x3505, 0x1, 0x1, 0x0, 0x0, 0x8007c, 0xfffffffe}}, 0xe8)
sendto$inet6(r4, 0x0, 0x0, 0x20000401, &(0x7f0000000080)={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2c}}, 0x5}, 0x1c)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, 0x0, 0x0)
sendmmsg$inet(r5, &(0x7f0000003e80), 0x0, 0x42054)

2.437332366s ago: executing program 8 (id=7658):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000300)=[{{&(0x7f0000000600)={0xa, 0x4e1d, 0x7f, @loopback, 0x4}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}, @hopopts={{0x18, 0x29, 0x36, {0x2b}}}], 0x40}}], 0x1, 0x4050)

2.078931205s ago: executing program 0 (id=7659):
socket$igmp6(0xa, 0x3, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair(0x2a, 0x1, 0x8, &(0x7f00000000c0))
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x1}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000005300)=[{0x28, 0x0, 0xfb, 0xfffff034}, {0x80000006, 0x66, 0x0, 0x30}]}, 0x10)
syz_emit_ethernet(0x2b, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000003a538ae46463208004500001d00050000000290"], 0x0)

1.592899966s ago: executing program 1 (id=7660):
socket$igmp6(0xa, 0x3, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair(0x2a, 0x1, 0x8, &(0x7f00000000c0))
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x1}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000005300)=[{0x28, 0x0, 0xfb, 0xfffff034}, {0x80000006, 0x66, 0x0, 0x30}]}, 0x10)
syz_emit_ethernet(0x2b, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000003a538ae46463208004500001d00050000000290"], 0x0)
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x0, 0x1}, 0x0, 0x0, &(0x7f0000000000))
ioctl$VT_DISALLOCATE(r0, 0x5608)

1.591292459s ago: executing program 6 (id=7661):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x8, &(0x7f00000003c0)={[{@nodelalloc}]}, 0x2, 0x50c, &(0x7f0000001640)="$eJzs3U9sG1kZAPDPdpJN2izdXRDaXSS20iKVP2qcP0KbABLiBBwqISpxAamExA0lTh3FTmmiSqRw64EDAoGEOHDnwpULPVFVQpxBXDmhVlCCVFCRBnnsSZ3ETlya2Gzm95Ncz/i5/t5z8r08v3njCSC3Ljb/KURMRsQfIuJCa3f/Ey627naf3Flq3gqRJFf/Vkif19zPnpr9v/MRsRMR4xHx1S9GfKtwOG59a3t1sVqtbLT3y4219XJ9a/vyjbXFlcpK5ebM/HsLC/PTc7MLJ9bWez/8zr0rv/ny2K+e/uDRgx/97rfNak22yzrbcZJaTR+N1zseG4mIz51GsCEotdszMeyK8D9p/vw+GBHvpvl/IUrpT7M/z061ZsBpS5Ik+U/ySq/inQQ4s4rpGLhQnIqI1naxODXVGsN/KM4Vq7V641PXa5s3l1tj5dditHj9RrUy3f6s8FqMFpr7M+n28/3ZA/tzEekY+MeliXR/aqlWXR5sVwcccP5A/v+z1Mp/ICf6/8gPnDXyH/JL/kN+yX/IL/kP+SX/Ib/kP+SX/If8kv+QX535n53I9eqQ6gIM1lF//8cGWA9goL5y5UrzlmTnvy/f2tpcrd26vFypr06tbS5NLdU21qdWarWV9JydteNer1qrrc98OjZvlxuVeqNc39q+tlbbvNm4lp7Xf60yOpBWAf14/Z37fypExM5nJtJbdPzJl6twtiVJIYZ9DjIwHKVhd0DA0Dj0B/n1Ap/xe35JGPD+1uUreveMn+9Z9PlYP/aVdn/9EvUCTk/xqMJnDwdXEWDgLr3l+B/klfl/yC/z/5Bfx4zxDQ8gB46a/4/2tfy6OjT/38PTF6sPcPqOnP8HzrTJLtf/SpLke692XLtrOiI+EBF/LI2+kl3rCzgLin8ttMf/ly58bPJg6VjhX+kcwFhEfPfnV396e7HR2JhpPv73vccbP2s/PjuM+gO97Z/hy/I0y2MAIL92n9xZym6DjPv4C61FCIfjj7TnJsfTEcy53cK+tQqFE1q7sHM3It7sFr/Qvt5568jHud3SofhvtO8LrZdI6zuSXjd9MPHf6oj/0Y74b7/0uwL5cL/Z/0x3y79imtOxl3/7+5/JE1ofnfV/2ZrrzvhZ/1fq0f+902eMb//i+90O76aLvR/fjXi7a/+bxRtPYx2M36zbpT7jP/rG1z7cqyz5Zet1usXPNLfKjbX1cn1r+/KNrBbz7y0szE/PzS6U0znqcjZTfdhn3/z9g17xm+1v69H+Px9q/0S7Tp/os/3//sjDr188Iv7H3+3++/dGen/g/U+SvTp8ss/4/5j9yzd7lTXjL/d4/4vd4kdWGjHXZ/z6T77k3GEA+D9S39peXaxWKxtdNkZ7F9mwYWPQGyMxwKDH9Rw7g+mggFPzPOmHXRMAAAAAAAAAAACgX71W/94/weXEw24jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBZ8N8AAAD//6rz1eo=")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

1.591035391s ago: executing program 8 (id=7662):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'gretap0\x00', &(0x7f0000002380)=@ethtool_wolinfo={0x6, 0x6a5, 0x59fd, "d54b582a8907"}})

1.376797821s ago: executing program 0 (id=7663):
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000180)={0x53, 0x0, 0x6, 0xa, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000280)="120183008000", 0x0, 0x0, 0x4, 0x0, 0x0})
r0 = syz_open_dev$vim2m(&(0x7f0000000280), 0x10002, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x85})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
write(r0, &(0x7f0000000100), 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usbip_server_init(0x4)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))

1.375854498s ago: executing program 4 (id=7664):
fanotify_init(0x8, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}], 0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0)
r1 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0xd0, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xa, 0x80000006, 0x400}, 0x0, 0x0)

1.32199072s ago: executing program 8 (id=7665):
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
sendmmsg(r1, &(0x7f0000004380), 0x34000, 0x0)

436.297504ms ago: executing program 1 (id=7666):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002240)=@newtfilter={0x40, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x2, 0xfff3}, {0x0, 0xfff3}, {0xb, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x5}, @TCA_BPF_FD={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)

364.475506ms ago: executing program 4 (id=7667):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/address_bits', 0x0, 0x0)
getdents(r0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x3, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x106f)
ioctl$XFS_IOC_GETBMAPX(r2, 0xc0205838, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006200)=[{{&(0x7f0000000500)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4085}}], 0x1, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg(r3, &(0x7f0000004380), 0x34000, 0x0)

176.212766ms ago: executing program 8 (id=7668):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000003"], 0x48)
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xba7e}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000280), &(0x7f0000000000)=""/3, 0x2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r3, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xa39, &(0x7f0000001740)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0xa03, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @loopback={0x0, 0x1ff0000aa}, @mcast2, [{0x1f, 0x13b, "717e7a0636890e4bb5dc09d96895be0f63e7a56026028ce8a331ec43377d5debd8da890a46b823f243b38a9883fad56ec6c08e89418d0661b408bae97493a9d311c203b97dc9b11b1bbfeb5a603dbc5a52baa04dc9f18dcbc13aff83a02eb2c82e3019b20167ca7f3d554b6b34b2a07aabe1d3bb4448ce6f35e529c36a56f5c270bf89cf25c09bfc4f7eaf1ada07e1277afd853d8e6d9edea427c211002cc3f39f0a9e52dcd979c7b9f499e2db7dccbb8f7270d236fde4d19710a2fe1d57900f51e7b3d7389e86002595822ab5a83dd09883aee227f30801f64c63469ab4be9a9d3c6a7779fe3dcf96e9297ba45bfce3310ed133e61245b95567985c33efc2f1d51ab3cf0904e0a713533d59f60e64e95fd2c7dbdad59970f8ba0eb138b8216f1f07b378da7de22abc95e59656ccc6128a805f49f6352033ad683a5776ba4449935a58ae04cfcbde9c30d51e3eb89de6b3fc7a37841e219fa6363dbca52afd2cf8c7cf7464a1debc253bc79be13f7c0b520c76cc69d608cff989cd83d64f34f8d89da32ca79ec41db441dce7bbb65f6218e649823c038b28bddf6837a31e219be940c8d941aea4f8fb4b1253441d89ab446958836a1f1e6b0115fe71ace449fa3738c1a0c23543ce8375dd2de1ae34348b3503af2e83a53213bb560a174f6562c6857f49fac42551bfb01b5cd74dda0db32d28033b4158310daed9358372521e94200ee3131e43b12c66e169e46858febde37bff5cb1c5ddefc812c175edd1b3fb27988301fcd52ba3fdb92cbfa384f3e4d0148fdbac04dfa7c474a6de2ee52a0d5941964038b0a5428ef1607545ab42027502b5e4eafb19f56d38ec1908e10f652d03b1c0926ad77bb00fa552643a60149d27f677f18a81ed127efe193e2b54e5dc17bd858dc84c828422517dacbefbb86727e4b9ae0078266e2b517b658970241ca0c74bee1fa6e8a839c9755f797355898e91cacf7a6633facfb282f6e5b7db5e1b5aeb349f5bc14c8132234d5ff4dc0af305e891a579b3ad384783d670a5f414042970ca80f4b1c3d63112f976e0604cc30db698a3ca7881c21b889a407917528004dcb4081126a690b4b2502de19005f345e1f7efdbc1cf65ffc07578a9e671bbb39de2b2ea7372f2c76ab2bd6a36aa09bf7709fdcb78064453e07d3d212f4f478d8e187c9bc9d13f1802db111739de8d27a885f2050ddaeb244f3737805db6440cbac4920f6c32c62ffa7ef241e12d09de86590362918a62475d73d45a67c7160274591b4617d3a9d5cbdf51b6d545260df2a5c075b4bcdc980bc2f5515511152bb3858c9ca9fb8d6909194c3d6c9e5324e56d8dc5dd2565dff4728c713b25fef232a88b9fa1fa96b0f2fe0138c3522a8530f40398e48ed05782584537917f379ba3acae59ba9094f4fde238898b3e96412cfbf23dd419fa794f33946021282504bb5b909e168bd50638114585e26fd6ea23fb200a2724183d99fc4a651a51a5b67a25c573509ffd46adf5aa03deea20ea374315c5a6c97d0a17cf1484f0b6f303849d5bbd7c93631ba1bb8af14f575282cee74a894aa306c38b55f9a63747c2a046eb361e6cee44d08da736f464d9b5a1bd80a281d77ef33c1dcc31ee6879b10ada5b85a6604bb621ebe266b82a7b57f2ae7939c30b8b7a8704b10a5e1016db6646a24b0304a61d52deb705f7c758c7f916af9e8109e1e7a772eb28b16a704f13b750440976eccab8432ed2a10f631c75e4bd2a79b220f9afef1e53e714da10b012f941861d07df4e044053fd9eb863f149a424d4c8e6e1105987525da52b06e22f4ba2dbe60ee370d9c8a7eaeaafb9f0d435c1c499e63e57fc1ec921e3fec9c11fc256e156a8573b8bf8f0266f0e568e47209e792088e6801d1d9a9f18e31391b4b738c6887cfa8f038db074d0b3c3aa9c2767d43e3eafebb6e235a243cf5c2f37d7f9702fdb58b913b93689ac2b8da49736c6f8eed1ed044505501c661f8c53836f6b15f4ca465eefda36689971392813d727fdada49f969f280496087209e60a2a1502944aa47d6215c8433d9d3e83ec38a758ddf0cb6c89153862ae0c6481bea9be0bb3d011e225642c09df734ed66dbab3d693d934282b18893a68266590cfff04414d5bf6c58f40d4282c3ae80256d36ff543f99fea10f992a90fb3e41777d540cecf564feb29a6c4bffbf850ec4fbd117f004ceed7e2663ae20fe8a2ec995fd563be30963156fe568c740e83fab6225b3b702700da94d03082a5a7a9fa3bf67a5909b47ce46256a725ddaf253f8da7f50ce083f64ac398eed19df6b87f052dc67e5f1445e8fdfc67181119b97f2b58e120954818f1b65d1e51db51e108c95da91797eb179bf9f0092f07860ac496993511df71d45d2e045f271e8c75bdc56e94a39110c04052291953ed5bf5d8cd55b45fa59b0d30d25cbc008bff3d846f2257134621c15914c00a9c3b63ad2201602b9589a70c2eae57539583907d2831f361132249fa1f0a92d0b4b6c018130a08c30fcdc8e3fa77999fe53f07a02ea5a1d6739c604b7ea215f15902d6adfbc615574aafb7fdc1d751572f304b0c073c94c6886ccb043206b5074a452c5e86aac3d98783b8df864fa9e56a6784bf96f3f7a978424f75041ae8cece3b0998f29e60ca433feac4d66bb5b34c51e391558b3082db1bc3f3d0136a82d88056e68cb5c6f160649e6c4206c61d4b16dbdbd842823a38c9ed83a4eaa7848e5f32e0292868d6c99f7e6c35b9938f21131a18be7bce5fbe8eda00d8eade7930dae13711e52d42d3e241fc762287cb5d22498b2db0c6c5e43afd5521e909e5682c18a3d5ba351b45e43426065e65dd70bcc8b631916d761f5fcf05fc09e5bfec06bcb8910058f00eb8c1e09a480f28d927bfa6233e1f0a575a7145451040dddc827d8b8c664dfab46467cdd593da779f6567586ca484200a1ac1992226045b37a27e217ac2ef6b5a61a1f4304a90ef7071aabd2d85ae0526e3797e6fc724d112a44f87156962edec72e23a85fead91de8220200fc8df2e9a998fd6ed7c3075af44a1d0e0129daf8228099bd6364e4d92c123427fec8a2ab090fbcfc2405d53925a99d692fb9ebeaa5fc9c718751a292a36082c1b1fa3c1df7e1c62cf8b60b96dd0385aa66570db3f418424c470d9af162693603c3eababa2e82829f9728a9fdd76dcc9b68591e75b2c53ef0b7f085ac1ba0d216d33634cb231fcd020f76895e4f7c68c4dcac77e5690342c3400680cde787b7a7e0095fc821e780232c4616216341c977478f27eb0f368a117a1cc4169dcc001faafbd6040d625c0e2959d76b30213895acdcf1aaab227ef477a7999dec720a7536d23038da35cc0ffc31a44a53089bec73649bed2efc673f50866091019457d2cb740d68a4dbe60dc9aef0694b4301ce6251f29de519651ae3fd45fa5fb51a90c75d9251c4e2d3ba28b3d9993be1fa9ec43c612ad6870811e6b26c7bb161a2fca89a51700f9d5cee20044e96533cefbcb7ceae601ca42f2ce843fac0b50628ee6d6e74cf6033554382ff3b1306c0d1f1503300c0f40"}]}}}}}}, 0x0)

81.588429ms ago: executing program 1 (id=7669):
clock_adjtime(0x0, &(0x7f0000001100)={0xd77, 0xf423f, 0xfffffffffffffffe, 0x0, 0x0, 0x4b, 0x8, 0x0, 0x0, 0xa12, 0x0, 0xfffffffffffffffc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xefe, 0x4, 0x0, 0x0, 0x2, 0x3, 0x80000000000000})
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201100100000008ac05640200000000000109022400010000e000090400000103000100092105010a012228000905"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x4000087, 0x2, 0x0)
keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x1000000, &(0x7f00000004c0)={[{@journal_ioprio}, {@jqfmt_vfsv1}, {@journal_async_commit}, {@barrier}]}, 0xfe, 0x7bc, &(0x7f0000001740)="$eJzs3d1rHOUaAPBnNknz0R6SA4dzTu8CB3oKpZumxlbBi4oXIlgo6LVtSLahZpMt2U1pQsEWEbwpqHgh6E2v/ah33voBXul/4YW0VpsWK15IZHZn87mbJmmym5LfD6bzvjOzfd5n3pmddzPDbgD71mD6Ty7icES8l0T0Z8uTiOiqljojztS2e7RwrScixpJYXHztt6S6zcOFa2Ox4jWpg1nlvxHx7TsRx3Lr45bn5idHi8XCTFYfqkxdHirPzR+/NDU6UZgoTJ8aHhk5efrZ06d2Ltfff5w/dPf9l///xZk/3/7P7ZvfJXEmDmXrVuaxUwZjMNsnXekuXOWlnQ7WZkm7G8C2pKdmR+0sj8PRHx3VUhO9rWwZALBb3oqIRQBgn0lc/wFgn6n/HeDhwrWx+tTev0i01r0XI6Knlv+jbKqt6czu2fVU74P2PUxW3RlJImJgB+IPRsQnX71xpCOrp+1wLw1ohes3IuLCwOD69/9k3TMLW3Vio5WL3dXZ4JrF++36A+30dTr+ea7R+C+3NP6JBuOf7tq5++8njd/0/F8aXOXuPGmMjaTjvxdqz7atGf8tPbQ20JHV/lFtVldy8VKxcCLbB6m0PlwtNR65HX3w14Nm8bPx32fpdP+DNz9N46fz5S1ydzq7V79mfLTS+f2TJL3CvRvRlxXX5J8s9X/SZPx7bpMxXnn+3Y+brUvzT/OtT+vz312LtyKONOz/5b5MNnw+cah6OAzVD4oGvvzpo75m8Vf2fzql8dP5zmfa2L0bEX33+yNJlvdBbc1S/gPJyuc1y1uP8cOt/m+arXt8/g2P/9EDyevV8oFs2dXRSmVmOOJA8ur65SeXX1uv17dP8z/6v8bnfy1s4+M//Ux4YZP5d9799fPt57+70vzHNz7+1/R/T7Z4ecnjCrcfTXY0i7+5/h+plo5mS9L+f1xem2nX9o5mAAAAAAAAAAAAAAAAAAAAAAAAANi6XEQciiSXXyrncvl87Te8/xV9uWKpXDl2sTQ7PR7V38oeiK5c/asu+1d8H+pw9pWt9frJNfVnIuKfEfFhd2+1nh8rFcfbnTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZA42+f3/1M/d7W4dALBretrdAACg5Vz/AWD/2dr1v3fX2gEAtI7P/wCw/2z6+n9hd9sBALSOz/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADssnNnz6bT4h8Lv3Sk9fErc7OTpSvHxwvlyfzU7Fh+rDRzOT9RKk0UC/mx0lTT/+h6bVYslS6PxPTs1aFKoVwZKs/Nn58qzU5Xzl+aGp0onC90tSwzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANi88tz85GixWJh52go3swRWrbq+nNgOB+1ta8p9e2CHry50xp5oxp4udMeeaMY2CyvfJXpb/K4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8PT4OwAA//8Z0BVT")
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x8004587d, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x12)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYBLOB='l'], 0x48}}, 0x0)
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000080)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xc, 0x4, 0x2, 0x0, 0x1, 0xfffffffe}, 0x50)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r6, &(0x7f00000003c0), &(0x7f0000000300)=@tcp=r7, 0x1}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e00)={r4, &(0x7f0000000840)="39045587109090f281380a41872f72d4b3983cc98c819c6f36fbc6bbca9f518d1e45731d2348cc699908a6645b1610804a70555985edf888", &(0x7f0000000d80)=""/104}, 0x20)

69.348324ms ago: executing program 4 (id=7670):
r0 = syz_usb_connect$uac2(0x5, 0x83, &(0x7f0000000000)=ANY=[@ANYBLOB="120100020000000882052500400001020301090271000301f81005080b020001052008090400000001012000092401fdff0a11004708240a0000057f000904010000010220000904010101010220000905010940000204d80825010230cc00000904020035633203193e"], 0x0)
syz_usb_control_io$uac2(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_vhci(&(0x7f0000000140)=ANY=[], 0xd)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x7, 0x3, &(0x7f0000000480)=@framed, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, 0x0)
close(0x3)
syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)

0s ago: executing program 7 (id=7671):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @mcast2}, 0x1c)
syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, '\x00', 0x18, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x2, 0xe15, 0x0, 0xfffffff6, [{0x5, 0x1, "c89600000500"}]}}}}}}, 0x0)
sendto$inet6(r0, &(0x7f0000001a00)="50053e93fb669c9b6e0c498276ec14cc50f4b8f92b1d70636197def495a3ff45c7950871b1b1db344791b5c2414305c0d01e27d1598c1fee9043c5574ba6b1faf7c3759f97388a351f1b5478e7ccd8dd61847abeecfbfc69e4095974ded92880760b7569233ce0f35dbddd46c9cc673d8f0e3160aa1b1c9777ca7a0d982aa95ab12c7d3568346fb3f65afd679e508fadd19a6932fe924c02a2aae4bb691c5bbd76e21a09c8fafddba218148acb75e02610bf32f1f707b8046b9e9cd8e0e62e14578085814a4c6732cb92459c939000673d9d4085892460d9049e9dd7d892681f4897d0806ae61d30bcd0817832edea4fc52ae9a9bf1c55481d99df4c4ef3489dec45c64b31b82d0cb610d7ab32c61a9fdfdeb88b63452a4d2b4cdd89c74aaaffd662887b8da2a63acfef48694cc63d012aa312ed1a73fef45c6cfc2def603a38b5a2f8b8d4e5abbc5500fc429dd42349533ead1b874fea4fea8779c6c2fbeeda047e9395197cf09638e75cf6e10705409853a6b4131229d4eeb656457b62892e6bd6f5d9507b86fc188c8d18f27d805fb365d4b8b7de4881e5989625c539872a15e3ca2a26cf365577ea463957b06d9fb3cff031f6301aa94e48b0fb28209dc380762b9816e72d67911bbd429e205d20809292a1cf1696404cd6d0407228ebbdfaa4a8add3570acd747e548d3165284760797d2c6697a655b4f22a13067b339073f49d8ee604b59a2e4cb073b8a9b7856d1ef7349a47d1130adc64084a9e4650f0908e849a8f059eff61cfa8c5cdb3822b87bbe3706dd042f6e2a7791fb5c9dc40db489a5abd4fd4becaafb7cbba23af1e8f156b6ef6dfcc55bad2db89e56e744f91d1a98123eb585c340aefb3d6c73ecfbd78beb28adf522d16dbf29ae04ccdd6a1c55865ef467066a478978981235a4c93a74f6670691640dde3d8bfa378772329046cf14213689d3a107df19e16e8af8fa1b72623391a5fd05e25128030e4aa2839136dd72478662c8e7ac78f5e2cd2b2d6d6b3337fa4310b29556c477a0e4dfec7fbd53fc98d9b4a3e6e9002d5bd5764d7a7401f59ac78593abdaa8d229e2a7b8245266373496ec97df588e6a14450a6e694969e092039cb24905ae7be0f06f39f4281017a9ca54f79f7984b0684ee311617a8fb68093d9d38a73a2eecfc19fb0826c98d9e8c12785bda6609058f072a8408b6b0066c6d9e17feab14580ff5e5db46239b0395dd2d6604a2a4844e52071d35efac7116a53abdd13a5dd69ea15739066158c4af41758027b9d7e27770e88edfcb64e3a2dc63d268f8c3b9d9fd454b7c34122cbf173c1f81ade3edcbb6d1448cbbdb92fef01600d378e0781b674224bb3316b97101bbc63f2c18c0c93851dc4d2696ac122ebd720add51bdca03c78b27513a2f9730be231bd3eda72e7421b67fd91ec1ae26316f03a8182deba0228ffd777675d097bf92916e182cd56e1aac7975410dc2911ec5a51626aa22ba7c3efc7cc3059a3bf70ec2b1b8073ea199946f581742c673758feb208308002897dee96eb3c8dc88922a6a0c62764d7597286ebe70e3537f3c8b61559a9a7883a4b96b0d6b4a34b81e11d0a76399c62eed19758ef5ae0d724135b0a3e9f475dee08cb7c4f44a707774e2839eeee001255d3aa974319bbb92e8ef9fdd82b42352b983e99d1a38a26d8c1a9d231c73d86912b0b97214df827ae918a8661b573c5c877bc6b0a733ee32fa06b3a9401f48d9", 0x4d1, 0x40084, &(0x7f0000000040)={0xa, 0x4e20, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}, 0x1c)

kernel console output (not intermixed with test programs):

ing to 7
[ 1272.157471][ T5747] usb 1-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[ 1272.166649][ T5747] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1272.174976][ T5747] usb 1-1: Product: syz
[ 1272.179181][ T5747] usb 1-1: Manufacturer: syz
[ 1272.702082][ T5747] usb 1-1: SerialNumber: syz
[ 1273.376483][ T5617] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 1273.413662][T27262] Bluetooth: hci3: command tx timeout
[ 1273.705483][ T5617] usb 2-1: Using ep0 maxpacket: 32
[ 1273.735573][ T5617] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1273.905776][ T5617] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1274.444670][ T5617] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[ 1274.454013][ T5617] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1274.462287][ T5617] usb 2-1: Product: syz
[ 1274.473129][ T5617] usb 2-1: Manufacturer: syz
[ 1274.486760][ T5617] usb 2-1: SerialNumber: syz
[ 1274.506025][ T5617] usb 2-1: config 0 descriptor??
[ 1274.747546][ T5747] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1274.767307][ T5747] snd-usb-audio 1-1:1.1: probe with driver snd-usb-audio failed with error -22
[ 1275.392020][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.420127][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.494051][T27262] Bluetooth: hci3: command tx timeout
[ 1275.552713][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.564622][ T5747] snd-usb-audio 1-1:1.2: probe with driver snd-usb-audio failed with error -22
[ 1275.579938][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.594599][ T5747] usb 1-1: USB disconnect, device number 122
[ 1275.610603][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.637228][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.670455][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.680384][T26090] udevd[26090]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1275.708992][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.740582][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.751250][T27303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7169'.
[ 1275.791878][T27303] gtp0: left promiscuous mode
[ 1276.004719][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.073583][   T29] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[ 1276.220852][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.236357][   T29] usb 4-1: config 246 has an invalid interface number: 166 but max is 0
[ 1276.263051][   T29] usb 4-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[ 1276.514343][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.610541][T27261] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1276.678665][T27261] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1276.722399][T27261] bridge_slave_0: entered allmulticast mode
[ 1276.792802][T27261] bridge_slave_0: entered promiscuous mode
[ 1276.878045][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1277.036285][T27261] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1277.101192][T27261] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1277.146464][   T29] usb 4-1: config 246 has no interface number 0
[ 1277.154416][   T29] usb 4-1: config 246 interface 166 altsetting 118 endpoint 0xB has invalid wMaxPacketSize 0
[ 1277.164956][   T29] usb 4-1: config 246 interface 166 altsetting 118 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1277.178864][   T29] usb 4-1: config 246 interface 166 has no altsetting 0
[ 1277.181957][T27261] bridge_slave_1: entered allmulticast mode
[ 1277.187908][   T29] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63
[ 1277.202472][   T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1277.213839][   T29] usb 4-1: Product: syz
[ 1277.218035][   T29] usb 4-1: Manufacturer: syz
[ 1277.222620][   T29] usb 4-1: SerialNumber: syz
[ 1277.223840][    T9] usb 2-1: USB disconnect, device number 11
[ 1277.271177][T27261] bridge_slave_1: entered promiscuous mode
[ 1277.404442][T27261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1277.456976][T27261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1277.613141][T27262] Bluetooth: hci3: command tx timeout
[ 1277.646199][T27261] team0: Port device team_slave_0 added
[ 1277.839554][T27261] team0: Port device team_slave_1 added
[ 1277.910990][T27339] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1278.170540][   T29] usb 4-1: Cannot retrieve CPort count: -32
[ 1278.188219][   T29] usb 4-1: Cannot retrieve CPort count: -32
[ 1278.210315][   T29] es2_ap_driver 4-1:246.166: probe with driver es2_ap_driver failed with error -32
[ 1278.234086][T27261] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1278.246012][T27261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1278.273223][T27261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1279.603521][T27261] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1279.617229][T27261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1279.658204][T27262] Bluetooth: hci3: command tx timeout
[ 1279.676149][T27261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1279.720370][ T5726] usb 4-1: USB disconnect, device number 7
[ 1279.790757][   T13] bridge_slave_1: left allmulticast mode
[ 1279.797247][   T13] bridge_slave_1: left promiscuous mode
[ 1279.810166][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1280.113769][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1280.159923][   T13] bridge_slave_0: left allmulticast mode
[ 1280.197224][   T13] bridge_slave_0: left promiscuous mode
[ 1280.214008][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1280.325130][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1280.334177][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1280.392612][    T9] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[ 1280.457285][    T9] usb 2-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[ 1280.525765][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1280.566586][    T9] usb 2-1: Product: syz
[ 1280.582802][    T9] usb 2-1: Manufacturer: syz
[ 1280.669034][    T9] usb 2-1: SerialNumber: syz
[ 1283.109671][    T9] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1283.123669][    T9] snd-usb-audio 2-1:1.1: probe with driver snd-usb-audio failed with error -22
[ 1283.193595][    T9] snd-usb-audio 2-1:1.2: probe with driver snd-usb-audio failed with error -22
[ 1283.208496][    T9] usb 2-1: USB disconnect, device number 12
[ 1283.238147][T26141] udevd[26141]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1283.566206][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1283.745902][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1283.760619][   T13] bond0 (unregistering): Released all slaves
[ 1283.812323][ T5277] 8021q: adding VLAN 0 to HW filter on device eth1
[ 1283.905234][T27261] hsr_slave_0: entered promiscuous mode
[ 1283.911914][T27261] hsr_slave_1: entered promiscuous mode
[ 1283.918365][T27261] debugfs: 'hsr0' already exists in 'hsr'
[ 1283.999724][T27261] Cannot create hsr debugfs directory
[ 1284.599019][T27421] __nla_validate_parse: 144 callbacks suppressed
[ 1284.599040][T27421] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7193'.
[ 1285.592309][T27421] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7193'.
[ 1285.642983][   T13] hsr_slave_0: left promiscuous mode
[ 1285.656060][   T13] hsr_slave_1: left promiscuous mode
[ 1285.681427][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1285.709612][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1285.752396][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1285.769804][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1285.804987][   T13] veth1_macvtap: left promiscuous mode
[ 1285.823559][   T13] veth0_macvtap: left promiscuous mode
[ 1285.841081][   T13] veth1_vlan: left promiscuous mode
[ 1285.863269][   T13] veth0_vlan: left promiscuous mode
[ 1286.632899][    T9] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[ 1286.837081][    T9] usb 4-1: config 246 has an invalid interface number: 166 but max is 0
[ 1287.796175][    T9] usb 4-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[ 1287.810075][    T9] usb 4-1: config 246 has no interface number 0
[ 1287.820129][    T9] usb 4-1: config 246 interface 166 altsetting 118 endpoint 0xB has invalid wMaxPacketSize 0
[ 1287.831519][    T9] usb 4-1: config 246 interface 166 altsetting 118 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1288.222080][    T9] usb 4-1: config 246 interface 166 has no altsetting 0
[ 1288.252292][    T9] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63
[ 1288.252349][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1288.252471][    T9] usb 4-1: Product: syz
[ 1288.252491][    T9] usb 4-1: Manufacturer: syz
[ 1288.252509][    T9] usb 4-1: SerialNumber: syz
[ 1288.397466][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1288.436193][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1288.488203][    T9] usb 4-1: Cannot retrieve CPort count: -71
[ 1288.508252][    T9] usb 4-1: Cannot retrieve CPort count: -71
[ 1288.535549][    T9] es2_ap_driver 4-1:246.166: probe with driver es2_ap_driver failed with error -71
[ 1288.577358][    T9] usb 4-1: USB disconnect, device number 8
[ 1288.890598][T27449] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[ 1288.904856][T27449] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[ 1288.921923][T27449] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[ 1288.933612][T27449] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1288.945053][T27449] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1288.988854][ T5277] 8021q: adding VLAN 0 to HW filter on device eth2
[ 1289.094129][T27472] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1290.486887][T27261] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1290.539372][T27261] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1290.575474][T27261] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1290.619618][T27261] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1290.677897][T27261] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1292.128721][T27261] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1292.262877][T27261] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1292.318952][T27261] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1293.151262][T27529] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7215'.
[ 1293.160456][T27529] netlink: 348 bytes leftover after parsing attributes in process `syz.1.7215'.
[ 1293.169639][T27529] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7215'.
[ 1293.178726][T27529] netlink: 348 bytes leftover after parsing attributes in process `syz.1.7215'.
[ 1293.189135][T27529] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7215'.
[ 1293.697348][T27261] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1293.776934][T27261] 8021q: adding VLAN 0 to HW filter on device team0
[ 1293.799674][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1293.806883][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1293.850228][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1293.857481][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1293.998026][T27546] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1294.161924][ T5277] 8021q: adding VLAN 0 to HW filter on device eth3
[ 1294.374196][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[ 1295.611776][ T5726] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[ 1295.859455][ T5726] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1295.899123][ T5726] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1296.024999][ T5726] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[ 1296.158628][ T5726] usb 4-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[ 1296.208927][ T5726] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1296.265985][ T5726] usb 4-1: Product: syz
[ 1296.332741][ T5726] usb 4-1: Manufacturer: syz
[ 1296.360201][ T5726] usb 4-1: SerialNumber: syz
[ 1297.792440][ T5277] 8021q: adding VLAN 0 to HW filter on device eth4
[ 1298.167585][T27261] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1298.886678][ T5726] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1299.602806][ T5726] snd-usb-audio 4-1:1.1: probe with driver snd-usb-audio failed with error -22
[ 1299.828248][ T5726] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -22
[ 1300.084998][T27636] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1300.517058][ T5726] usb 4-1: USB disconnect, device number 9
[ 1300.631389][T26141] udevd[26141]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1302.425880][T27261] veth0_vlan: entered promiscuous mode
[ 1302.472938][T27261] veth1_vlan: entered promiscuous mode
[ 1302.764327][   T29] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[ 1302.813995][T27261] veth0_macvtap: entered promiscuous mode
[ 1302.828138][T27261] veth1_macvtap: entered promiscuous mode
[ 1302.846892][T27261] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1302.865857][T27261] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1302.879200][T23155] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1302.895043][T23155] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1302.996144][T27665] loop3: detected capacity change from 0 to 40427
[ 1303.014827][T27665] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1303.022649][T27665] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1303.036850][   T29] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1303.048265][T27665] F2FS-fs (loop3): invalid crc value
[ 1303.070128][T23155] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.082733][   T29] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1303.097604][T23155] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.106669][   T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1303.124208][   T29] usb 1-1: config 0 descriptor??
[ 1303.126034][T27665] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1303.152140][T27665] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1303.159211][T27665] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1303.206351][T27672] syzkaller0: entered promiscuous mode
[ 1303.221909][T27672] syzkaller0: entered allmulticast mode
[ 1303.374583][   T29] usbhid 1-1:0.0: can't add hid device: -71
[ 1303.381347][   T29] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1303.857611][   T30] kauditd_printk_skb: 39 callbacks suppressed
[ 1303.857636][   T30] audit: type=1800 audit(1781856495.069:384): pid=27678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.7239" name="file1" dev="loop3" ino=10 res=0 errno=0
[ 1303.895393][   T29] usb 1-1: USB disconnect, device number 123
[ 1303.904387][T27672] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1303.938093][T27670] tipc: Resetting bearer <eth:syzkaller0>
[ 1304.004971][T27670] tipc: Disabling bearer <eth:syzkaller0>
[ 1304.053237][ T6424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1304.073887][ T6424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1304.113024][   T13] kworker/u8:1: attempt to access beyond end of device
[ 1304.113024][   T13] loop3: rw=1, sector=77824, nr_sectors = 2048 limit=40427
[ 1304.132760][T27667] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7241'.
[ 1304.187089][   T13] kworker/u8:1: attempt to access beyond end of device
[ 1304.187089][   T13] loop3: rw=1, sector=79872, nr_sectors = 2048 limit=40427
[ 1304.271731][   T29] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[ 1304.397725][ T6424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1304.421670][ T6424] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1304.522360][T27686] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1304.533762][   T29] usb 1-1: Using ep0 maxpacket: 32
[ 1304.544599][   T29] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1304.557142][   T13] kworker/u8:1: attempt to access beyond end of device
[ 1304.557142][   T13] loop3: rw=1, sector=49152, nr_sectors = 4096 limit=40427
[ 1304.571746][   T29] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[ 1304.593268][   T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1304.716489][   T29] usb 1-1: config 0 descriptor??
[ 1304.815387][   T29] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1304.841445][   T13] kworker/u8:1: attempt to access beyond end of device
[ 1304.841445][   T13] loop3: rw=1, sector=57344, nr_sectors = 4688 limit=40427
[ 1304.863463][   T29] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1306.300008][   T29] usb 1-1: USB disconnect, device number 124
[ 1306.329911][   T29] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[ 1307.802898][T27262] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1307.830111][T27262] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1307.838852][T27262] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1307.850869][T27262] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1307.864663][T27262] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1309.982547][T27262] Bluetooth: hci5: command tx timeout
[ 1310.921976][   T29] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[ 1311.125499][T27747] syzkaller0: entered promiscuous mode
[ 1311.145908][T27747] syzkaller0: entered allmulticast mode
[ 1311.154749][   T29] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1311.186765][T27747] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1311.211600][   T29] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1311.255669][   T29] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[ 1311.284957][T27745] tipc: Resetting bearer <eth:syzkaller0>
[ 1311.313951][   T29] usb 5-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[ 1311.337568][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1311.500530][   T29] usb 5-1: Product: syz
[ 1311.519712][   T29] usb 5-1: Manufacturer: syz
[ 1311.528576][T27745] tipc: Disabling bearer <eth:syzkaller0>
[ 1311.535995][   T29] usb 5-1: SerialNumber: syz
[ 1311.926776][ T5726] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1312.053041][T27262] Bluetooth: hci5: command tx timeout
[ 1312.269272][ T5726] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1312.492215][ T5726] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1312.510954][ T5726] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1312.536705][ T5726] usb 7-1: config 0 descriptor??
[ 1312.764242][ T5726] usbhid 7-1:0.0: can't add hid device: -71
[ 1312.788969][ T5726] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1312.832251][ T5726] usb 7-1: USB disconnect, device number 2
[ 1313.291476][ T5726] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1313.462958][ T5726] usb 7-1: Using ep0 maxpacket: 32
[ 1313.481453][ T5726] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1313.513642][ T5726] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[ 1313.592325][   T29] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1313.629948][ T5726] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1313.668549][   T29] snd-usb-audio 5-1:1.1: probe with driver snd-usb-audio failed with error -22
[ 1313.681798][T27721] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1313.707860][ T5726] usb 7-1: config 0 descriptor??
[ 1313.729487][T27721] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1313.750206][ T5726] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1313.781450][T27721] bridge_slave_0: entered allmulticast mode
[ 1313.826832][ T5726] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1313.844521][T27721] bridge_slave_0: entered promiscuous mode
[ 1313.903038][   T29] snd-usb-audio 5-1:1.2: probe with driver snd-usb-audio failed with error -22
[ 1313.936556][T27721] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1313.980621][T27721] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1313.989580][   T29] usb 5-1: USB disconnect, device number 100
[ 1314.036508][T27721] bridge_slave_1: entered allmulticast mode
[ 1314.044324][T26090] udevd[26090]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1314.191132][T27262] Bluetooth: hci5: command tx timeout
[ 1314.264352][T27721] bridge_slave_1: entered promiscuous mode
[ 1314.306789][T27761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1314.853526][T27721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1314.867853][T27721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1314.945842][T27761] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1314.959453][T27761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1314.969191][T27761] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1314.978597][T27761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1314.990178][T27761] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1315.075339][T27721] team0: Port device team_slave_0 added
[ 1315.110749][T27721] team0: Port device team_slave_1 added
[ 1315.261784][ T5617] usb 7-1: USB disconnect, device number 3
[ 1315.361088][ T5617] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[ 1315.641071][T27721] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1315.728076][T27721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1315.953103][T27721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1316.008538][T27721] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1316.052805][T27721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1316.052847][T27721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1316.291021][T27262] Bluetooth: hci5: command tx timeout
[ 1316.466872][T27721] hsr_slave_0: entered promiscuous mode
[ 1316.479914][T27721] hsr_slave_1: entered promiscuous mode
[ 1316.497336][T27721] debugfs: 'hsr0' already exists in 'hsr'
[ 1316.497408][T27721] Cannot create hsr debugfs directory
[ 1317.957680][T27846] loop3: detected capacity change from 0 to 4096
[ 1317.987696][T27846] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1318.071454][T27846] ext4: Unknown parameter 'nouser_xattr'
[ 1321.570816][ T5617] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 1321.786004][T27721] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1321.854282][ T5617] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1321.901096][T27721] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1321.931928][ T5617] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1321.959048][T27721] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1322.019733][ T5617] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1322.112650][T27721] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1322.195619][ T5617] usb 2-1: config 0 descriptor??
[ 1322.216953][T27721] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1322.286792][T27721] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1322.352986][T27721] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1322.525090][T27721] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1322.566682][ T5617] usbhid 2-1:0.0: can't add hid device: -71
[ 1322.580733][ T5617] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1322.596271][ T5617] usb 2-1: USB disconnect, device number 13
[ 1323.091965][ T5617] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1323.340639][ T5617] usb 2-1: Using ep0 maxpacket: 32
[ 1323.365079][ T5617] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1323.413634][ T5617] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[ 1323.448567][ T5617] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1323.501246][ T5617] usb 2-1: config 0 descriptor??
[ 1323.569755][ T5617] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1323.627190][ T5633] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1323.644207][ T5633] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1323.652619][ T5633] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1323.665013][ T5633] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1323.676372][ T5633] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1323.684722][ T5617] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1323.916408][T27721] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1324.826445][T27721] 8021q: adding VLAN 0 to HW filter on device team0
[ 1325.816427][ T5633] Bluetooth: hci1: command tx timeout
[ 1326.105172][ T5726] usb 2-1: USB disconnect, device number 14
[ 1326.131114][ T6422] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1326.138265][ T6422] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1326.169233][ T5726] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[ 1326.308391][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1326.316124][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1326.350506][T27715] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1327.890841][ T5633] Bluetooth: hci1: command tx timeout
[ 1328.780804][ T5747] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[ 1329.004069][T27721] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1329.381532][ T5747] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1329.419821][ T5747] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1329.970826][ T5633] Bluetooth: hci1: command tx timeout
[ 1330.230464][ T5747] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1330.264255][ T5747] usb 2-1: config 0 descriptor??
[ 1330.292773][T27721] veth0_vlan: entered promiscuous mode
[ 1330.487981][ T5747] usbhid 2-1:0.0: can't add hid device: -71
[ 1330.506902][ T5747] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1330.534640][ T5747] usb 2-1: USB disconnect, device number 15
[ 1330.543352][T27721] veth1_vlan: entered promiscuous mode
[ 1330.665908][T27903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1330.678815][T27903] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1330.721302][T27903] bridge_slave_0: entered allmulticast mode
[ 1330.746394][T27903] bridge_slave_0: entered promiscuous mode
[ 1330.777561][T27903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1330.789390][T27903] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1330.799522][T27903] bridge_slave_1: entered allmulticast mode
[ 1330.819699][T27903] bridge_slave_1: entered promiscuous mode
[ 1330.966920][T27903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1330.990213][ T5747] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1331.026409][T27903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1331.075707][T27721] veth0_macvtap: entered promiscuous mode
[ 1331.170656][ T5747] usb 2-1: Using ep0 maxpacket: 32
[ 1331.177058][T27903] team0: Port device team_slave_0 added
[ 1331.191963][ T5747] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1331.210714][T27903] team0: Port device team_slave_1 added
[ 1331.222949][ T5747] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[ 1331.237892][T27721] veth1_macvtap: entered promiscuous mode
[ 1331.254913][ T5747] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1331.321905][T27903] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1331.344567][T27903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1331.391385][ T5747] usb 2-1: config 0 descriptor??
[ 1331.409574][T27903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1331.428742][ T5747] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1331.463107][T27903] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1331.488576][ T5747] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1331.531820][T27903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1331.597020][T27903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1331.639388][T27721] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1331.767285][T27721] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1331.811749][T27903] hsr_slave_0: entered promiscuous mode
[ 1331.818390][T27903] hsr_slave_1: entered promiscuous mode
[ 1331.825800][T27903] debugfs: 'hsr0' already exists in 'hsr'
[ 1331.831665][T27903] Cannot create hsr debugfs directory
[ 1331.856422][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.876713][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.885995][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.915735][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.940256][ T5747] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[ 1331.969252][T27962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1331.984533][T27962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1332.007744][T27962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1332.018362][ T5767] usb 5-1: new full-speed USB device number 101 using dummy_hcd
[ 1332.033707][T27962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1332.048117][T27962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1332.050909][ T5633] Bluetooth: hci1: command tx timeout
[ 1332.059331][T27962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1332.100046][ T5747] usb 4-1: Using ep0 maxpacket: 32
[ 1332.110634][ T5747] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[ 1332.121466][ T5747] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1332.131102][ T5747] usb 4-1: Product: syz
[ 1332.135325][ T5747] usb 4-1: Manufacturer: syz
[ 1332.142199][ T6422] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1332.150060][ T5747] usb 4-1: SerialNumber: syz
[ 1332.152397][ T5747] usb 4-1: config 0 descriptor??
[ 1332.175422][ T6422] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1332.202281][ T5767] usb 5-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1332.232368][ T5767] usb 5-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[ 1332.252916][T27903] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1332.260847][ T5767] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1332.268076][ T5767] usb 5-1: New USB device found, idVendor=01c2, idProduct=2208, bcdDevice= 0.00
[ 1332.272534][T27903] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1332.278182][ T5767] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1332.287044][T27903] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1332.302065][ T5767] usb 5-1: config 0 descriptor??
[ 1332.308696][T28002] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1332.314485][   T29] usb 2-1: USB disconnect, device number 16
[ 1332.332084][   T29] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[ 1332.343777][T27903] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1332.360565][T27903] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1332.367436][T23155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1332.382087][ T5747] peak_usb 4-1:0.0 can0: unable to request usb[type=0 value=1] err=-32
[ 1332.392677][T23155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1332.403419][T27903] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1332.411645][ T5747] peak_usb 4-1:0.0: unable to read PCAN-USB Pro firmware info (err -32)
[ 1332.421430][T27903] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1332.431375][T27903] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1332.492100][ T5747] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -32
[ 1332.529656][T27903] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1332.565548][T27903] 8021q: adding VLAN 0 to HW filter on device team0
[ 1332.595429][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1332.602592][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1332.629171][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1332.636338][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1332.980936][ T5767] hid-generic 0003:01C2:2208.001C: ignoring exceeding usage max
[ 1332.995582][ T5767] hid_parser_main: 15 callbacks suppressed
[ 1332.995623][ T5767] hid-generic 0003:01C2:2208.001C: unknown main item tag 0x0
[ 1333.016815][ T5767] hid-generic 0003:01C2:2208.001C: unknown main item tag 0x0
[ 1333.079622][T28024] netlink: 24 bytes leftover after parsing attributes in process `syz.6.7310'.
[ 1333.305881][T28027] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1333.980495][ T5767] hid-generic 0003:01C2:2208.001C: unknown main item tag 0x0
[ 1333.989343][ T5767] hid-generic 0003:01C2:2208.001C: unknown main item tag 0x0
[ 1334.006453][ T5767] hid-generic 0003:01C2:2208.001C: unknown main item tag 0x0
[ 1334.015221][ T5767] hid-generic 0003:01C2:2208.001C: item fetching failed at offset 37/40
[ 1334.027211][ T5767] hid-generic 0003:01C2:2208.001C: probe with driver hid-generic failed with error -22
[ 1334.250357][ T5767] usb 5-1: USB disconnect, device number 101
[ 1334.685659][T28040] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1335.087520][T28011] usb 4-1: USB disconnect, device number 10
[ 1335.587132][T27903] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1335.663050][T28058] loop3: detected capacity change from 0 to 128
[ 1339.310096][T28011] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[ 1340.327827][T28011] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1340.354580][T28087] loop6: detected capacity change from 0 to 256
[ 1340.411069][T28087] exFAT-fs (loop6): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[ 1340.433617][T28011] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1340.445026][T28087] exFAT-fs (loop6): failed to load alloc-bitmap
[ 1340.465030][T28089] netlink: 220 bytes leftover after parsing attributes in process `syz.3.7327'.
[ 1340.481994][T28011] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1340.485985][T28087] exFAT-fs (loop6): failed to recognize exfat type
[ 1340.535414][T28011] usb 5-1: config 0 descriptor??
[ 1340.694709][T27903] veth0_vlan: entered promiscuous mode
[ 1340.853865][T28011] usbhid 5-1:0.0: can't add hid device: -71
[ 1340.864932][T28011] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1340.874999][T27903] veth1_vlan: entered promiscuous mode
[ 1340.885727][T28011] usb 5-1: USB disconnect, device number 102
[ 1340.907519][T27903] veth0_macvtap: entered promiscuous mode
[ 1340.943637][T27903] veth1_macvtap: entered promiscuous mode
[ 1341.022499][T27903] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1341.072815][T28101] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1341.118608][T27903] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1341.184282][T23155] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1341.213812][T23155] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1341.243100][T23155] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1341.267485][T28105] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1341.303845][T23155] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1341.338661][T28108] loop6: detected capacity change from 0 to 512
[ 1341.346916][T28108] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[ 1341.359821][T28011] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[ 1341.375204][T28108] EXT4-fs (loop6): 1 truncate cleaned up
[ 1341.382661][T28108] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1341.710548][T28011] usb 5-1: Using ep0 maxpacket: 32
[ 1341.797288][T28011] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1341.960173][T28011] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[ 1342.033207][T28011] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1342.134919][T28011] usb 5-1: config 0 descriptor??
[ 1342.351040][T28011] usb 5-1: can't set config #0, error -71
[ 1342.382543][T28011] usb 5-1: USB disconnect, device number 103
[ 1342.661819][T28120] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[ 1342.668393][T28120] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1342.692422][T28120] vhci_hcd vhci_hcd.0: Device attached
[ 1342.931788][ T5747] usb 41-1: new high-speed USB device number 3 using vhci_hcd
[ 1343.496747][T28121] vhci_hcd: connection reset by peer
[ 1343.520632][ T6419] vhci_hcd vhci_hcd.4: stop threads
[ 1343.538481][ T6419] vhci_hcd vhci_hcd.4: release socket
[ 1343.560458][ T6419] vhci_hcd vhci_hcd.4: disconnect device
[ 1343.868967][T10086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1343.929667][T10086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1344.071042][ T6419] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1344.206372][ T6419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1344.592236][T27261] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1345.663272][T28143] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1345.669835][T28143] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1345.776798][T28143] vhci_hcd vhci_hcd.0: Device attached
[ 1345.825428][T28146] vhci_hcd: connection closed
[ 1345.972419][   T29] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1346.069304][   T29] usb 33-1: new full-speed USB device number 3 using vhci_hcd
[ 1346.077136][T28147] vhci_hcd: sendmsg failed!, ret=-32 for 48
[ 1346.346720][   T13] vhci_hcd vhci_hcd.0: stop threads
[ 1346.374411][   T13] vhci_hcd vhci_hcd.0: release socket
[ 1346.388990][   T13] vhci_hcd vhci_hcd.0: disconnect device
[ 1346.688198][T28155] loop7: detected capacity change from 0 to 1024
[ 1346.869807][T28155] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1347.768027][T28155] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1347.862378][T28011] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[ 1348.044832][T28011] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1348.321976][ T5747] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1348.351688][T28011] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1348.360996][T28011] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1348.371892][T28011] usb 4-1: config 0 descriptor??
[ 1348.382813][T28174] input: syz1 as /devices/virtual/input/input63
[ 1348.429500][T28177] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[ 1348.436045][T28177] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1348.521664][T28177] vhci_hcd vhci_hcd.0: Device attached
[ 1348.537526][T27903] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1348.588291][T28011] usbhid 4-1:0.0: can't add hid device: -71
[ 1348.613034][T28011] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1348.655902][T28011] usb 4-1: USB disconnect, device number 11
[ 1348.819176][ T5617] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1348.899505][ T5747] usb 41-1: device descriptor read/64, error -110
[ 1349.820623][ T5617] usb 7-1: config 0 has no interfaces?
[ 1349.832227][T28178] vhci_hcd: connection closed
[ 1349.834454][  T136] vhci_hcd vhci_hcd.4: stop threads
[ 1349.836429][ T5617] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1349.881905][ T5617] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1349.893275][  T136] vhci_hcd vhci_hcd.4: release socket
[ 1349.895465][ T5617] usb 7-1: config 0 descriptor??
[ 1350.032488][T28011] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 1350.040585][ T5747] usb 41-1: new high-speed USB device number 4 using vhci_hcd
[ 1350.070409][T28196] tipc: Started in network mode
[ 1350.077558][  T136] vhci_hcd vhci_hcd.4: disconnect device
[ 1350.094975][T28196] tipc: Node identity 365260e5c73e, cluster identity 4711
[ 1350.199044][T28011] usb 4-1: Using ep0 maxpacket: 32
[ 1350.243549][T28011] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1350.312321][T28011] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[ 1350.339153][ T5617] usb 7-1: USB disconnect, device number 4
[ 1350.797945][T28011] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1350.832896][T28196] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1350.923111][T28195] tipc: Disabling bearer <eth:syzkaller0>
[ 1351.018131][T28207] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1351.432925][T28210] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1351.439516][T28210] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1351.772429][T28210] vhci_hcd vhci_hcd.0: Device attached
[ 1351.795398][T28216] vhci_hcd: connection closed
[ 1351.795621][T28011] usb 4-1: config 0 descriptor??
[ 1351.796188][T23155] vhci_hcd vhci_hcd.3: stop threads
[ 1351.818495][T28011] usb 4-1: can't set config #0, error -71
[ 1351.935060][   T29] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1352.057834][T28011] usb 4-1: USB disconnect, device number 12
[ 1352.799257][T23155] vhci_hcd vhci_hcd.3: release socket
[ 1352.819838][T23155] vhci_hcd vhci_hcd.3: disconnect device
[ 1353.781214][T14948] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1355.164790][ T5747] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1355.812595][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[ 1356.129661][T28252] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1356.251185][    T9] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 1356.329891][T28251] tipc: Disabling bearer <eth:syzkaller0>
[ 1356.963015][T28262] netlink: 'syz.7.7378': attribute type 3 has an invalid length.
[ 1357.311065][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1357.323615][    T9] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1357.333969][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1357.359044][ T5726] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1358.392805][    T9] usb 1-1: config 0 descriptor??
[ 1359.139184][    T9] usbhid 1-1:0.0: can't add hid device: -71
[ 1359.158582][ T5726] usb 4-1: Using ep0 maxpacket: 16
[ 1359.164338][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1359.184329][ T5726] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1359.221318][    T9] usb 1-1: USB disconnect, device number 125
[ 1359.228003][ T5726] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1359.276239][ T5726] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1359.337092][ T5726] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1359.404266][ T5726] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1359.532922][T22276] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1360.627142][T28289] input: syz1 as /devices/virtual/input/input66
[ 1360.860638][    T9] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 1360.900647][ T5726] usb 4-1: config 0 descriptor??
[ 1360.980339][ T5726] usb 4-1: can't set config #0, error -71
[ 1361.008175][ T5726] usb 4-1: USB disconnect, device number 13
[ 1361.048587][    T9] usb 1-1: Using ep0 maxpacket: 32
[ 1361.157405][    T9] usb 1-1: device descriptor read/all, error -71
[ 1361.237790][T27262] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1361.246046][T27262] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1361.254281][T27262] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1361.268816][T27262] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1361.280017][T27262] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1361.565945][T28304] syzkaller0: entered promiscuous mode
[ 1361.606804][T28304] syzkaller0: entered allmulticast mode
[ 1361.640885][T28305] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1361.696815][T28303] tipc: Resetting bearer <eth:syzkaller0>
[ 1361.740887][T28303] tipc: Disabling bearer <eth:syzkaller0>
[ 1363.628443][ T5633] Bluetooth: hci6: command tx timeout
[ 1364.503201][T28325] syzkaller0: entered promiscuous mode
[ 1364.510038][T28325] syzkaller0: entered allmulticast mode
[ 1365.668221][ T5633] Bluetooth: hci6: command tx timeout
[ 1366.518537][T28345] input: syz1 as /devices/virtual/input/input67
[ 1366.523263][ T5726] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1366.710354][ T5726] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1366.752856][ T5726] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1366.821210][ T5726] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1366.902491][ T5726] usb 2-1: config 0 descriptor??
[ 1367.164737][ T5726] usbhid 2-1:0.0: can't add hid device: -71
[ 1367.728219][ T5633] Bluetooth: hci6: command tx timeout
[ 1367.993096][ T5726] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1368.077761][ T5726] usb 2-1: USB disconnect, device number 17
[ 1370.238524][T27262] Bluetooth: hci6: command tx timeout
[ 1371.221308][T28294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1371.247906][   T29] kernel read not supported for file /1635/net/dev_mcast (pid: 29 comm: kworker/1:1)
[ 1371.275822][T28294] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1371.311790][T28294] bridge_slave_0: entered allmulticast mode
[ 1371.335466][T28294] bridge_slave_0: entered promiscuous mode
[ 1371.400548][T28294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1371.548245][T28294] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1371.578114][T28294] bridge_slave_1: entered allmulticast mode
[ 1371.585286][T28294] bridge_slave_1: entered promiscuous mode
[ 1372.218277][T28294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1372.505069][T28294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1373.311949][T28409] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1373.345007][T28409] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[ 1373.355134][T28409] overlayfs: failed to look up (tracing) for ino (-66)
[ 1374.839803][T28410] input: syz1 as /devices/virtual/input/input68
[ 1375.256829][T28294] team0: Port device team_slave_0 added
[ 1375.302367][T28294] team0: Port device team_slave_1 added
[ 1376.389872][T28294] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1376.397855][T28294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1376.430767][T28294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1376.452856][T28294] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1376.462254][T28294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1376.492173][T28294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1377.682903][T28294] hsr_slave_0: entered promiscuous mode
[ 1377.836804][T28294] hsr_slave_1: entered promiscuous mode
[ 1378.839287][T28294] debugfs: 'hsr0' already exists in 'hsr'
[ 1378.877258][T28294] Cannot create hsr debugfs directory
[ 1380.895329][T28446] loop2: detected capacity change from 0 to 7
[ 1380.923187][T28446] Dev loop2: unable to read RDB block 7
[ 1380.947482][T28446]  loop2: AHDI p1 p2 p3
[ 1380.964831][T28446] loop2: partition table partially beyond EOD, truncated
[ 1380.992672][T28446] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1381.023997][T28446] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1381.327871][T28455] xt_hashlimit: size too large, truncated to 1048576
[ 1381.410094][   T29] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[ 1381.611030][   T29] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1381.651462][   T29] usb 7-1: not running at top speed; connect to a high speed hub
[ 1381.688428][   T29] usb 7-1: config 14 has an invalid interface number: 57 but max is 1
[ 1381.721788][T28294] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1381.733629][   T29] usb 7-1: config 14 has an invalid interface number: 228 but max is 1
[ 1381.748799][   T29] usb 7-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config
[ 1381.769979][T28294] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1381.786409][T28294] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1381.793474][   T29] usb 7-1: config 14 has no interface number 0
[ 1381.801271][   T29] usb 7-1: config 14 has no interface number 1
[ 1381.808467][   T29] usb 7-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[ 1381.820789][   T29] usb 7-1: config 14 interface 228 altsetting 5 has an endpoint descriptor with address 0xD1, changing to 0x81
[ 1381.835183][T28294] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1381.865962][T28294] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1381.877103][   T29] usb 7-1: config 14 interface 228 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1381.907574][T28294] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1381.936587][   T29] usb 7-1: config 14 interface 228 altsetting 5 endpoint 0x81 has invalid maxpacket 137, setting to 64
[ 1381.951776][T28294] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1381.972652][   T29] usb 7-1: config 14 interface 57 has no altsetting 0
[ 1381.988185][T28294] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1382.014544][   T29] usb 7-1: config 14 interface 228 has no altsetting 0
[ 1382.074263][   T29] usb 7-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13
[ 1382.144371][   T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1382.225584][   T29] usb 7-1: Product: syz
[ 1382.259445][   T29] usb 7-1: Manufacturer: syz
[ 1382.299481][   T29] usb 7-1: SerialNumber: syz
[ 1382.891424][T28476] loop7: detected capacity change from 0 to 256
[ 1382.914812][   T29] legousbtower 7-1:14.57: interrupt endpoints not found
[ 1382.984007][T28294] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1383.118367][T28478] syzkaller0: entered promiscuous mode
[ 1383.125052][T28478] syzkaller0: entered allmulticast mode
[ 1383.171523][T28481] loop7: detected capacity change from 0 to 512
[ 1383.311145][   T29] legousbtower 7-1:14.228: LEGO USB Tower firmware version is 0.0 build 0
[ 1383.352993][   T29] legousbtower 7-1:14.228: LEGO USB Tower #-160 now attached to major 180 minor 0
[ 1383.372086][T28481] EXT4-fs (loop7): failed to open journal device unknown-block(0,0) -ENXIO
[ 1383.539749][T28465] loop3: detected capacity change from 0 to 40427
[ 1383.570423][T28465] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1383.592958][T28465] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1383.630254][T28294] 8021q: adding VLAN 0 to HW filter on device team0
[ 1383.674456][T10086] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1383.681813][T10086] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1383.752332][T10086] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1383.759492][T10086] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1383.774628][T28465] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1383.788372][T28465] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1383.802178][T28465] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1383.873109][T28494] usb 7-1: LEGO USB Tower reset control request failed
[ 1383.888838][ T5617] usb 7-1: USB disconnect, device number 5
[ 1383.915261][ T5617] legousbtower 7-1:14.228: LEGO USB Tower #-160 now disconnected
[ 1384.088432][   T29] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1384.238179][T28506] netlink: 44 bytes leftover after parsing attributes in process `syz.7.7449'.
[ 1384.250532][   T29] usb 2-1: Using ep0 maxpacket: 16
[ 1384.272811][T28506] netlink: 51 bytes leftover after parsing attributes in process `syz.7.7449'.
[ 1384.285140][   T29] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1384.308262][T28506] netlink: 51 bytes leftover after parsing attributes in process `syz.7.7449'.
[ 1384.338187][   T29] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1384.377388][   T29] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1384.441770][T28508] input: syz1 as /devices/virtual/input/input69
[ 1384.444014][   T29] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1384.511055][   T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1384.584090][   T29] usb 2-1: config 0 descriptor??
[ 1385.053611][   T29] microsoft 0003:045E:07DA.001D: ignoring exceeding usage max
[ 1385.119138][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.170788][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.221234][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.269298][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.311152][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.353852][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.395342][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.430565][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.470296][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.517416][   T29] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[ 1385.579587][   T29] microsoft 0003:045E:07DA.001D: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1385.636094][   T29] microsoft 0003:045E:07DA.001D: no inputs found
[ 1385.648635][T28294] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1385.674898][   T29] microsoft 0003:045E:07DA.001D: could not initialize ff, continuing anyway
[ 1385.763477][   T29] usb 2-1: USB disconnect, device number 19
[ 1385.909446][T28532] loop7: detected capacity change from 0 to 256
[ 1385.929697][T28528] fido_id[28528]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 1385.962141][T28532] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x39601bbf, utbl_chksum : 0xe619d30d)
[ 1386.659698][T28549] loop7: detected capacity change from 0 to 512
[ 1386.681267][T28549] EXT4-fs: Ignoring removed orlov option
[ 1386.691107][T28551] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[ 1386.697618][T28551] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1386.730943][T28549] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[ 1386.763828][T28551] vhci_hcd vhci_hcd.0: Device attached
[ 1386.794999][T28549] EXT4-fs error (device loop7): ext4_ext_check_inode:521: inode #16: comm syz.7.7461: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 28(0), depth 0(0)
[ 1386.852984][T28549] loop7: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[ 1386.853390][T28549] EXT4-fs error (device loop7): ext4_orphan_get:1404: comm syz.7.7461: couldn't read orphan inode 16 (err -117)
[ 1386.862707][    C1] EXT4-fs (loop7): error count since last fsck: 1
[ 1386.862731][    C1] EXT4-fs (loop7): initial error at time 1781856578: ext4_ext_check_inode:521: inode 16
[ 1386.862769][    C1] EXT4-fs (loop7): last error at time 1781856578: ext4_ext_check_inode:521: inode 16
[ 1386.960620][T28529] loop6: detected capacity change from 0 to 40427
[ 1386.984600][T28529] F2FS-fs (loop6): invalid crc value
[ 1387.037388][   T29] usb 35-1: new high-speed USB device number 2 using vhci_hcd
[ 1387.063452][T28294] veth0_vlan: entered promiscuous mode
[ 1387.100311][T28549] loop7: lost filesystem error report for type 5 error -117
[ 1387.100686][T28549] EXT4-fs (loop7): 1 orphan inode deleted
[ 1387.143033][T28294] veth1_vlan: entered promiscuous mode
[ 1387.177465][T28549] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1387.220170][T28529] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[ 1387.249092][T28529] F2FS-fs (loop6): Start checkpoint disabled!
[ 1387.266752][T28294] veth0_macvtap: entered promiscuous mode
[ 1387.276236][T28529] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0
[ 1387.297243][T28529] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[ 1387.309861][T28294] veth1_macvtap: entered promiscuous mode
[ 1387.320829][T28549] EXT4-fs error (device loop7): ext4_lookup:1785: inode #15: comm syz.7.7461: iget: bad extra_isize 46 (inode size 256)
[ 1387.352702][T28549] overlayfs: failed to resolve './file1': -117
[ 1387.390692][T28294] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1387.432644][T28294] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1387.454055][T28529] Invalid ELF header magic: != ELF
[ 1387.482126][T27903] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1387.498387][T28072] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1387.513942][T28560] loop3: detected capacity change from 0 to 256
[ 1387.523500][T28072] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1387.558949][T25477] kworker/u8:9: attempt to access beyond end of device
[ 1387.558949][T25477] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1387.564948][T28072] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1387.590517][T25477] CPU: 0 UID: 0 PID: 25477 Comm: kworker/u8:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1387.590555][T25477] Tainted: [L]=SOFTLOCKUP
[ 1387.590565][T25477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1387.590585][T25477] Workqueue: writeback wb_workfn (flush-7:6)
[ 1387.590632][T25477] Call Trace:
[ 1387.590645][T25477]  <TASK>
[ 1387.590655][T25477]  dump_stack_lvl+0xe8/0x150
[ 1387.590685][T25477]  f2fs_stop_checkpoint+0x3c2/0x580
[ 1387.590716][T25477]  f2fs_write_end_io+0x124b/0x1710
[ 1387.590760][T25477]  __submit_merged_bio+0x258/0x6a0
[ 1387.590791][T25477]  __submit_merged_write_cond+0x3c9/0x4e0
[ 1387.590832][T25477]  ? __pfx___submit_merged_write_cond+0x10/0x10
[ 1387.590866][T25477]  ? folio_clear_dirty_for_io+0x1bf/0x820
[ 1387.590890][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.590920][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.590954][T25477]  f2fs_write_data_pages+0x2a27/0x36f0
[ 1387.591006][T25477]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1387.591036][T25477]  ? rcu_is_watching+0x15/0xb0
[ 1387.591072][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591101][T25477]  ? cfg80211_inform_single_bss_data+0x1499/0x1be0
[ 1387.591163][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591192][T25477]  ? __asan_memset+0x22/0x50
[ 1387.591229][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591258][T25477]  ? rcu_is_watching+0x15/0xb0
[ 1387.591287][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591322][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591354][T25477]  ? rcu_is_watching+0x15/0xb0
[ 1387.591384][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591413][T25477]  ? lock_release+0x4b/0x3c0
[ 1387.591439][T25477]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1387.591472][T25477]  do_writepages+0x338/0x560
[ 1387.591517][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591546][T25477]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1387.591583][T25477]  __writeback_single_inode+0x12e/0xf90
[ 1387.591616][T25477]  writeback_sb_inodes+0x9de/0x1b00
[ 1387.591647][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591687][T25477]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1387.591736][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591766][T25477]  ? rcu_is_watching+0x15/0xb0
[ 1387.591793][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591830][T25477]  ? queue_io+0x2d3/0x470
[ 1387.591857][T25477]  wb_writeback+0x41c/0xad0
[ 1387.591883][T25477]  ? queue_io+0x2a1/0x470
[ 1387.591911][T25477]  ? __pfx_wb_writeback+0x10/0x10
[ 1387.591933][T25477]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1387.591966][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.591993][T25477]  ? rcu_is_watching+0x15/0xb0
[ 1387.592018][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592049][T25477]  wb_workfn+0x431/0x10f0
[ 1387.592093][T25477]  ? __pfx_wb_workfn+0x10/0x10
[ 1387.592129][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592158][T25477]  ? trace_irq_enable+0x3b/0x140
[ 1387.592197][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592227][T25477]  ? irqentry_exit+0x218/0x8f0
[ 1387.592256][T25477]  ? trace_irq_disable+0x3b/0x140
[ 1387.592297][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592326][T25477]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1387.592361][T25477]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1387.592397][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592426][T25477]  ? rcu_is_watching+0x15/0xb0
[ 1387.592454][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592483][T25477]  ? lock_acquire+0x5f/0x350
[ 1387.592510][T25477]  ? rcu_is_watching+0x15/0xb0
[ 1387.592537][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592568][T25477]  ? process_scheduled_works+0xa20/0x14e0
[ 1387.592604][T25477]  process_scheduled_works+0xa8e/0x14e0
[ 1387.592655][T25477]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1387.592694][T25477]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1387.592730][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592761][T25477]  ? assign_work+0x3cf/0x5d0
[ 1387.592800][T25477]  worker_thread+0xa47/0xfb0
[ 1387.592844][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.592881][T25477]  ? __kthread_parkme+0x71/0x1f0
[ 1387.592926][T25477]  kthread+0x388/0x470
[ 1387.592952][T25477]  ? __pfx_worker_thread+0x10/0x10
[ 1387.592987][T25477]  ? __pfx_kthread+0x10/0x10
[ 1387.593013][T25477]  ret_from_fork+0x514/0xb70
[ 1387.593042][T25477]  ? __pfx_ret_from_fork+0x10/0x10
[ 1387.593069][T25477]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1387.593098][T25477]  ? __switch_to+0xc89/0x1420
[ 1387.593138][T25477]  ? __pfx_kthread+0x10/0x10
[ 1387.593163][T25477]  ret_from_fork_asm+0x1a/0x30
[ 1387.593205][T25477]  </TASK>
[ 1388.223680][T25477] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1388.292743][T28560] FAT-fs (loop3): Directory bread(block 64) failed
[ 1388.321801][T28560] FAT-fs (loop3): Directory bread(block 65) failed
[ 1388.548697][T25477] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1388.558571][T28560] FAT-fs (loop3): Directory bread(block 66) failed
[ 1388.603577][T28560] FAT-fs (loop3): Directory bread(block 67) failed
[ 1388.625472][T28560] FAT-fs (loop3): Directory bread(block 68) failed
[ 1388.649078][T28560] FAT-fs (loop3): Directory bread(block 69) failed
[ 1388.680595][T28552] vhci_hcd: connection reset by peer
[ 1388.693499][T10090] vhci_hcd vhci_hcd.1: stop threads
[ 1388.701914][T28560] FAT-fs (loop3): Directory bread(block 70) failed
[ 1388.723501][T10090] vhci_hcd vhci_hcd.1: release socket
[ 1388.729345][T28011] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1388.742368][T28560] FAT-fs (loop3): Directory bread(block 71) failed
[ 1388.754413][T10090] vhci_hcd vhci_hcd.1: disconnect device
[ 1388.763897][T28560] FAT-fs (loop3): Directory bread(block 72) failed
[ 1388.779400][T28560] FAT-fs (loop3): Directory bread(block 73) failed
[ 1388.790387][T10090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1388.811904][T10090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1388.887152][T28011] usb 1-1: Using ep0 maxpacket: 32
[ 1388.900910][T28011] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[ 1388.946896][T28011] usb 1-1: config 0 has no interface number 0
[ 1388.955546][T10090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1388.966491][T10090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1388.976899][T28011] usb 1-1: config 0 interface 184 has no altsetting 0
[ 1389.023687][T28011] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1389.037170][T28011] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1389.065268][T28011] usb 1-1: Product: syz
[ 1389.077799][T28011] usb 1-1: Manufacturer: syz
[ 1389.095633][T28011] usb 1-1: SerialNumber: syz
[ 1389.125764][T28011] usb 1-1: config 0 descriptor??
[ 1390.120041][T28011] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1390.354232][T28011] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1390.648144][T28591] loop7: detected capacity change from 0 to 1024
[ 1390.659706][ T5633] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1390.674093][T28591] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1390.689947][ T5633] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1390.697803][ T5633] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1390.731584][ T5633] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1390.739508][T23124] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1390.754541][ T5633] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1390.755379][T28591] EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[ 1390.788716][ T5726] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1390.989864][T28591] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869)
[ 1391.049391][T28605] loop4: detected capacity change from 0 to 512
[ 1391.124661][T28011] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[ 1391.140542][T28605] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1391.152486][T28591] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[ 1391.176033][T28605] EXT4-fs error (device loop4): ext4_orphan_get:1399: inode #15: comm syz.4.7477: inode has both inline data and extents flags
[ 1391.181184][T28011] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[ 1391.189186][T28605] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[ 1391.189513][T28605] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.7477: couldn't read orphan inode 15 (err -117)
[ 1391.226795][    C0] EXT4-fs (loop4): error count since last fsck: 1
[ 1391.226813][    C0] EXT4-fs (loop4): initial error at time 1781856582: ext4_orphan_get:1399: inode 15
[ 1391.226847][    C0] EXT4-fs (loop4): last error at time 1781856582: ext4_orphan_get:1399: inode 15
[ 1391.227647][T28011] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1391.228000][T28011] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[ 1391.278576][T28591] EXT4-fs error (device loop7): ext4_get_journal_inode:5900: comm syz.7.7474: inode #63: comm syz.7.7474: iget: illegal inode #
[ 1391.281201][T28011] usb 1-1: USB disconnect, device number 2
[ 1391.291783][T28591] loop7: lost filesystem error report for type 5 error -117
[ 1391.334413][    C0] EXT4-fs (loop7): error count since last fsck: 1
[ 1391.348455][    C0] EXT4-fs (loop7): initial error at time 1781856582: ext4_get_journal_inode:5900
[ 1391.357582][    C0] EXT4-fs (loop7): last error at time 1781856582: ext4_get_journal_inode:5900
[ 1391.370357][T28591] EXT4-fs (loop7): no journal found
[ 1391.375561][T28591] EXT4-fs (loop7): can't get journal size
[ 1391.384081][T28591] EXT4-fs (loop7): failed to initialize system zone (-22)
[ 1391.391273][T28591] EXT4-fs (loop7): mount failed
[ 1391.420938][T28605] loop4: lost filesystem error report for type 5 error -117
[ 1391.427012][T28605] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1391.569700][T28605] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2"
[ 1391.894213][T28294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1392.288336][   T29] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1392.783642][ T5726] usb 4-1: config 0 has no interfaces?
[ 1392.789672][ T5726] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1392.799899][ T5726] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1392.847035][T27262] Bluetooth: hci2: command tx timeout
[ 1392.864110][ T5726] usb 4-1: config 0 descriptor??
[ 1394.913371][    T9] usb 4-1: USB disconnect, device number 14
[ 1394.926521][T27262] Bluetooth: hci2: command tx timeout
[ 1395.148764][T28652] loop3: detected capacity change from 0 to 2048
[ 1395.204690][T28659] loop7: detected capacity change from 0 to 256
[ 1395.242249][T28652] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1395.255410][T28652] ext4 filesystem being mounted at /535/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1395.287079][T28659] exFAT-fs (loop7): failed to test first cluster bit of root dir(5)
[ 1395.461361][T28659] exFAT-fs (loop7): start_clu is invalid cluster(0x400)
[ 1395.513820][T28596] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1395.557652][T28596] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1395.564967][T28596] bridge_slave_0: entered allmulticast mode
[ 1395.572265][T28596] bridge_slave_0: entered promiscuous mode
[ 1395.605244][T28596] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1395.653547][T28596] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1395.665118][T28596] bridge_slave_1: entered allmulticast mode
[ 1395.676838][T28596] bridge_slave_1: entered promiscuous mode
[ 1395.809490][T28596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1395.825769][T28596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1395.871424][   T29] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[ 1395.908281][T28596] team0: Port device team_slave_0 added
[ 1395.911604][   T29] hid-generic 0000:0000:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1395.919817][T28596] team0: Port device team_slave_1 added
[ 1395.982140][T17303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1396.030781][T28596] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1396.037767][T28596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1396.086091][T28596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1396.238094][T28596] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1396.245077][T28596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1396.274922][T28596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1397.006431][ T5633] Bluetooth: hci2: command tx timeout
[ 1397.061682][T28596] hsr_slave_0: entered promiscuous mode
[ 1397.089835][T28596] hsr_slave_1: entered promiscuous mode
[ 1397.117843][T28596] debugfs: 'hsr0' already exists in 'hsr'
[ 1397.133735][T28596] Cannot create hsr debugfs directory
[ 1397.402975][   T29] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[ 1397.577622][   T29] usb 5-1: config 0 has no interfaces?
[ 1397.610024][   T29] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1397.642968][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1397.738415][   T29] usb 5-1: config 0 descriptor??
[ 1397.848772][T28695] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1398.019611][   T29] usb 5-1: USB disconnect, device number 104
[ 1398.103620][T28698] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1399.086307][ T5633] Bluetooth: hci2: command 0x0419 tx timeout
[ 1399.346725][   T29] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[ 1399.504174][T28706] loop3: detected capacity change from 0 to 256
[ 1399.548426][T28706] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1399.561054][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1399.661584][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1399.780151][   T29] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1399.794334][   T29] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1399.803593][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1399.814266][   T29] usb 5-1: config 0 descriptor??
[ 1399.943439][T28712] overlayfs: missing 'lowerdir'
[ 1400.016350][T28713] FAT-fs (loop3): error, corrupted file size (i_pos 196, 16779264)
[ 1400.024464][T28713] FAT-fs (loop3): Filesystem has been set read-only
[ 1400.040701][T28713] FAT-fs (loop3): error, corrupted file size (i_pos 196, 16779008)
[ 1400.052465][   T30] audit: type=1800 audit(1781856591.644:385): pid=28713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.7504" name="file1" dev="loop3" ino=1048711 res=0 errno=0
[ 1401.166448][T27262] Bluetooth: hci2: command 0x0419 tx timeout
[ 1401.787892][   T29] usbhid 5-1:0.0: can't add hid device: -71
[ 1401.827603][   T29] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1401.866658][   T29] usb 5-1: USB disconnect, device number 105
[ 1402.231449][T17303] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000ff00)
[ 1402.279552][T17303] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000ff00)
[ 1402.299631][T28719] loop7: detected capacity change from 0 to 512
[ 1402.320526][T28719] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[ 1402.868152][T28719] EXT4-fs (loop7): 1 truncate cleaned up
[ 1403.833468][T28719] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1404.328363][T28730] loop4: detected capacity change from 0 to 128
[ 1404.788985][T27903] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1407.454630][T28596] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1407.538612][T28596] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1407.596443][T28596] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1407.664960][T28596] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1407.684113][T28596] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1407.705894][T28596] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1407.724438][T28596] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1407.742581][T28596] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1408.164018][ T5633] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1408.174243][ T5633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1408.185846][ T5633] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1408.193522][ T5633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1408.200974][ T5633] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1408.254634][T28596] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1408.791741][T28757] loop4: detected capacity change from 0 to 40427
[ 1408.802509][T28757] F2FS-fs: heap/no_heap options were deprecated
[ 1408.831047][T28757] F2FS-fs (loop4): build fault injection rate: 19
[ 1408.837490][T28757] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[ 1408.848572][T28757] F2FS-fs (loop4): invalid crc value
[ 1408.861936][T28771] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7523'.
[ 1408.888897][T28757] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0xa00/0x1890
[ 1408.912551][T28771] bond0: (slave bond_slave_0): Releasing backup interface
[ 1408.986850][T28757] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x21d/0x3d0
[ 1409.015359][T28757] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1409.029314][T28757] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1409.058515][T28771] bond_slave_0: entered promiscuous mode
[ 1409.071857][T28771] bond_slave_0: entered allmulticast mode
[ 1409.081274][T28757] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0xa5d/0x1eb0
[ 1409.114709][T28596] 8021q: adding VLAN 0 to HW filter on device team0
[ 1409.116089][T28757] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3a1/0xda0
[ 1409.154558][T10090] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1409.161692][T10090] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1409.173533][T10090] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1409.180626][T10090] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1409.210347][T28294] syz-executor: attempt to access beyond end of device
[ 1409.210347][T28294] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1409.227189][T28596] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1409.243961][T28294] CPU: 1 UID: 0 PID: 28294 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1409.243999][T28294] Tainted: [L]=SOFTLOCKUP
[ 1409.244009][T28294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1409.244024][T28294] Call Trace:
[ 1409.244034][T28294]  <TASK>
[ 1409.244044][T28294]  dump_stack_lvl+0xe8/0x150
[ 1409.244078][T28294]  f2fs_stop_checkpoint+0x3c2/0x580
[ 1409.244110][T28294]  f2fs_write_end_io+0x124b/0x1710
[ 1409.244158][T28294]  __submit_merged_bio+0x258/0x6a0
[ 1409.244191][T28294]  __submit_merged_write_cond+0x3c9/0x4e0
[ 1409.244224][T28294]  ? __pfx___submit_merged_write_cond+0x10/0x10
[ 1409.244261][T28294]  ? folio_clear_dirty_for_io+0x1bf/0x820
[ 1409.244286][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.244323][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.244358][T28294]  f2fs_write_data_pages+0x2a27/0x36f0
[ 1409.244417][T28294]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1409.244449][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.244488][T28294]  ? __pfx___css_rstat_updated+0x10/0x10
[ 1409.244550][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.244579][T28294]  ? mod_memcg_lruvec_state+0x23a/0x270
[ 1409.244619][T28294]  ? mod_memcg_lruvec_state+0xd5/0x270
[ 1409.244660][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.244690][T28294]  ? lru_gen_update_size+0x718/0xcf0
[ 1409.244739][T28294]  ? folios_put_refs+0xa60/0xba0
[ 1409.244779][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.244808][T28294]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1409.244846][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.244878][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.244907][T28294]  ? do_raw_spin_unlock+0xf5/0x210
[ 1409.244941][T28294]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1409.244974][T28294]  do_writepages+0x338/0x560
[ 1409.245015][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.245045][T28294]  ? rcu_is_watching+0x15/0xb0
[ 1409.245077][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.245109][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.245138][T28294]  ? do_raw_spin_unlock+0xf5/0x210
[ 1409.245174][T28294]  filemap_fdatawrite+0x1e9/0x2f0
[ 1409.245203][T28294]  ? __pfx_filemap_fdatawrite+0x10/0x10
[ 1409.245254][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.245283][T28294]  ? rcu_is_watching+0x15/0xb0
[ 1409.245319][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.245352][T28294]  ? do_raw_spin_unlock+0xf5/0x210
[ 1409.245389][T28294]  f2fs_sync_dirty_inodes+0x30e/0x830
[ 1409.245434][T28294]  f2fs_write_checkpoint+0xa50/0x2810
[ 1409.245493][T28294]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1409.245527][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.245596][T28294]  kill_f2fs_super+0x2f6/0x700
[ 1409.245633][T28294]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1409.245675][T28294]  ? trace_irq_enable+0x3b/0x140
[ 1409.245714][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.245753][T28294]  deactivate_locked_super+0xbc/0x130
[ 1409.245786][T28294]  cleanup_mnt+0x3d3/0x460
[ 1409.245822][T28294]  task_work_run+0x1d9/0x270
[ 1409.245853][T28294]  ? __pfx_task_work_run+0x10/0x10
[ 1409.245882][T28294]  ? rcu_is_watching+0x15/0xb0
[ 1409.245908][T28294]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1409.245941][T28294]  exit_to_user_mode_loop+0x1fa/0x730
[ 1409.245979][T28294]  ? rcu_is_watching+0x15/0xb0
[ 1409.246008][T28294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1409.246035][T28294]  do_syscall_64+0x353/0x580
[ 1409.246066][T28294]  ? trace_irq_disable+0x3b/0x140
[ 1409.246106][T28294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1409.246131][T28294] RIP: 0033:0x7fbf2b39e097
[ 1409.246154][T28294] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 1409.246175][T28294] RSP: 002b:00007ffd718b3cb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1409.246202][T28294] RAX: 0000000000000000 RBX: 00007fbf2b4322ca RCX: 00007fbf2b39e097
[ 1409.246220][T28294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd718b3d70
[ 1409.246237][T28294] RBP: 00007ffd718b3d70 R08: 00007ffd718b4d70 R09: 00000000ffffffff
[ 1409.246255][T28294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd718b4e00
[ 1409.246273][T28294] R13: 00007fbf2b4322ca R14: 0000000000158087 R15: 00007ffd718b4e40
[ 1409.246318][T28294]  </TASK>
[ 1409.266119][T28596] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1409.318883][T28294] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[ 1409.752299][T28790] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1409.956335][   T29] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1410.226562][   T29] usb 7-1: Using ep0 maxpacket: 32
[ 1410.242794][   T29] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1410.257958][   T29] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1410.339553][T27262] Bluetooth: hci0: command tx timeout
[ 1410.422903][   T29] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1410.631753][   T29] usb 7-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[ 1410.748635][   T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1410.888824][   T29] usb 7-1: Product: syz
[ 1410.908759][   T29] usb 7-1: Manufacturer: syz
[ 1410.927939][   T29] usb 7-1: SerialNumber: syz
[ 1411.171617][   T29] usb 7-1: 3:0: failed to get current value for ch 1 (-71)
[ 1411.224009][   T29] usb 7-1: 3:0: failed to get current value for ch 2 (-71)
[ 1411.245498][T28596] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1411.282609][   T29] usb 7-1: 3:0: cannot get min/max values for control 3 (id 3)
[ 1411.330774][   T29] usb 7-1: 3:0: cannot get min/max values for control 4 (id 3)
[ 1411.511927][   T29] usb 7-1: 3:0: cannot get min/max values for control 4 (id 3)
[ 1411.559974][   T29] usb 7-1: 3:0: cannot get min/max values for control 5 (id 3)
[ 1411.588212][   T29] usb 7-1: 3:0: failed to get current value for ch 1 (-71)
[ 1411.749782][T28821] loop4: detected capacity change from 0 to 128
[ 1412.113013][T28596] veth0_vlan: entered promiscuous mode
[ 1412.123039][T28596] veth1_vlan: entered promiscuous mode
[ 1412.143697][T28596] veth0_macvtap: entered promiscuous mode
[ 1412.173420][   T29] usb 7-1: 3:0: failed to get current value for ch 0 (-71)
[ 1412.200868][   T29] usb 7-1: 3:0: failed to get current value for ch 0 (-71)
[ 1412.237190][   T29] usb 7-1: 3:0: cannot get min/max values for control 11 (id 3)
[ 1412.295044][   T29] usb 7-1: 3:0: cannot get min/max values for control 12 (id 3)
[ 1412.335453][T28596] veth1_macvtap: entered promiscuous mode
[ 1412.358653][   T29] usb 7-1: 3:0: cannot get min/max values for control 12 (id 3)
[ 1412.375667][T27262] Bluetooth: hci0: command tx timeout
[ 1413.708528][   T29] usb 7-1: 3:0: failed to get current value for ch 1 (-71)
[ 1413.751131][   T29] usb 7-1: 3:0: failed to get current value for ch 0 (-71)
[ 1413.769331][   T29] usb 7-1: 3:0: cannot get min/max values for control 3 (id 3)
[ 1413.789336][   T29] usb 7-1: 3:0: cannot get min/max values for control 5 (id 3)
[ 1413.912391][   T29] usb 7-1: USB disconnect, device number 6
[ 1413.962851][T28596] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1414.024910][T26432] udevd[26432]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1414.060668][T28596] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1414.074015][T28858] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7537'.
[ 1414.096731][T28861] loop7: detected capacity change from 0 to 16
[ 1414.109860][T28861] erofs (device loop7): invalid ishare xattr prefix id 0
[ 1414.414050][T28762] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1414.444074][T28762] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1414.465203][T27262] Bluetooth: hci0: command tx timeout
[ 1414.465727][T28762] bridge_slave_0: entered allmulticast mode
[ 1414.480195][T28762] bridge_slave_0: entered promiscuous mode
[ 1414.488787][T28762] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1414.496041][T28762] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1414.503347][T28762] bridge_slave_1: entered allmulticast mode
[ 1414.511815][T28762] bridge_slave_1: entered promiscuous mode
[ 1415.198335][ T6419] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1415.279403][ T6419] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1415.306591][ T6419] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1415.325209][ T6419] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1415.478738][T28882] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1416.359640][T28901] loop6: detected capacity change from 0 to 512
[ 1416.382826][T28901] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1416.418950][T28901] EXT4-fs error (device loop6): ext4_orphan_get:1425: comm syz.6.7544: bad orphan inode 13
[ 1416.439986][T28901] loop6: lost filesystem error report for type 5 error -117
[ 1416.441070][T28901] ext4_test_bit(bit=12, block=18) = 1
[ 1416.448578][    C1] EXT4-fs (loop6): error count since last fsck: 1
[ 1416.448601][    C1] EXT4-fs (loop6): last error at time 1781856608: ext4_orphan_get:1425
[ 1416.487648][T28901] is_bad_inode(inode)=0
[ 1416.492002][T28901] NEXT_ORPHAN(inode)=0
[ 1416.496457][T28901] max_ino=32
[ 1416.499703][T28901] i_nlink=1
[ 1416.503944][T28901] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[ 1416.714845][T27262] Bluetooth: hci0: command tx timeout
[ 1416.823798][T28906] EXT4-fs warning (device loop6): ext4_update_dynamic_rev:1148: updating to rev 1 because of new feature flag, running e2fsck is recommended
[ 1416.844165][T28906] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.7544: bg 0: block 248: padding at end of block bitmap is not set
[ 1417.165657][T28906] Quota error (device loop6): write_blk: dquota write failed
[ 1417.173424][T28906] Quota error (device loop6): qtree_write_dquot: Error -28 occurred while creating quota
[ 1417.183486][T28906] EXT4-fs error (device loop6): ext4_acquire_dquot:7041: comm syz.6.7544: Failed to acquire dquot type 1
[ 1417.416087][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[ 1417.703593][T27261] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[ 1417.717020][T28762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1417.735524][T28887] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1417.986410][T28762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1418.510179][T28762] team0: Port device team_slave_0 added
[ 1418.925011][T28762] team0: Port device team_slave_1 added
[ 1419.472708][T28762] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1419.601088][T28762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1419.985261][T28762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1420.061175][T28762] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1420.113972][T28762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1420.274936][T28762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1421.426428][T28762] hsr_slave_0: entered promiscuous mode
[ 1421.455447][T28762] hsr_slave_1: entered promiscuous mode
[ 1421.476268][T28762] debugfs: 'hsr0' already exists in 'hsr'
[ 1421.496665][T28762] Cannot create hsr debugfs directory
[ 1421.519222][T28943] syzkaller0: entered promiscuous mode
[ 1421.546481][T28943] syzkaller0: entered allmulticast mode
[ 1421.708255][T10086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1421.740585][T10086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1421.866861][T10090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1421.912978][T10090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1421.943578][T28949] syzkaller0: entered promiscuous mode
[ 1421.964226][T28949] syzkaller0: entered allmulticast mode
[ 1422.023118][T28949] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1422.175621][T28949] tipc: Resetting bearer <eth:syzkaller0>
[ 1422.344824][T28948] tipc: Resetting bearer <eth:syzkaller0>
[ 1422.373437][T28948] tipc: Disabling bearer <eth:syzkaller0>
[ 1422.380476][T28945] loop6: detected capacity change from 0 to 40427
[ 1423.083282][T28945] F2FS-fs (loop6): Invalid SB checksum offset: 0
[ 1423.161067][T28945] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[ 1423.203227][T28945] F2FS-fs (loop6): invalid crc value
[ 1423.290275][T28762] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1423.322738][T28762] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1423.346952][T28945] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1423.356942][T28762] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1423.378395][T28762] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1423.393252][T28945] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[ 1423.412465][T28762] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1423.421500][T28945] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1423.435560][T28762] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1423.453885][T28762] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1423.473412][T28762] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1423.588955][T28762] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1423.613496][T28762] 8021q: adding VLAN 0 to HW filter on device team0
[ 1423.626203][T28072] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1423.633333][T28072] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1423.664606][T28072] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1423.671777][T28072] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1423.711898][T27261] syz-executor: attempt to access beyond end of device
[ 1423.711898][T27261] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1423.714481][T28762] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1423.747494][T27261] CPU: 0 UID: 0 PID: 27261 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1423.747532][T27261] Tainted: [L]=SOFTLOCKUP
[ 1423.747542][T27261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1423.747557][T27261] Call Trace:
[ 1423.747566][T27261]  <TASK>
[ 1423.747575][T27261]  dump_stack_lvl+0xe8/0x150
[ 1423.747606][T27261]  f2fs_stop_checkpoint+0x3c2/0x580
[ 1423.747637][T27261]  f2fs_write_end_io+0x124b/0x1710
[ 1423.747681][T27261]  __submit_merged_bio+0x258/0x6a0
[ 1423.747711][T27261]  __submit_merged_write_cond+0x3c9/0x4e0
[ 1423.747741][T27261]  ? __pfx___submit_merged_write_cond+0x10/0x10
[ 1423.747774][T27261]  ? folio_clear_dirty_for_io+0x1bf/0x820
[ 1423.747798][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.747826][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.747859][T27261]  f2fs_write_data_pages+0x2a27/0x36f0
[ 1423.747909][T27261]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1423.747939][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.747976][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748018][T27261]  ? lock_release+0x4b/0x3c0
[ 1423.748039][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748067][T27261]  ? lock_release+0x4b/0x3c0
[ 1423.748092][T27261]  ? is_bpf_text_address+0x292/0x2b0
[ 1423.748117][T27261]  ? is_bpf_text_address+0x26/0x2b0
[ 1423.748146][T27261]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1423.748182][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748210][T27261]  ? arch_stack_walk+0xfb/0x150
[ 1423.748243][T27261]  ? __css_rstat_updated+0x235/0x540
[ 1423.748280][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748314][T27261]  ? __css_rstat_updated+0x235/0x540
[ 1423.748357][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748385][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1423.748414][T27261]  ? filemap_get_folios_tag+0x118/0x720
[ 1423.748445][T27261]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1423.748478][T27261]  do_writepages+0x338/0x560
[ 1423.748516][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748544][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1423.748570][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748601][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748629][T27261]  ? do_raw_spin_unlock+0xf5/0x210
[ 1423.748663][T27261]  filemap_fdatawrite+0x1e9/0x2f0
[ 1423.748690][T27261]  ? __pfx_filemap_fdatawrite+0x10/0x10
[ 1423.748734][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748762][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1423.748788][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.748819][T27261]  ? do_raw_spin_unlock+0xf5/0x210
[ 1423.748853][T27261]  f2fs_sync_dirty_inodes+0x30e/0x830
[ 1423.748896][T27261]  f2fs_write_checkpoint+0xa50/0x2810
[ 1423.748948][T27261]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1423.748981][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.749039][T27261]  kill_f2fs_super+0x2f6/0x700
[ 1423.749075][T27261]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1423.749113][T27261]  ? trace_irq_enable+0x3b/0x140
[ 1423.749150][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.749185][T27261]  deactivate_locked_super+0xbc/0x130
[ 1423.749216][T27261]  cleanup_mnt+0x3d3/0x460
[ 1423.749250][T27261]  task_work_run+0x1d9/0x270
[ 1423.749280][T27261]  ? __pfx_task_work_run+0x10/0x10
[ 1423.749314][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1423.749340][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1423.749371][T27261]  exit_to_user_mode_loop+0x1fa/0x730
[ 1423.749408][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1423.749436][T27261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1423.749460][T27261]  do_syscall_64+0x353/0x580
[ 1423.749490][T27261]  ? trace_irq_disable+0x3b/0x140
[ 1423.749528][T27261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1423.749554][T27261] RIP: 0033:0x7fdbf379e097
[ 1423.749573][T27261] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 1423.749591][T27261] RSP: 002b:00007ffd48113af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1423.749614][T27261] RAX: 0000000000000000 RBX: 00007fdbf38322ca RCX: 00007fdbf379e097
[ 1423.749629][T27261] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd48113bb0
[ 1423.749643][T27261] RBP: 00007ffd48113bb0 R08: 00007ffd48114bb0 R09: 00000000ffffffff
[ 1423.749659][T27261] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd48114c40
[ 1423.749673][T27261] R13: 00007fdbf38322ca R14: 000000000015ada5 R15: 00007ffd48114c80
[ 1423.749698][T27261]  </TASK>
[ 1423.751936][T27261] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1423.782706][T28762] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1425.890863][T28989] loop7: detected capacity change from 0 to 1024
[ 1425.991098][T28989] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1426.195568][T28998] loop4: detected capacity change from 0 to 256
[ 1426.403599][T28998] exfat: Deprecated parameter 'utf8'
[ 1426.410558][T28998] exfat: Deprecated parameter 'utf8'
[ 1426.416094][T28998] exfat: Deprecated parameter 'namecase'
[ 1426.478134][T28998] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[ 1427.393843][T27903] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1427.584845][T29016] loop4: detected capacity change from 0 to 16
[ 1427.661527][T29016] erofs (device loop4): mounted with root inode @ nid 36.
[ 1427.702929][T28762] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1427.920295][T29016] erofs (device loop4): readahead error at folio 2 @ nid 89
[ 1427.991414][T29016] syz.4.7569: attempt to access beyond end of device
[ 1427.991414][T29016] loop4: rw=524288, sector=524296, nr_sectors = 8 limit=16
[ 1428.146368][T29016] erofs (device loop4): failed to decompress (lz4) corrupted compressed data @ pa 4096 size 4096 => 4096
[ 1428.196471][T29016] erofs (device loop4): read error -117 @ 0 of nid 89
[ 1428.227212][   T30] audit: type=1800 audit(1781856619.826:386): pid=29016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7569" name="file2" dev="loop4" ino=89 res=0 errno=0
[ 1428.776401][T28762] veth0_vlan: entered promiscuous mode
[ 1429.058054][T28194] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1429.544695][T28194] usb 1-1: Using ep0 maxpacket: 16
[ 1429.557300][T28194] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1429.601906][T28194] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1429.651111][T19491] Bluetooth: hci3: command 0x0406 tx timeout
[ 1429.662161][T28194] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1429.842472][T28762] veth1_vlan: entered promiscuous mode
[ 1429.876890][T28194] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1430.678918][T28194] usb 1-1: config 0 descriptor??
[ 1430.794520][T28762] veth0_macvtap: entered promiscuous mode
[ 1430.811519][T28762] veth1_macvtap: entered promiscuous mode
[ 1430.855274][T28762] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1430.865543][T28762] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1430.880547][T23155] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.889302][T23155] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.928596][T23155] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1431.420190][T23155] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1431.449558][T28194] usbhid 1-1:0.0: can't add hid device: -71
[ 1431.473536][T28194] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1431.515922][T28194] usb 1-1: USB disconnect, device number 3
[ 1431.566786][T23155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1431.590373][ T5767] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[ 1431.607853][T23155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1431.724055][T29070] loop6: detected capacity change from 0 to 4096
[ 1431.748335][T29070] EXT4-fs: inline encryption not supported
[ 1431.758932][T29070] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1431.766397][T29074] xt_hashlimit: size too large, truncated to 1048576
[ 1431.778588][T29070] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=84ec118, mo2=0003]
[ 1431.788612][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1431.824524][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1431.834878][T29070] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1432.057568][T29083] loop7: detected capacity change from 0 to 1024
[ 1432.148271][T27261] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1432.158962][T29083] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1432.175394][T29087] loop1: detected capacity change from 0 to 4096
[ 1432.182633][T29087] EXT4-fs: quotafile must be on filesystem root
[ 1432.239014][ T5767] usb 5-1: Using ep0 maxpacket: 16
[ 1433.889348][T29101] loop1: detected capacity change from 0 to 512
[ 1433.920333][T27903] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1433.950537][T29101] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.7584: inode has both inline data and extents flags
[ 1433.964075][T29101] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[ 1434.004298][    C1] EXT4-fs (loop1): error count since last fsck: 1
[ 1434.020100][    C1] EXT4-fs (loop1): initial error at time 1781856625: ext4_orphan_get:1399: inode 15
[ 1434.029513][    C1] EXT4-fs (loop1): last error at time 1781856625: ext4_orphan_get:1399: inode 15
[ 1434.057768][T29101] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.7584: couldn't read orphan inode 15 (err -117)
[ 1434.069751][T29101] loop1: lost filesystem error report for type 5 error -117
[ 1434.115981][T29101] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000070000 r/w without journal. Quota mode: writeback.
[ 1434.651088][T28596] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000070000.
[ 1434.817383][ T5767] usb 5-1: unable to read config index 0 descriptor/all
[ 1434.824397][ T5767] usb 5-1: can't read configurations, error -71
[ 1435.777404][T19491] Bluetooth: hci5: command 0x0406 tx timeout
[ 1438.678526][T29150] loop7: detected capacity change from 0 to 128
[ 1439.216049][T29162] netlink: 28 bytes leftover after parsing attributes in process `syz.8.7599'.
[ 1440.264306][ T5733] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 1440.305030][T29175] xt_hashlimit: size too large, truncated to 1048576
[ 1440.474571][ T5733] usb 5-1: Using ep0 maxpacket: 16
[ 1440.671597][ T5733] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1441.093909][ T5733] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1441.123347][T29180] loop8: detected capacity change from 0 to 128
[ 1441.145108][T29180] EXT4-fs: Ignoring removed nobh option
[ 1441.164992][ T5733] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1441.219274][ T5733] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1441.240489][ T5733] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1441.266160][ T5733] usb 5-1: config 0 descriptor??
[ 1441.338561][T29180] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1441.533281][T29180] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1442.572215][ T5733] microsoft 0003:045E:07DA.001F: ignoring exceeding usage max
[ 1443.393139][T29180] fscrypt (loop8, inode 12): Can't use IV_INO_LBLK_32 policy with contents mode other than AES-256-XTS
[ 1443.545261][ T5733] microsoft 0003:045E:07DA.001F: ignoring exceeding usage max
[ 1443.672246][T28762] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1443.710176][ T5733] microsoft 0003:045E:07DA.001F: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[ 1443.771428][ T5733] microsoft 0003:045E:07DA.001F: no inputs found
[ 1443.797141][ T5733] microsoft 0003:045E:07DA.001F: could not initialize ff, continuing anyway
[ 1444.331545][T29210] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7609'.
[ 1444.745310][ T5733] usb 5-1: USB disconnect, device number 108
[ 1444.787636][T29204] fido_id[29204]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.001F/report_descriptor': No such file or directory
[ 1444.975093][T29215] xt_hashlimit: size too large, truncated to 1048576
[ 1447.197676][T29239] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7617'.
[ 1447.929338][T29238] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[ 1447.935883][T29238] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1447.973587][T28275] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1448.004994][T29238] vhci_hcd vhci_hcd.0: Device attached
[ 1448.102788][T29245] vhci_hcd: connection closed
[ 1448.103167][   T36] vhci_hcd vhci_hcd.4: stop threads
[ 1448.161694][   T36] vhci_hcd vhci_hcd.4: release socket
[ 1448.183574][ T5617] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1448.193268][   T36] vhci_hcd vhci_hcd.4: disconnect device
[ 1448.275576][ T5617] usb 41-1: new full-speed USB device number 5 using vhci_hcd
[ 1448.319141][ T5617] usb 41-1: enqueue for inactive port 0
[ 1448.495748][ T5617] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1449.053451][T28275] usb 9-1: Using ep0 maxpacket: 16
[ 1449.063510][T28275] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1449.076300][T28275] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1449.311407][T28275] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1450.274815][ T5633] Bluetooth: hci1: command 0x0406 tx timeout
[ 1450.281442][T28275] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1450.335168][T28275] usb 9-1: Product: syz
[ 1450.433552][ T5733] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1450.451591][T28275] usb 9-1: Manufacturer: syz
[ 1450.459130][T28275] usb 9-1: SerialNumber: syz
[ 1450.499134][T28275] usb 9-1: config 0 descriptor??
[ 1450.533705][T28275] usb 9-1: can't set config #0, error -71
[ 1450.576180][T28275] usb 9-1: USB disconnect, device number 2
[ 1450.607524][ T5733] usb 2-1: Using ep0 maxpacket: 16
[ 1450.616908][ T5733] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1450.756763][ T5733] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1450.767788][ T5733] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1450.781096][ T5733] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1450.790537][ T5733] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1450.804649][ T5733] usb 2-1: config 0 descriptor??
[ 1451.242847][ T5733] microsoft 0003:045E:07DA.0020: ignoring exceeding usage max
[ 1451.268726][ T5733] microsoft 0003:045E:07DA.0020: ignoring exceeding usage max
[ 1451.453671][ T5733] microsoft 0003:045E:07DA.0020: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1451.493894][ T5733] microsoft 0003:045E:07DA.0020: no inputs found
[ 1451.523996][ T5733] microsoft 0003:045E:07DA.0020: could not initialize ff, continuing anyway
[ 1451.593556][T28275] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 1451.695171][T29278] loop6: detected capacity change from 0 to 40427
[ 1451.715940][ T5733] usb 2-1: USB disconnect, device number 20
[ 1451.727993][T29289] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[ 1451.734508][T29289] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1451.735766][T29286] fido_id[29286]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[ 1451.757894][T29289] vhci_hcd vhci_hcd.0: Device attached
[ 1451.770429][T29293] Invalid ELF header magic: != ELF
[ 1451.890890][T29294] loop7: detected capacity change from 0 to 128
[ 1452.169809][T29278] F2FS-fs (loop6): Invalid SB checksum offset: 0
[ 1452.205790][T28275] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1452.219887][T29278] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[ 1452.227746][T28275] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1452.253504][ T5617] usb 41-1: new high-speed USB device number 6 using vhci_hcd
[ 1452.257359][T28275] usb 1-1: can't read configurations, error -71
[ 1452.290249][T29278] F2FS-fs (loop6): invalid crc value
[ 1452.354799][T29301] loop8: detected capacity change from 0 to 512
[ 1452.386927][T29301] EXT4-fs (loop8): can't mount with journal_checksum, fs mounted w/o journal
[ 1452.484454][T29278] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1452.550988][T29278] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[ 1452.558060][T29278] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1452.693428][   T30] audit: type=1804 audit(1781856644.297:387): pid=29278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.7631" name="/newroot/75/file0/bus" dev="loop6" ino=10 res=1 errno=0
[ 1452.863315][T29290] vhci_hcd: connection reset by peer
[ 1452.893616][   T36] vhci_hcd vhci_hcd.4: stop threads
[ 1452.918714][   T36] vhci_hcd vhci_hcd.4: release socket
[ 1452.976200][   T36] vhci_hcd vhci_hcd.4: disconnect device
[ 1453.335053][T29317] loop7: detected capacity change from 0 to 256
[ 1453.372437][T29317] FAT-fs (loop7): Directory bread(block 64) failed
[ 1453.399363][T29317] FAT-fs (loop7): Directory bread(block 65) failed
[ 1453.430571][T29317] FAT-fs (loop7): Directory bread(block 66) failed
[ 1453.446527][T29317] FAT-fs (loop7): Directory bread(block 67) failed
[ 1453.459702][T29317] FAT-fs (loop7): Directory bread(block 68) failed
[ 1453.469316][T29317] FAT-fs (loop7): Directory bread(block 69) failed
[ 1453.476272][T29317] FAT-fs (loop7): Directory bread(block 70) failed
[ 1453.482941][T29317] FAT-fs (loop7): Directory bread(block 71) failed
[ 1453.492287][T29317] FAT-fs (loop7): Directory bread(block 72) failed
[ 1453.499177][T29317] FAT-fs (loop7): Directory bread(block 73) failed
[ 1453.536018][   T30] audit: type=1804 audit(1781856645.157:388): pid=29278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.7631" name="/newroot/75/file0/bus" dev="loop6" ino=10 res=1 errno=0
[ 1453.567398][T29309] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[ 1453.573915][T29309] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1453.631448][T29309] vhci_hcd vhci_hcd.0: Device attached
[ 1453.635638][T29311] vhci_hcd: connection closed
[ 1453.663867][   T36] vhci_hcd vhci_hcd.1: stop threads
[ 1453.671454][T29323] loop4: detected capacity change from 0 to 512
[ 1453.682145][   T30] audit: type=1804 audit(1781856645.157:389): pid=29278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.7631" name="/newroot/75/file0/bus" dev="loop6" ino=10 res=1 errno=0
[ 1453.740565][   T36] vhci_hcd vhci_hcd.1: release socket
[ 1453.749620][T29323] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1453.770710][T29323] EXT4-fs (loop4): invalid inodes per group: 1
[ 1453.770710][T29323] 
[ 1453.808976][   T36] vhci_hcd vhci_hcd.1: disconnect device
[ 1453.823354][ T5733] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1454.043057][T29334] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7648'.
[ 1454.214593][T28194] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1454.260197][T27261] syz-executor: attempt to access beyond end of device
[ 1454.260197][T27261] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1454.333708][T27261] CPU: 1 UID: 0 PID: 27261 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1454.333746][T27261] Tainted: [L]=SOFTLOCKUP
[ 1454.333756][T27261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1454.333772][T27261] Call Trace:
[ 1454.333781][T27261]  <TASK>
[ 1454.333791][T27261]  dump_stack_lvl+0xe8/0x150
[ 1454.333827][T27261]  f2fs_stop_checkpoint+0x3c2/0x580
[ 1454.333860][T27261]  f2fs_write_end_io+0x124b/0x1710
[ 1454.333908][T27261]  __submit_merged_bio+0x258/0x6a0
[ 1454.333940][T27261]  __submit_merged_write_cond+0x3c9/0x4e0
[ 1454.333972][T27261]  ? __pfx___submit_merged_write_cond+0x10/0x10
[ 1454.334008][T27261]  ? folio_clear_dirty_for_io+0x1bf/0x820
[ 1454.334032][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334061][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334095][T27261]  f2fs_write_data_pages+0x2a27/0x36f0
[ 1454.334152][T27261]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1454.334182][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334220][T27261]  ? __pfx___css_rstat_updated+0x10/0x10
[ 1454.334257][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334307][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334341][T27261]  ? mod_memcg_lruvec_state+0x23a/0x270
[ 1454.334379][T27261]  ? mod_memcg_lruvec_state+0xd5/0x270
[ 1454.334420][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334449][T27261]  ? lru_gen_update_size+0x718/0xcf0
[ 1454.334498][T27261]  ? folios_put_refs+0xa60/0xba0
[ 1454.334545][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334574][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1454.334603][T27261]  ? filemap_get_folios_tag+0x118/0x720
[ 1454.334636][T27261]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1454.334670][T27261]  do_writepages+0x338/0x560
[ 1454.334710][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334739][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1454.334766][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334797][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334826][T27261]  ? do_raw_spin_unlock+0xf5/0x210
[ 1454.334862][T27261]  filemap_fdatawrite+0x1e9/0x2f0
[ 1454.334890][T27261]  ? __pfx_filemap_fdatawrite+0x10/0x10
[ 1454.334940][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.334969][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1454.334996][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.335028][T27261]  ? do_raw_spin_unlock+0xf5/0x210
[ 1454.335063][T27261]  f2fs_sync_dirty_inodes+0x30e/0x830
[ 1454.335108][T27261]  f2fs_write_checkpoint+0xa50/0x2810
[ 1454.335165][T27261]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1454.335197][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.335264][T27261]  kill_f2fs_super+0x2f6/0x700
[ 1454.335300][T27261]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1454.335347][T27261]  ? trace_irq_enable+0x3b/0x140
[ 1454.335383][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.335421][T27261]  deactivate_locked_super+0xbc/0x130
[ 1454.335453][T27261]  cleanup_mnt+0x3d3/0x460
[ 1454.335489][T27261]  task_work_run+0x1d9/0x270
[ 1454.335519][T27261]  ? __pfx_task_work_run+0x10/0x10
[ 1454.335549][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1454.335577][T27261]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1454.335610][T27261]  exit_to_user_mode_loop+0x1fa/0x730
[ 1454.335647][T27261]  ? rcu_is_watching+0x15/0xb0
[ 1454.335675][T27261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1454.335701][T27261]  do_syscall_64+0x353/0x580
[ 1454.335730][T27261]  ? trace_irq_disable+0x3b/0x140
[ 1454.335770][T27261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1454.335795][T27261] RIP: 0033:0x7fdbf379e097
[ 1454.335817][T27261] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 1454.335837][T27261] RSP: 002b:00007ffd48113af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1454.335860][T27261] RAX: 0000000000000000 RBX: 00007fdbf38322ca RCX: 00007fdbf379e097
[ 1454.335878][T27261] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd48113bb0
[ 1454.335895][T27261] RBP: 00007ffd48113bb0 R08: 00007ffd48114bb0 R09: 00000000ffffffff
[ 1454.335913][T27261] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd48114c40
[ 1454.335929][T27261] R13: 00007fdbf38322ca R14: 0000000000163002 R15: 00007ffd48114c80
[ 1454.335960][T27261]  </TASK>
[ 1454.803617][T28194] usb 9-1: Using ep0 maxpacket: 8
[ 1454.822425][T28194] usb 9-1: config 1 has an invalid descriptor of length 62, skipping remainder of the config
[ 1454.832737][T28194] usb 9-1: too many endpoints for config 1 interface 2 altsetting 0: 53, using maximum allowed: 30
[ 1454.845059][T28194] usb 9-1: config 1 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[ 1454.910076][T29343] tipc: Started in network mode
[ 1454.915401][T29343] tipc: Node identity fad1f2969478, cluster identity 4711
[ 1454.926147][T29343] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1454.935528][T29343] tipc: Resetting bearer <eth:syzkaller0>
[ 1454.945618][T29339] tipc: Disabling bearer <eth:syzkaller0>
[ 1454.951757][T28194] usb 9-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[ 1454.960897][T28194] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1454.969262][T28194] usb 9-1: Product: syz
[ 1454.974043][T28194] usb 9-1: Manufacturer: syz
[ 1454.978634][T28194] usb 9-1: SerialNumber: syz
[ 1455.096404][T27261] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1455.471798][T28194] usb 9-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[ 1455.717793][T28194] usb 9-1: clock source 0 is not valid, cannot use
[ 1455.755343][T28194] usb 9-1: 1:1: cannot get freq (v2/v3): err -71
[ 1455.929825][T28194] usb 9-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[ 1455.951236][T28194] snd-usb-audio 9-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1456.109282][T29354] loop4: detected capacity change from 0 to 128
[ 1456.374710][T28194] snd-usb-audio 9-1:1.1: probe with driver snd-usb-audio failed with error -22
[ 1456.568813][T28194] snd-usb-audio 9-1:1.2: probe with driver snd-usb-audio failed with error -22
[ 1456.618057][T29358] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[ 1456.621271][T28194] usb 9-1: USB disconnect, device number 3
[ 1456.624592][T29358] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1456.679749][T29358] vhci_hcd vhci_hcd.0: Device attached
[ 1456.850626][T29363] loop1: detected capacity change from 0 to 1024
[ 1456.867051][T26090] udevd[26090]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1456.904222][T29366] can0: slcan on ttyS3.
[ 1456.955450][T29363] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[ 1457.006834][ T5726] usb 47-1: new high-speed USB device number 2 using vhci_hcd
[ 1457.028100][T29363] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[ 1457.053611][T29368] can0 (unregistered): slcan off ttyS3.
[ 1457.158272][T29363] EXT4-fs error (device loop1): ext4_get_journal_inode:5900: inode #32: comm syz.1.7656: iget: special inode unallocated
[ 1457.170911][T29363] loop1: lost file I/O error report for ino 32 type 5 pos 0x0 len 0x0 error -117
[ 1457.194266][T29368] Falling back ldisc for ttyS3.
[ 1457.254527][    C0] EXT4-fs (loop1): error count since last fsck: 1
[ 1457.261015][    C0] EXT4-fs (loop1): initial error at time 1781856648: ext4_get_journal_inode:5900: inode 32
[ 1457.271012][    C0] EXT4-fs (loop1): last error at time 1781856648: ext4_get_journal_inode:5900: inode 32
[ 1457.291410][T29363] EXT4-fs (loop1): no journal found
[ 1457.394144][ T5617] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1458.025779][T29395] loop6: detected capacity change from 0 to 512
[ 1458.145951][T29359] vhci_hcd: connection reset by peer
[ 1458.153849][T29404] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1458.160373][T29404] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1458.173019][T29404] vhci_hcd vhci_hcd.0: Device attached
[ 1458.182630][T29406] vhci_hcd: connection closed
[ 1458.194432][T10087] vhci_hcd vhci_hcd.0: stop threads
[ 1458.223188][T10087] vhci_hcd vhci_hcd.0: release socket
[ 1458.229094][T10087] vhci_hcd vhci_hcd.0: disconnect device
[ 1458.236599][T10087] vhci_hcd vhci_hcd.7: stop threads
[ 1458.242280][T10087] vhci_hcd vhci_hcd.7: release socket
[ 1458.251248][T10087] vhci_hcd vhci_hcd.7: disconnect device
[ 1459.108252][T29395] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1459.218371][T29395] ext4 filesystem being mounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1564.450203][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1564.457177][    C1] rcu: 	0-...!: (1 GPs behind) idle=a51c/1/0x4000000000000000 softirq=164063/164064 fqs=0
[ 1564.467071][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P29425/3:b..l P28294/1:b..l
[ 1564.476297][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=177861, q=867 ncpus=2)
[ 1564.484092][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1564.484126][    C0] NMI backtrace for cpu 0
[ 1564.484146][    C0] CPU: 0 UID: 0 PID: 27903 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1564.484176][    C0] Tainted: [L]=SOFTLOCKUP
[ 1564.484185][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1564.484199][    C0] RIP: 0010:advance_sched+0xb0b/0xc80
[ 1564.484240][    C0] Code: 3b af 0a f8 c6 05 60 03 60 06 01 48 c7 c7 c0 a2 e3 8c be 66 03 00 00 48 c7 c2 60 a3 e3 8c e8 2c a9 e6 f7 48 c7 c7 a0 9b 95 8e <48> 89 de e8 ad 8f e6 f7 e8 d8 3d f0 f7 b8 01 00 00 00 48 81 c4 90
[ 1564.484259][    C0] RSP: 0018:ffffc90000007d10 EFLAGS: 00000006
[ 1564.484279][    C0] RAX: ffffffff89bb71d3 RBX: ffffffff89bb7108 RCX: ffff88804dd31f00
[ 1564.484296][    C0] RDX: 0000000000010000 RSI: 0000000000000000 RDI: ffffffff8e959ba0
[ 1564.484312][    C0] RBP: 0000000000000000 R08: ffff88807d2d919f R09: 1ffff1100fa5b233
[ 1564.484328][    C0] R10: dffffc0000000000 R11: ffffed100fa5b234 R12: ffff88805ac83400
[ 1564.484345][    C0] R13: ffff88807d2d9000 R14: dffffc0000000000 R15: ffff88807d2d9340
[ 1564.484366][    C0] FS:  000055558821c500(0000) GS:ffff88812525d000(0000) knlGS:0000000000000000
[ 1564.484385][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1564.484401][    C0] CR2: 00007f46985e8158 CR3: 000000005e9f1000 CR4: 0000000000350ef0
[ 1564.484420][    C0] Call Trace:
[ 1564.484431][    C0]  <IRQ>
[ 1564.484446][    C0]  ? __pfx_advance_sched+0x10/0x10
[ 1564.484481][    C0]  ? do_raw_spin_unlock+0xf5/0x210
[ 1564.484513][    C0]  ? __pfx_advance_sched+0x10/0x10
[ 1564.484547][    C0]  __hrtimer_run_queues+0x3bc/0xa10
[ 1564.484587][    C0]  hrtimer_interrupt+0x448/0x910
[ 1564.484630][    C0]  __sysvec_apic_timer_interrupt+0x102/0x430
[ 1564.484661][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1564.484688][    C0]  </IRQ>
[ 1564.484696][    C0]  <TASK>
[ 1564.484705][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1564.484731][    C0] RIP: 0010:lock_release+0x0/0x3c0
[ 1564.484752][    C0] Code: bf 00 00 50 00 e9 4f fe ff ff 41 bf 2f 00 00 00 e9 06 ff ff ff 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 83 ec 30 49 89 f5 49
[ 1564.484770][    C0] RSP: 0018:ffffc9000524f4d8 EFLAGS: 00000246
[ 1564.484789][    C0] RAX: 0000000000000000 RBX: ffffc9000524f598 RCX: ffffc9000524f940
[ 1564.484805][    C0] RDX: ffffc9000524f501 RSI: ffffffff8176a21f RDI: ffffffff8e959ba0
[ 1564.484823][    C0] RBP: 1ffffffff21a9001 R08: ffffc9000524f928 R09: ffffc9000524f5d8
[ 1564.484840][    C0] R10: dffffc0000000000 R11: fffff52000a49ebd R12: ffffc90005248000
[ 1564.484857][    C0] R13: ffffffff8176a21f R14: ffffc9000524f588 R15: ffffc9000524f938
[ 1564.484880][    C0]  ? unwind_next_frame+0x8f/0x2550
[ 1564.484913][    C0]  ? unwind_next_frame+0x8f/0x2550
[ 1564.484943][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1564.484969][    C0]  unwind_next_frame+0x1baa/0x2550
[ 1564.485001][    C0]  ? __kasan_slab_free+0x5c/0x80
[ 1564.485031][    C0]  ? unwind_next_frame+0x8f/0x2550
[ 1564.485061][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1564.485095][    C0]  arch_stack_walk+0x11b/0x150
[ 1564.485126][    C0]  ? kfree+0x1c5/0x640
[ 1564.485154][    C0]  stack_trace_save+0xa9/0x100
[ 1564.485186][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1564.485220][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1564.485246][    C0]  ? stack_depot_save_flags+0x33/0x800
[ 1564.485280][    C0]  ? do_arpt_set_ctl+0xb99/0x10b0
[ 1564.485301][    C0]  ? nf_setsockopt+0x26f/0x290
[ 1564.485325][    C0]  ? do_sock_setsockopt+0xf0/0x1b0
[ 1564.485357][    C0]  kasan_save_track+0x3e/0x80
[ 1564.485385][    C0]  ? kasan_save_track+0x3e/0x80
[ 1564.485412][    C0]  ? kasan_save_free_info+0x40/0x50
[ 1564.485434][    C0]  ? __kasan_slab_free+0x5c/0x80
[ 1564.485492][    C0]  kasan_save_free_info+0x40/0x50
[ 1564.485515][    C0]  __kasan_slab_free+0x5c/0x80
[ 1564.485546][    C0]  kfree+0x1c5/0x640
[ 1564.485571][    C0]  ? xt_free_table_info+0xfe/0x180
[ 1564.485599][    C0]  xt_free_table_info+0xfe/0x180
[ 1564.485626][    C0]  __do_replace+0x8d9/0xac0
[ 1564.485655][    C0]  ? __pfx___do_replace+0x10/0x10
[ 1564.485678][    C0]  ? __might_fault+0xcb/0x130
[ 1564.485706][    C0]  ? _copy_from_user+0x94/0xb0
[ 1564.485732][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1564.485761][    C0]  do_arpt_set_ctl+0xb99/0x10b0
[ 1564.485786][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1564.485812][    C0]  ? __mutex_trylock_common+0x15f/0x270
[ 1564.485842][    C0]  ? __pfx_do_arpt_set_ctl+0x10/0x10
[ 1564.485864][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1564.485895][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1564.485920][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1564.485946][    C0]  ? trace_contention_end+0x3d/0x140
[ 1564.485976][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1564.486009][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1564.486035][    C0]  ? __mutex_unlock_slowpath+0x724/0x8e0
[ 1564.486064][    C0]  ? aa_sk_perm+0x6d5/0x900
[ 1564.486092][    C0]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1564.486122][    C0]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1564.486151][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1564.486175][    C0]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1564.486206][    C0]  nf_setsockopt+0x26f/0x290
[ 1564.486233][    C0]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1564.486258][    C0]  do_sock_setsockopt+0x17c/0x1b0
[ 1564.486290][    C0]  __x64_sys_setsockopt+0x13d/0x1b0
[ 1564.486320][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1564.486345][    C0]  do_syscall_64+0x174/0x580
[ 1564.486371][    C0]  ? trace_irq_disable+0x3b/0x140
[ 1564.486408][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1564.486432][    C0] RIP: 0033:0x7f469839e69a
[ 1564.486453][    C0] Code: 48 83 ec 10 48 63 c9 48 63 ff 45 89 c9 6a 2c e8 6c 99 fb ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7
[ 1564.486472][    C0] RSP: 002b:00007fff42de79d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1564.486493][    C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f469839e69a
[ 1564.486509][    C0] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000003
[ 1564.486523][    C0] RBP: 00007fff42de7a40 R08: 0000000000000408 R09: 0000000000000000
[ 1564.486538][    C0] R10: 00007f46985e87b0 R11: 0000000000000246 R12: 00007fff42de79ec
[ 1564.486553][    C0] R13: 00007f46984338bd R14: 00000000001642ec R15: 00007fff42de8130
[ 1564.486579][    C0]  </TASK>
[ 1564.487118][    C1] task:syz-executor    state:R  running task     stack:22392 pid:28294 tgid:28294 ppid:28276  task_flags:0x400140 flags:0x00080000
[ 1565.107468][    C1] Call Trace:
[ 1565.110735][    C1]  <TASK>
[ 1565.113656][    C1]  __schedule+0x17d9/0x56c0
[ 1565.118157][    C1]  ? __pfx_clockevents_program_event+0x10/0x10
[ 1565.124331][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.129177][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.134809][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.139566][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.145194][    C1]  ? trace_irq_enable+0x3b/0x140
[ 1565.150135][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.155773][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.161401][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1565.166432][    C1]  ? __pfx___schedule+0x10/0x10
[ 1565.171276][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.176906][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.182015][    C1]  ? preempt_schedule_thunk+0x16/0x40
[ 1565.187394][    C1]  preempt_schedule_common+0x82/0xd0
[ 1565.192677][    C1]  ? copy_pmd_range+0x4dd7/0x5880
[ 1565.197698][    C1]  preempt_schedule_thunk+0x16/0x40
[ 1565.202898][    C1]  _raw_spin_unlock+0x3f/0x50
[ 1565.207579][    C1]  copy_pmd_range+0x4e08/0x5880
[ 1565.212443][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.218097][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 1565.223477][    C1]  ? vm_area_dup+0x28/0x670
[ 1565.227983][    C1]  ? __pfx_copy_pmd_range+0x10/0x10
[ 1565.233180][    C1]  ? copy_mm+0x11a/0x480
[ 1565.237427][    C1]  ? copy_process+0x1e4a/0x42e0
[ 1565.242279][    C1]  ? kernel_clone+0x2d7/0x940
[ 1565.246965][    C1]  ? __x64_sys_clone+0x1b6/0x230
[ 1565.251903][    C1]  ? do_syscall_64+0x174/0x580
[ 1565.256765][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.262396][    C1]  ? mas_wr_walk_descend+0x574/0x8b0
[ 1565.267690][    C1]  copy_page_range+0xc26/0x1250
[ 1565.272560][    C1]  ? __pfx_copy_page_range+0x10/0x10
[ 1565.277846][    C1]  ? lock_release+0x4b/0x3c0
[ 1565.282439][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.288067][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.293691][    C1]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[ 1565.300455][    C1]  dup_mmap+0xf21/0x1d90
[ 1565.304710][    C1]  ? __pfx_dup_mmap+0x10/0x10
[ 1565.309385][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1565.314426][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.320052][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.324811][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.330438][    C1]  ? lock_acquire+0x5f/0x350
[ 1565.335013][    C1]  ? __percpu_counter_init_many+0x35f/0x380
[ 1565.340906][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.346547][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.352175][    C1]  copy_mm+0x11a/0x480
[ 1565.356245][    C1]  ? copy_process+0xd2b/0x42e0
[ 1565.361093][    C1]  copy_process+0x1e4a/0x42e0
[ 1565.365781][    C1]  ? copy_process+0xd2b/0x42e0
[ 1565.370549][    C1]  ? __pfx_copy_process+0x10/0x10
[ 1565.375575][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.380332][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.385962][    C1]  kernel_clone+0x2d7/0x940
[ 1565.390472][    C1]  ? __pfx_kernel_clone+0x10/0x10
[ 1565.395507][    C1]  __x64_sys_clone+0x1b6/0x230
[ 1565.400278][    C1]  ? __might_fault+0xcb/0x130
[ 1565.404953][    C1]  ? __pfx___x64_sys_clone+0x10/0x10
[ 1565.410250][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.415889][    C1]  ? do_user_addr_fault+0xc4a/0x1340
[ 1565.421175][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.426800][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.431555][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.437185][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1565.443243][    C1]  do_syscall_64+0x174/0x580
[ 1565.447829][    C1]  ? trace_irq_disable+0x3b/0x140
[ 1565.452860][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1565.458762][    C1] RIP: 0033:0x7fbf2b3c58d2
[ 1565.463166][    C1] RSP: 002b:00007ffd718b4c60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1565.471572][    C1] RAX: ffffffffffffffda RBX: 00007ffd718b4c60 RCX: 00007fbf2b3c58d2
[ 1565.479536][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1565.487669][    C1] RBP: 00007ffd718b4dec R08: 0000000000000000 R09: 0000000000000001
[ 1565.495628][    C1] R10: 00005555620b47d0 R11: 0000000000000246 R12: 0000000000000001
[ 1565.503587][    C1] R13: 00000000000927c0 R14: 0000000000164417 R15: 00007ffd718b4e40
[ 1565.511557][    C1]  </TASK>
[ 1565.514560][    C1] task:dhcpcd-run-hook state:R  running task     stack:28288 pid:29425 tgid:29425 ppid:29421  task_flags:0x400040 flags:0x00080000
[ 1565.528063][    C1] Call Trace:
[ 1565.531325][    C1]  <TASK>
[ 1565.534248][    C1]  __schedule+0x17d9/0x56c0
[ 1565.538780][    C1]  ? pfn_valid+0xba/0x480
[ 1565.543122][    C1]  ? check_preemption_disabled+0x14/0xe0
[ 1565.548758][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.554388][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.560016][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.564788][    C1]  ? __pfx___schedule+0x10/0x10
[ 1565.569632][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1565.574656][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1565.580030][    C1]  ? preempt_schedule_thunk+0x16/0x40
[ 1565.585406][    C1]  preempt_schedule_common+0x82/0xd0
[ 1565.590861][    C1]  preempt_schedule_thunk+0x16/0x40
[ 1565.596071][    C1]  _raw_spin_unlock+0x3f/0x50
[ 1565.600758][    C1]  filemap_map_pages+0x1911/0x2050
[ 1565.605871][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.611514][    C1]  ? filemap_map_pages+0x1e9/0x2050
[ 1565.616720][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1565.622179][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.627810][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.633446][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.639072][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1565.644533][    C1]  ? do_pte_missing+0x1403/0x3540
[ 1565.649560][    C1]  do_pte_missing+0x2115/0x3540
[ 1565.654441][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.659199][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.664858][    C1]  ? lock_release+0x4b/0x3c0
[ 1565.669448][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.675076][    C1]  handle_mm_fault+0x1b36/0x3080
[ 1565.680018][    C1]  ? handle_mm_fault+0xec/0x3080
[ 1565.684953][    C1]  ? __pfx_handle_mm_fault+0x10/0x10
[ 1565.690229][    C1]  ? lock_vma_under_rcu+0x45a/0x500
[ 1565.695434][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.701059][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.705815][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.711459][    C1]  do_user_addr_fault+0xa4d/0x1340
[ 1565.716656][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.722372][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.728000][    C1]  ? trace_page_fault_user+0x84/0x1e0
[ 1565.733367][    C1]  exc_page_fault+0x6a/0xc0
[ 1565.737871][    C1]  asm_exc_page_fault+0x26/0x30
[ 1565.742721][    C1] RIP: 0033:0x7f5e7df80ee0
[ 1565.747126][    C1] RSP: 002b:00007fff3990f818 EFLAGS: 00010206
[ 1565.753186][    C1] RAX: 0000000000000000 RBX: 0000564992e13760 RCX: 0000000000000001
[ 1565.761157][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000564992e18bd0
[ 1565.769139][    C1] RBP: 0000564992e194c0 R08: 0000000000000000 R09: 0000000000000000
[ 1565.777098][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000564992e11910
[ 1565.785055][    C1] R13: 0000564992e11c30 R14: 0000000000000000 R15: 00007f5e7e188460
[ 1565.793027][    C1]  </TASK>
[ 1565.796035][    C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g177861 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1565.807306][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1565.817258][    C1] rcu: RCU grace-period kthread stack dump:
[ 1565.823127][    C1] task:rcu_preempt     state:R  running task     stack:28056 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[ 1565.836632][    C1] Call Trace:
[ 1565.839895][    C1]  <TASK>
[ 1565.842827][    C1]  __schedule+0x17d9/0x56c0
[ 1565.847334][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.852104][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.857746][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.862510][    C1]  ? __pfx___schedule+0x10/0x10
[ 1565.867370][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.873005][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.878637][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1565.883396][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.889028][    C1]  ? lock_release+0x4b/0x3c0
[ 1565.893616][    C1]  schedule+0x164/0x360
[ 1565.897769][    C1]  schedule_timeout+0x152/0x2c0
[ 1565.902627][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1565.908004][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1565.913295][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.918927][    C1]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1565.924726][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.930355][    C1]  ? prepare_to_swait_event+0x322/0x350
[ 1565.935904][    C1]  rcu_gp_fqs_loop+0x30c/0x11f0
[ 1565.940757][    C1]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1565.946592][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.952222][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.957950][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1565.963229][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1565.968426][    C1]  ? trace_irq_enable+0x3b/0x140
[ 1565.973370][    C1]  rcu_gp_kthread+0x9e/0x2b0
[ 1565.977960][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1565.983176][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.988808][    C1]  ? __kthread_parkme+0x71/0x1f0
[ 1565.993751][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1565.999380][    C1]  ? __kthread_parkme+0x196/0x1f0
[ 1566.004413][    C1]  kthread+0x388/0x470
[ 1566.008478][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1566.013668][    C1]  ? __pfx_kthread+0x10/0x10
[ 1566.018252][    C1]  ret_from_fork+0x514/0xb70
[ 1566.022846][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1566.027972][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1566.033603][    C1]  ? __switch_to+0xc89/0x1420
[ 1566.038314][    C1]  ? __pfx_kthread+0x10/0x10
[ 1566.042897][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1566.047675][    C1]  </TASK>
[ 1566.050682][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1566.056994][    C1] CPU: 1 UID: 0 PID: 29426 Comm: syz.1.7669 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1566.067927][    C1] Tainted: [L]=SOFTLOCKUP
[ 1566.072236][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1566.082364][    C1] RIP: 0010:smp_call_function_many_cond+0x10b5/0x14b0
[ 1566.089154][    C1] Code: 1e 89 de 83 e6 01 31 ff e8 28 1d 0c 00 83 e3 01 48 bb 00 00 00 00 00 fc ff df 75 07 e8 d4 18 0c 00 eb 37 f3 90 41 0f b6 04 1c <84> c0 75 10 41 f7 06 01 00 00 00 74 1e e8 b9 18 0c 00 eb e5 44 89
[ 1566.108751][    C1] RSP: 0018:ffffc90003e8f980 EFLAGS: 00000246
[ 1566.114813][    C1] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000080000
[ 1566.122772][    C1] RDX: ffffc90003f51000 RSI: 000000000007ffff RDI: 0000000000080000
[ 1566.130733][    C1] RBP: ffffc90003e8fab0 R08: ffffffff903188f7 R09: 1ffffffff206311e
[ 1566.138694][    C1] R10: dffffc0000000000 R11: ffffffff81741150 R12: 1ffff110170c85c5
[ 1566.146656][    C1] R13: ffff8880b873c2c8 R14: ffff8880b8642e28 R15: 0000000000000000
[ 1566.154620][    C1] FS:  00007ff720b196c0(0000) GS:ffff88812535d000(0000) knlGS:0000000000000000
[ 1566.163540][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1566.170121][    C1] CR2: 00007ff71fc4f270 CR3: 00000000912a5000 CR4: 0000000000350ef0
[ 1566.178085][    C1] Call Trace:
[ 1566.181352][    C1]  <TASK>
[ 1566.184275][    C1]  ? __pfx_retrigger_next_event+0x10/0x10
[ 1566.189998][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1566.196422][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1566.202051][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1566.206814][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1566.212442][    C1]  ? trace_irq_enable+0x3b/0x140
[ 1566.217384][    C1]  clock_was_set+0x715/0x7e0
[ 1566.221976][    C1]  ? __pfx_clock_was_set+0x10/0x10
[ 1566.227079][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1566.232705][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1566.237468][    C1]  do_adjtimex+0x25d/0x370
[ 1566.241878][    C1]  ? __pfx_do_adjtimex+0x10/0x10
[ 1566.246818][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1566.252454][    C1]  ? __might_fault+0xaf/0x130
[ 1566.257129][    C1]  ? __might_fault+0xcb/0x130
[ 1566.261807][    C1]  __x64_sys_clock_adjtime+0x252/0x340
[ 1566.267269][    C1]  ? __pfx___x64_sys_clock_adjtime+0x10/0x10
[ 1566.273258][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1566.278891][    C1]  ? __pfx_kcov_ioctl+0x10/0x10
[ 1566.283745][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1566.289375][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1566.294135][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1566.299759][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1566.305832][    C1]  do_syscall_64+0x174/0x580
[ 1566.310425][    C1]  ? trace_irq_disable+0x3b/0x140
[ 1566.315455][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1566.321342][    C1] RIP: 0033:0x7ff71fb9ce59
[ 1566.325748][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1566.345342][    C1] RSP: 002b:00007ff720b19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000131
[ 1566.353769][    C1] RAX: ffffffffffffffda RBX: 00007ff71fe15fa0 RCX: 00007ff71fb9ce59
[ 1566.361753][    C1] RDX: 0000000000000000 RSI: 0000200000001100 RDI: 0000000000000000
[ 1566.369719][    C1] RBP: 00007ff71fc32e6f R08: 0000000000000000 R09: 0000000000000000
[ 1566.377678][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1566.385638][    C1] R13: 00007ff71fe16038 R14: 00007ff71fe15fa0 R15: 00007fffc7c39488
[ 1566.393610][    C1]  </TASK>