last executing test programs:

12m51.248242467s ago: executing program 32 (id=203):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(0x0, 0x80242, 0x100)
write$FUSE_CREATE_OPEN(r2, 0x0, 0x0)
socket(0x15, 0x5, 0x0)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
write$UHID_INPUT(r2, 0x0, 0x0)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r4, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r3, 0x40000000)
syz_open_dev$vbi(0x0, 0x0, 0x2)

11m18.734571034s ago: executing program 33 (id=394):
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/fscaps', 0x101000, 0x3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82)
r3 = fanotify_init(0x81, 0x40000)
fanotify_mark(r3, 0x105, 0x40001032, r2, 0x0)
read$FUSE(r3, &(0x7f0000002300)={0x2020}, 0x2020)

8m40.921565256s ago: executing program 34 (id=731):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x8)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)

7m30.180473162s ago: executing program 35 (id=883):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x27, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002200)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000180)={0x2020}, 0x2024)

7m27.84931296s ago: executing program 36 (id=858):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80d5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000440)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000001a00)=""/4099, 0x1003}], 0x1}}], 0x1003, 0x10122, 0x0)

7m21.872491613s ago: executing program 37 (id=870):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x4000000000000fc, 0x2400c814)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b700000028000000bca30000000000002403000006feffff7b0af0ff0000000079a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300"/4140], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)

7m15.336880194s ago: executing program 38 (id=881):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
writev(0xffffffffffffffff, 0x0, 0x0)
unshare(0x480)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x202}], 0x18}, 0x0)
recvmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000640)=""/219, 0xdb}], 0x2}}], 0x1, 0x60, 0x0)

7m11.288313174s ago: executing program 39 (id=892):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
chdir(0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r3, 0x6, 0x3, &(0x7f0000000040)=0x24, 0x4)

7m5.389365951s ago: executing program 9 (id=903):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r3, 0x0, 0x8, 0x0, 0x1)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x8916, 0x0)
ioctl(0xffffffffffffffff, 0x8936, &(0x7f0000000000))
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r4)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000140)='zonefs\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)
recvfrom(r5, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)

7m4.368269262s ago: executing program 9 (id=904):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r2, 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)=ANY=[@ANYBLOB="30000000000000000000000000000000000000000000000000000000000000000404"], 0x0, 0x0, 0x0, 0x0})

7m3.354942025s ago: executing program 9 (id=905):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x328000, 0x81f}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, 0x0)

7m2.156802806s ago: executing program 9 (id=906):
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
truncate(0x0, 0x40000)
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7m1.830512735s ago: executing program 9 (id=907):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x100809, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180)
chdir(&(0x7f0000000000)='./file0\x00')
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
socket$unix(0x1, 0x5, 0x0)
setresuid(0x0, 0x0, 0x0)
setpgid(r0, r0)
setpgid(0x0, r0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)

7m1.667712693s ago: executing program 9 (id=908):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffeffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file4\x00', 0xa18c14, &(0x7f00000005c0)={[{@fat=@nfs}, {@iocharset={'iocharset', 0x3d, 'koi8-ru'}}, {@utf8no}, {@fat=@time_offset={'time_offset', 0x3d, 0x1cf}}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@rodir}, {@shortname_win95}, {@numtail}, {@shortname_lower}, {@uni_xlateno}, {@rodir}, {@uni_xlate}, {@shortname_win95}]}, 0x88, 0x29b, &(0x7f0000000180)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==")
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = inotify_init()
mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
inotify_add_watch(r1, &(0x7f0000000300)='./file0\x00', 0x6000189)
fanotify_mark(0xffffffffffffffff, 0x1, 0x40001008, 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00')
unlink(0x0)

7m0.347034398s ago: executing program 0 (id=893):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x98, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}}, 0x0)

6m59.335239029s ago: executing program 0 (id=909):
syz_emit_ethernet(0xb1, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "081f20", 0x7b, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, [{0x0, 0x9, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac150"}, {0x19, 0x1, "020000000400000126000400"}, {0x18, 0x1, "0033e4756e009263e712da"}, {0x18, 0x1, "45976e75e433"}]}}}}}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket(0x80000000000000a, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}})

6m57.892813493s ago: executing program 0 (id=911):
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_disconnect(0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4, 0x0, {}, 0xfd}, 0x18)
connect$can_j1939(r3, &(0x7f0000000080)={0x1d, r4, 0x0, {0x0, 0x0, 0x2}, 0xfe}, 0x18)
sendmsg$can_j1939(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0)
sendmsg$can_j1939(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20000081}, 0x480c4)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x74, r2, {0xfff3, 0x10}, {0xfff1, 0x9}, {0xd, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x48040}, 0x20000050)

6m56.374162365s ago: executing program 0 (id=914):
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
truncate(0x0, 0x40000)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x6, 0x5, 0x8, '\x00', 0x1})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6m56.171081264s ago: executing program 0 (id=915):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x100809, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180)
chdir(&(0x7f0000000000)='./file0\x00')
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r2, 0x0)
setpgid(r0, r0)
setpgid(0x0, r0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)

6m55.974865017s ago: executing program 0 (id=917):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x98, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}}, 0x0)

6m54.699713362s ago: executing program 4 (id=919):
truncate(0x0, 0x96f)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000140)={0x1, 0x1d, &(0x7f0000000ac0)="e2868f4aefac7a67561422c516dc175845e997f8169837a09b4366393e"})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r1, 0xc8b93000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r4, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20)

6m53.039799862s ago: executing program 4 (id=920):
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r0, 0xc0145b0e, &(0x7f0000000000))

6m52.887350206s ago: executing program 4 (id=921):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0x1a2)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r1, 0x8, 0x80000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = gettid()
r3 = getpid()
rt_tgsigqueueinfo(r3, r2, 0x1, &(0x7f00000003c0)={0x18, 0x1851, 0x6})
ptrace$ARCH_SHSTK_DISABLE(0x1e, r2, 0x3, 0x5002)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_setup(0x5d59, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000001600)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
ioctl$LOOP_SET_STATUS(r5, 0x4c02, &(0x7f0000000000)={0x0, {}, 0x0, {}, 0xb0, 0x6, 0x13, 0x0, "0c449f9069584bd7896acc94537bb3d1e1ce3cda422f8ef8d863bc3a8a03e9a61cdbdfdda13e4328ceeda87aa3ec552d3160b65c097552749cc74fd2aff66adc", "c9dc81b7e58abb1b5c50a539c87c778099ca9cbe6bcbbf3b12ff0c6f6e424e7d", [0x7, 0x401]})
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
ioctl$BLKRRPART(r5, 0x125f, 0x0)
io_uring_enter(0xffffffffffffffff, 0x592, 0xb467, 0x45, &(0x7f00000000c0)={[0xd87]}, 0x8)
ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000cab000)=0xfffffffffffffe16)

6m52.766744076s ago: executing program 40 (id=901):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x43, 0x0, 0x41000, 0x1, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)=@xdp={0x2c, 0x3, 0x0, 0x6}, 0x80, 0x0, 0x0, &(0x7f0000000480)}, 0x4040804)
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000340)='./file1\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0x0, 0x5565, &(0x7f000000c100)="$eJzs3E1vG8UbAPCxk7T/Nv2XCHHg1kUVUiLVVpyXCm4BWvGaKipw4ASO7VhubG8UO07IqQeOiAPfBIHEiSOfgQNnbogDiBsSyDub0lcRETum6e8nrZ+d2dnHM6vE0bMbOQDPrLnk918L4XK4EEKYCiFcCiHbL+RbZi2GF0MIV0IIxfu2Qt5/r+NcCOFiCOHyMHnMWcgPfXltcHX1l3d+++6H89OzX3374+RWDUzayyGEzk7c3+/EmDZjvJP3VwetLHZWBnmMBzrbeTuNcb+xmWXYrx6Nq2ZxuRnHpzt7vWHcaldrw9hsbWX9O934hr1B8yhPdsKd6m7Wrjc2s9jqpVlsHsZ5HRzGz7bDXj/mqef5Ps3Sh37/KMb+xkEjrmdnO4u1bj/vj3nTeuNgGAd57KXZJ2iope16No/Nk13r/7CX3mt19w6SQWO310q7yWq58kq5cr1U2U3rjX5jpVTt1K+vJPPN9nBYqd+odtaaadpsN8q1tLOQzDdrtVKlkszfaGy2qt27lUp5ubxYWl1I4t615M1bHybtejI/jK+3unv9VruXbKW7STxjIVkqL7+6kFytJO+vbyQbt2/eXN/44OMbH916bf3tN/JBj0wrmV9aXFoqVRZLS5WFk12Aka4/GfP6P8snPcL1w4kUJj0BgKeP+h+YhPHV/7u3Q3i0/i+OuP4P463/47izX///2/r3/DHr39l/qH+n75/L4+rf4d9D9f/41g8nov4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhm/TTz9VvZzlxsz+b9/8+7ns/bhRBCMYTw52NMhXMP5JzK88w8YfzMQ3P4vhCyDMP3OJ9vF0MIa/n2x3PjvgoAAABwdn1z98oXsVqPL3PHOuvCmGfFKYk3bYqXPhlRvkIIYWbu5xFlKw5fXhhRsuznezocjChbdgPrfyNKFm+5TY8q27Fkv+7vxnBvJVkoxFB8+IyRrRYAAJiYqQfC6VYhAAAAnKbPn3hk+1TnwSkrhKNHmUfPgrP/vP/7Yd+F2PboDwAAAJ5ehUlPAAAAABi7rP73/X8AAABwtsXv/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAvdu7lRm0gjAP4Z2MH8lJQlHtayQ3KSAk55hhRQJqgBNJCGqAGcksJK1jh8aL1in2wHoN29ftJ9mDL/D3D4zBj6QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjSv3o1//Pr6+++OdtdP3lGAwAAAByzqVfz5sU0Hb9vz39sT31uj4uIKCPi2Nx9FG86maM2p77n+vpOH/5GNAn7e4zb7V1EfEvbLj4N/SkAAADAq1Ttd+vFcpZm62k3vXSv6O2E7zAt2pQfvme6dRER9fR/prRyn/clU1jz+67iZ6a0ZgFrkiksLblVudKepPm7H1btJreaIjXlw+/PNnYAAOCMRp3mvLMQAAAAzunHpTvAEN4+ekURN48yD8apmXQiPOwDAACAl6u4dAcAAACAwTXz/1Pq/8Xxen7jTv2/Knv9v7hS/w8AAACeLdX/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYEibejVfL5azvjnbXT95RgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwzf68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw5nd/+T8xNc4kc6+NpeeRZO3U2Do19s6Noz+Mr18DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzR7375PzE1ziRzp42l45Fk7aqxddXYe9A4ejDe/g0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zczONq2Ka5Q9RETBg17sdltbexMPSvDgnyCEdFtjt/5oc7ClCLl4k5x7ET2KCEq89R/w1JvQQi/11sMeKojgZWVmZ7KTJujG4MyafD7w5n13M5n3fW8h5DtvEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDR6axon2aEziePivbuPbq5m/b3H+sztzftLWcviqM6k/x9eqL6Ius0lAgAAwNGRlPV9COFBurWc9XEnr//T8pys5v/6qUlc1vOP1/1lX9b+Wfvpx4fPbQ/UmYyTXfTi2nBwancqrf9ulvPt6X88o5WvfH7vJck/kPjdjWdHab6e0Zd37rzdzsNjdWQLAPwbJ8u+CMrfh7K+32RiABwZrUrhXdT/fySdhpMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqMFoIzxRxlEIYak1jTP3Ht1c3au/vXl/qWznbt3arF4zu0QaQri4NhycqnEu8+7a9RuXV4bDwdX6gxdDCE2N/mYx/cvvz3ByCI2sz98ECwdZuj/H4/G+vmthHqZ8gCAuPuwZTm7PS87NBw3+UAIA4FBKi5bV9Q/SreXsvWgxhPE3O+v/VypxmLH+f/jBubvVsar1f7+2Gc6/3vqVT3rXrt94be3KyqXBpcFHr5/uv9E/c/7s2fO9/F5Jzx0TAAAADqZdtGr9Hy/u3v8/UYnDjPX/p1/1P5+O9Et+VP/vNt30azoTAACAo+2Zl37/Ldrj/ajdDp+trK9f7U+O269PT44NpLpvx4pWrf+TxaazAgAAAOow2oh27P9fqMRhxv3/J799/vvqNZMQwvFi///k6sfDC/VNZ67V8efETc8RAACAZh0vWnX/P82f/4+3H3mIQwivvjyJi38DOFP9n7zzxXfVsZLK8/9n6pviXIq7k/XI+24Ire6OL//cWGIAAAAcSgtFy4r9X9Ot5Q9/OPFe2/P/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHX7KwAA//+5GTzU")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000200)={0x7, 0x8, 0xfa00, {0xffffffffffffffff, 0x8}}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, &(0x7f0000000000))
r4 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
read$FUSE(r4, &(0x7f0000002c00)={0x2020}, 0x2020)

6m51.47270558s ago: executing program 4 (id=924):
r0 = open(0x0, 0x80ff, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300))
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

6m48.431394322s ago: executing program 4 (id=927):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x100809, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180)
chdir(&(0x7f0000000000)='./file0\x00')
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r2, 0x0)
setpgid(r0, r0)
setpgid(0x0, r0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)

6m48.180516952s ago: executing program 4 (id=928):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000000004026093333400000000001090224"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
fanotify_init(0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x20201)
r3 = syz_io_uring_setup(0x1248, &(0x7f0000000200)={0x0, 0xd5a1, 0x1, 0x40000002, 0xb8}, &(0x7f0000000400)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="ad000000", 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
socket$netlink(0x10, 0x3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xdfffffffffffffff, &(0x7f0000000340)=[0xffffffffffffffff], 0x1, 0x0, 0x1})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

6m46.295627864s ago: executing program 41 (id=908):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xffffeffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file4\x00', 0xa18c14, &(0x7f00000005c0)={[{@fat=@nfs}, {@iocharset={'iocharset', 0x3d, 'koi8-ru'}}, {@utf8no}, {@fat=@time_offset={'time_offset', 0x3d, 0x1cf}}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@rodir}, {@shortname_win95}, {@numtail}, {@shortname_lower}, {@uni_xlateno}, {@rodir}, {@uni_xlate}, {@shortname_win95}]}, 0x88, 0x29b, &(0x7f0000000180)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==")
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = inotify_init()
mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
inotify_add_watch(r1, &(0x7f0000000300)='./file0\x00', 0x6000189)
fanotify_mark(0xffffffffffffffff, 0x1, 0x40001008, 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00')
unlink(0x0)

6m44.228208955s ago: executing program 2 (id=933):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8005, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
cachestat(r3, &(0x7f0000000000)={0x9}, 0x0, 0x0)

6m42.633344329s ago: executing program 2 (id=934):
syz_mount_image$hfs(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB=',codepage=cp932,iocharset=cp950,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c00d2e09cb146b36a8131224f0f127f5e8d04e2bbe426c60488808df8641591b68a8b7c085cc8e9c463dd43d24726d6f642101ac0ccc18416291ec3177c3cb822e5cd4cb73bbcb6aeb403b5dea39495f0a68b39c4036e0df4d541419aef1901623cd5891352a3eeddc79869231d6bdb424a1c1a8053d2d83a8a76cb6b31ea8a126dc15e944b7d5e07508c80ce2ac8d567acf26223f85df3d18ff71cdb13f6f5b22b7a501c7def3382a7b1da9f40b3eed3e1f5693814ac69696a94e7df079007fce4fd428e162597dd55468d21db3448565103d37dd4179c1b915fb218c3ae7c0561eba266b5ba21c0c40a3f15cfde776a28560209d9cd6d1cc722951895297e32763345381cc77809cc23091a1777191d287dd1ff38c8af1da0352dcca818cde2b0ee"], 0x5, 0x354, &(0x7f0000000100)="$eJzs3c9LFk8cB/D37I/Hfb6K300NoVNYQidROxRdkpAu/QMdQjJ9BHEzSIMSIutaRLcg6Nitc9S/UJeoP6BOHqJTXSSijZn9vc/sum7q+uD7BT3sszuz85lnZvaZUWxAREfWpdkvr85uyX/CBmACuAAYABzAAnAco86d1fXunH3Zt2Z8JBDkFF1XFlY7uhgchDlCrnxnYSB9jvaH7/v+1x1T/TiQWKg5Ij1OU4xgoFvROHYOPLL9sdn1ADsCUi0strGNuxhsMhwiImpe+P1vhN8SA+H83TCA8XAe3uvf/5n5zXZzcRwK8fe/Ebz3hfx8/leX5Hpved3rLAZLONn6RrRK1N1L2yf85ONuIehZZn9qypUqRU/FYrSXlr3OxKa6wSNcDKWSjajXRUQVUYqibQWpxuK1aSVldS/Xr+pgyzpMF8Q/XFaidgH87hue64ub+6A7m6ureC8+ijnh4gUW4/mf5QvZTKql3NxQCeKfLKllFKbXmczUMgn/mCrkRFgC3r5Oatku+lwdmDKWrFZSj/z83Y3ifNbS31CdHkL2xwpB7aaKa6dyDQOWUKuGdK7pONEvba6RfFntJdvrTCzc8oo6/d7SrujEU3FVjOE73mA2Nf83ZOpxFI/MzCgXKmXYM0rrY6mUXe2ooYbmzV2NTFIuZ8drpTxPcAPnMbh2b2Nl3vM6t5s/iIZKzewnPU8+EfYsnqAjht1RnoF6wsVp4MgDG0D9slqfM2f++L6vTWzhIJrAVlU99zKp8sbKvAifeXHi336NIuSTM3dppjgxgJmkKaMnQp16PYhzVe8brirrp2xtdSbTIe3oIIpKXYq67v60TlRU5pKJvkojpV2j0Cv3V+a9Wk8i6jFJo2P0WtPBUBPkfEEE67/UemVSPXXki1uy/rGzb9tdCVJ3nCpYAQ2p1/+qreDi2xbOE/ujgx3WXKfOAKdzJRqISnyYv60bxonD+FvJ3f8qQ8ziE67z5/9ERERERERERERERERERERERERERL1mzXgcHlT7C4E6f06QLXHrCP7HG0RERERERERERERERERERERERERERERE/ya1/y9gqh1jWrr9f8t2alLMYIcYp3v/30TV/X/NCvv/is1e3ouM6FD4GwAA//9MFFRZ")
r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r0, &(0x7f0000002240)=""/237, 0xed, 0x4eb)

6m42.465620013s ago: executing program 2 (id=935):
chdir(&(0x7f0000000040)='./file0\x00')
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x800, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x26, 0xa, 0x0, 0x0, 0x0, 0x61, 0x10, 0x94}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)

6m41.372074386s ago: executing program 2 (id=936):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})

6m41.234382931s ago: executing program 2 (id=937):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x100809, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180)
chdir(&(0x7f0000000000)='./file0\x00')
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r2, 0x0)
setpgid(r0, r0)
setpgid(0x0, r0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)

6m41.092755185s ago: executing program 2 (id=938):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)=ANY=[@ANYBLOB="30000000000000000000000000000000000000000000000000000000000000000404"], 0x0, 0x0, 0x0, 0x0})

6m40.819307726s ago: executing program 42 (id=917):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x98, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}}, 0x0)

6m32.814915543s ago: executing program 43 (id=928):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000000004026093333400000000001090224"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
fanotify_init(0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x20201)
r3 = syz_io_uring_setup(0x1248, &(0x7f0000000200)={0x0, 0xd5a1, 0x1, 0x40000002, 0xb8}, &(0x7f0000000400)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="ad000000", 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
socket$netlink(0x10, 0x3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xdfffffffffffffff, &(0x7f0000000340)=[0xffffffffffffffff], 0x1, 0x0, 0x1})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

6m25.534704005s ago: executing program 44 (id=938):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)=ANY=[@ANYBLOB="30000000000000000000000000000000000000000000000000000000000000000404"], 0x0, 0x0, 0x0, 0x0})

5m2.438199548s ago: executing program 6 (id=1118):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r0, 0x0)
r1 = dup2(0xffffffffffffffff, r0)
creat(&(0x7f0000000140)='./bus\x00', 0x43)
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x1000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{0x104, 0x80, 0x0, 0x6a8}, 'syz1\x00', 0x2f})
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x4)
ioctl$UI_DEV_CREATE(r3, 0x5501)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006300)={0x2020, 0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(r1, &(0x7f0000000680)={0x2020}, 0x2020)
r7 = getuid()
fstat(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setxattr$system_posix_acl(&(0x7f0000000040)='./bus\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {0x1, 0x4}, [{0x2, 0x1}, {0x2, 0x1}, {0x2, 0x7}, {0x2, 0x4, r6}, {0x2, 0x4, 0xffffffffffffffff}, {0x2, 0x1, r7}], {0x4, 0x2}, [{0x8, 0x4}, {0x8, 0x0, r8}], {0x10, 0x1}, {0x20, 0x2}}, 0x64, 0x1)

5m1.435668488s ago: executing program 6 (id=1119):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x1)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000021c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

5m0.440942694s ago: executing program 6 (id=1121):
syz_usb_connect(0x2, 0x46, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000f3c7c820da059a0095620102030109023400010000000009049200030f62760009051cc200000000000705e37e1b82e60905f2"], 0x0)

4m55.61779619s ago: executing program 6 (id=1132):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000180)=0x3)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x804, 0x0, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x40881, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x9, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000ae000000540022c23031"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, r4}, 0x94)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
mmap$binder(&(0x7f000023d000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x6)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x8, 0x0, 0x0)
connect$inet(r6, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f00000000c0)={'fl512\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x2000001, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x40400, 0x8, 0x48f3, 0x1ff, 0x80000089, 0xa, 0x1400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x7ffffff, 0x485b]})
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000007, 0x12, r8, 0xbc7ae000)
sendmsg$NFT_BATCH(r7, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a050000000000000000000700000a0900010073797a30000000003c000000090a010400000000000000000700000308000a40000000000900020073797a31000000000900010073797a30000000000800054000000021900000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000640003806000008004000180580007800b000100746172676574000048000280080002400000000230000300b08c674515113085726709225a7547b6f14c1aa7a7202afc0811618e3b5a514fb651ff7360e7749fe5bee39009000100534e4154"], 0x114}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000019c0)=@raw={'raw\x00', 0x4001, 0x3, 0xa38, 0x0, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x880, 0x8e8, 0x0, {0xff0f000000000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@u32={{0x7e0}, {[], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa98)

4m52.01434927s ago: executing program 6 (id=1139):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f00000000c0)={0xeeee8000, 0x118000})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

4m48.801844127s ago: executing program 6 (id=1145):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2022, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1)

4m33.680805129s ago: executing program 45 (id=1145):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2022, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1)

12.805559944s ago: executing program 1 (id=1778):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = io_uring_setup(0x28a6, &(0x7f0000000100)={0x0, 0xfffffffd, 0x2, 0x0, 0x2})
io_uring_enter(r3, 0x64f5, 0x90f4, 0x1, 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r4, r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x10, &(0x7f0000000480)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1234}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r6, r6}, &(0x7f0000000600), &(0x7f0000000640)=r5}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

11.182339005s ago: executing program 3 (id=1781):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r3, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r3, 0xda90)
accept4(r3, 0x0, 0x0, 0x0)

11.137567495s ago: executing program 1 (id=1782):
prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setpriority(0x0, r0, 0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000080), 0x4)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
getdents64(0xffffffffffffffff, 0x0, 0x0)

10.707728185s ago: executing program 8 (id=1783):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c0", 0x24}], 0x1}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r4 = accept4(r3, 0x0, 0x0, 0x800)
pwritev(0xffffffffffffffff, &(0x7f0000000d80)=[{&(0x7f0000000780)="42ebe7f5d8dde5f3e9c5c7e7bc09d8d80f373ae4dc85e6cb597bd322663b986ff272399bec41d811a763bcd2cdc221d2ac6cdeeca815ce250ce959444e7f296cb11433530cfccd0c6f450147b46eb5bbe281810c76577aaf554801815d1ee516cc0752832233d7610ce165a593e43cbaa4f52db28e5aead94767ad0d0ccf1cd422fcfd87e848c94a2be6e254d827012967db0758c0fa31fff90c60693957939c8ce4ed025b", 0xa5}, {&(0x7f0000000880)}, {&(0x7f0000000540)="b4e007f06d056aa0367c7356f83c", 0xe}, {&(0x7f0000000980)="3d0296eb70593b74da27ad0ef43cdfacca013f61136666b092f154b82202e7f3b41215fbe3e3381a66b6abde7af0a9f608998408bae2f97394d17cd4fad43a83137abc47e294c03e1c127933e4a232eb62112ca14d3b2323af2120ec24e17f1fc1758194dc4f9774968f41354ff3b7d7f445a29938c18743b5d93c123c4a67c469d256d9f076c29593f9648b5a1bd4195a3d7059007458b7dcc193efed2bfc25fe4cf69d8cc14a45105d48307cb7b27e4938d9d0d3c60b47bf599136cac2f29f", 0xc0}, {&(0x7f0000000580)="1ab9a1fec95331b4b1bb5f840b0a198cb5add980a1e5cd402aaabeb7a27d1418376394238ae0a1ca9cc4187957fdca8dfa1151a311e577e146", 0x39}, {&(0x7f0000000700)}, {&(0x7f0000000a80)}, {&(0x7f0000000d00)}, {&(0x7f0000000ac0)="50591ee1c54cb070964417fd1f4ffe5a57c4ff8a3c5c5ce1d3957dfc44e8e17c719084f4e8da23c0e4667eeda56ce5d4d14d904f", 0x34}], 0x9, 0x4d9e, 0x8)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9.942948683s ago: executing program 8 (id=1784):
r0 = socket(0x1d, 0x2, 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0)
bind$can_j1939(r0, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18)
sendmmsg$inet(r0, &(0x7f0000002e00)=[{{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000080)="e771e40000000073", 0x8}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
syz_usb_connect(0x4, 0x0, 0x0, 0x0)

9.185216628s ago: executing program 8 (id=1786):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x1800)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x6e)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x7, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
fsopen(&(0x7f00000000c0)='ubifs\x00', 0x0)
socket$netlink(0x10, 0x3, 0x15)
lsetxattr$security_capability(0x0, &(0x7f0000000100), 0x0, 0x0, 0x0)
truncate(&(0x7f0000000180)='./cgroup/cgroup.procs\x00', 0x7)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r5, @ANYRES16=r1, @ANYRESDEC=0x0, @ANYRESOCT=r4, @ANYRESDEC=0x0])
write$FUSE_INIT(r5, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x27, 0x1000, 0x30000, 0x0, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x10}}, 0x50)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'netdevsim0\x00', &(0x7f0000000100)=@ethtool_wolinfo={0x3, 0x8, 0xfffffffd, "e50001000082"}})
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r4, 0x111, 0x5, 0xb31c, 0x4)
ioctl$AUTOFS_IOC_FAIL(r6, 0x4c81, 0x6)
socket(0x10, 0x803, 0x0)

8.853851643s ago: executing program 1 (id=1787):
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r5, {0x10, 0xfff3}, {}, {0xa, 0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @mcast1}, @TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}]}}]}, 0x50}}, 0x40040)
sendmsg$inet(r2, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

8.83361186s ago: executing program 3 (id=1788):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

8.201785029s ago: executing program 3 (id=1790):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0x10)
r1 = socket(0xa, 0x5, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000080)={0x7, 0x0, 0x46, 0x7, r3}, &(0x7f00000001c0)=0x10)

7.854217574s ago: executing program 3 (id=1791):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000200304306000000000000109022400010000000009040000010300000009"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\"\v'], 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00140d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7.529148072s ago: executing program 5 (id=1792):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
writev(0xffffffffffffffff, 0x0, 0x0)
unshare(0x480)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x202}], 0x18}, 0x0)
recvmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)=""/229, 0xe5}, {0x0}], 0x2}}], 0x1, 0x60, 0x0)

6.949369923s ago: executing program 5 (id=1794):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001480)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
recvmmsg(r2, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0)

6.355555989s ago: executing program 7 (id=1795):
r0 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f00000001c0)='./file0\x00', 0x4000064f)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x4c0f, 0x400, 0x3, 0x288}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@remote, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
readv(r7, &(0x7f0000000240)=[{&(0x7f0000000280)=""/24, 0x18}, {0x0, 0x12}], 0x2)
io_uring_enter(r4, 0x12a8f, 0xf264, 0x40, 0x0, 0x0)
gettid()
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x44, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_REPAIR(r9, 0x6, 0x13, &(0x7f0000000180), 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000000200)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, 0x0, &(0x7f0000000080))
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r8, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0xfffffff7}, 0x0)

5.958233683s ago: executing program 5 (id=1796):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

5.469539916s ago: executing program 8 (id=1797):
prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setpriority(0x0, r0, 0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000080), 0x4)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
getdents64(0xffffffffffffffff, 0x0, 0x0)

5.272739537s ago: executing program 8 (id=1798):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r3, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r3, 0xda90)
accept4(r3, 0x0, 0x0, 0x0)

5.142799941s ago: executing program 5 (id=1799):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
mmap(&(0x7f00001ab000/0x4000)=nil, 0x4000, 0x0, 0x858cb0e9afead038, 0xffffffffffffffff, 0x0)
listen(r1, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4000800}, 0x841)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r2)

4.880860679s ago: executing program 1 (id=1800):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000180)=0x3)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x804, 0x0, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x40881, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x9, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000ae000000540022c23031"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, r4}, 0x94)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
mmap$binder(&(0x7f000023d000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x6)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x8, 0x0, 0x0)
connect$inet(r6, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f00000000c0)={'fl512\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x2000001, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x40400, 0x8, 0x48f3, 0x1ff, 0x80000089, 0xa, 0x1400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x7ffffff, 0x485b]})
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000007, 0x12, r8, 0xbc7ae000)
sendmsg$NFT_BATCH(r7, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a050000000000000000000700000a0900010073797a30000000003c000000090a010400000000000000000700000308000a40000000000900020073797a31000000000900010073797a30000000000800054000000021900000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000640003806000008004000180580007800b000100746172676574000048000280080002400000000230000300b08c674515113085726709225a7547b6f14c1aa7a7202afc0811618e3b5a514fb651ff7360e7749fe5bee39009000100534e4154"], 0x114}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000019c0)=@raw={'raw\x00', 0x4001, 0x3, 0xa38, 0x0, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x880, 0x8e8, 0x0, {0xff0f000000000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@u32={{0x7e0}, {[], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa98)

3.693377873s ago: executing program 1 (id=1801):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x26}, @NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0xfff9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r9, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000000)={0x80, 0x8, 0x2, 0xe05, 0xe7, 0x4})
close_range(r0, 0xffffffffffffffff, 0x0)

3.636079701s ago: executing program 5 (id=1802):
ioperm(0x4, 0x8, 0x5)
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="01"], 0x8, 0x0)
msgrcv(r0, &(0x7f00000004c0)={0x0, ""/84}, 0x5c, 0xda72ed5a9dc29567, 0x2000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet(0x2, 0x3, 0x2f)
getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f0000000040), 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x4b0, 0x4000000, 0xf0, 0xffffffff, 0x0, 0x310, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x510)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r6, &(0x7f0000000580)=ANY=[@ANYBLOB="460001"], 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x2f}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.621317641s ago: executing program 3 (id=1803):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xe}, {0xffff}, {0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x51}, 0x40040)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, 0x0)

2.541623292s ago: executing program 7 (id=1804):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000006c0)={0x40006, 0x4, 0x8})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000080)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
fcntl$dupfd(r2, 0x0, r1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
close_range(r0, 0xffffffffffffffff, 0x0)

2.022169257s ago: executing program 7 (id=1805):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r2, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)

1.626600167s ago: executing program 7 (id=1806):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375e", 0x2a}], 0x1}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r4 = accept4(r3, 0x0, 0x0, 0x800)
pwritev(0xffffffffffffffff, &(0x7f0000000d80)=[{&(0x7f0000000780)="42ebe7f5d8dde5f3e9c5c7e7bc09d8d80f373ae4dc85e6cb597bd322663b986ff272399bec41d811a763bcd2cdc221d2ac6cdeeca815ce250ce959444e7f296cb11433530cfccd0c6f450147b46eb5bbe281810c76577aaf554801815d1ee516cc0752832233d7610ce165a593e43cbaa4f52db28e5aead94767ad0d0ccf1cd422fcfd87e848c94a2be6e254d827012967db0758c0fa31fff90c60693957939c8ce4ed025b", 0xa5}, {&(0x7f0000000880)}, {&(0x7f0000000540)="b4e007f06d056aa0367c7356f83c", 0xe}, {&(0x7f0000000980)="3d0296eb70593b74da27ad0ef43cdfacca013f61136666b092f154b82202e7f3b41215fbe3e3381a66b6abde7af0a9f608998408bae2f97394d17cd4fad43a83137abc47e294c03e1c127933e4a232eb62112ca14d3b2323af2120ec24e17f1fc1758194dc4f9774968f41354ff3b7d7f445a29938c18743b5d93c123c4a67c469d256d9f076c29593f9648b5a1bd4195a3d7059007458b7dcc193efed2bfc25fe4cf69d8cc14a45105d48307cb7b27e4938d9d0d3c60b47bf599136cac2f29f", 0xc0}, {&(0x7f0000000580)="1ab9a1fec95331b4b1bb5f840b0a198cb5add980a1e5cd402aaabeb7a27d1418376394238ae0a1ca9cc4187957fdca8dfa1151a311e577e146", 0x39}, {&(0x7f0000000700)}, {&(0x7f0000000a80)}, {&(0x7f0000000d00)}, {&(0x7f0000000ac0)="50591ee1c54cb070964417fd1f4ffe5a57c4ff8a3c5c5ce1d3957dfc44e8e17c719084f4e8da23c0e4667eeda56ce5d4d14d904f", 0x34}], 0x9, 0x4d9e, 0x8)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.444654139s ago: executing program 8 (id=1807):
syz_emit_ethernet(0x36, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000540)={{}, {0x18}})
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008041)
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x200088d0)
r1 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(r2, 0x0, 0x4)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r3, 0x707, &(0x7f00000002c0)={&(0x7f00000001c0)=[{0x2, 0x8411, 0x22, &(0x7f00000006c0)="0203204bdcc36cda8907f47563863d1428f47b34551c000bce0f6bc6584f11a7489c"}], 0x1})
syz_usb_control_io$lan78xx(r1, 0x0, 0x0)

1.434697379s ago: executing program 3 (id=1808):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8005, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r1, r1, 0x0, 0x200000)
cachestat(r1, &(0x7f0000000000)={0x9}, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000000)='\x00', &(0x7f0000000140), 0x0)

1.001767774s ago: executing program 1 (id=1809):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000010000)=ANY=[], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x1, &(0x7f00000001c0)='\x00'}], 0x1})

376.728754ms ago: executing program 7 (id=1810):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

20.073782ms ago: executing program 7 (id=1811):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="0200000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="b46ae6580fa0baedd557967b1809beaf53be985eb37c71a64f1c8d15fcbc5ce83e7c1566a560c4cd570cc7c85f5d239105c0f465c3755dc087860848dd893326d12af4035907a03f7df684331382f6fe3833bfde7331133ca643f5697732bd659e54831ac91d899d3555765f6aa765f3ff1b1aedb239494187c8e0935f39ee0acc0446e8e5abe1e657dabda1309de7d8ccf05cc95ec456508dfab47bd7fb6079bd1ba82eff5397d4dbb97e52dd656b738b73d6f79945b07b43f6e6ba802d9a5b5c24acad648e9c97483a45b8178c0481409d13a225c1ae5cf67b4bb296f01534784246f089bf03376a0a", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000ffffb703000008000000b70400000000000085000000010000009559b4703cc9e322c15921f7a834ceb48776cdef70fe8c"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_socket_connect_nvme_tcp()
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'team_slave_0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @private0={0xfc, 0x0, '\x00', 0x1}, [], [0xff], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4ea4, 0x0, @local, 0x9}, 0x1c)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f00000002c0)="05031600d3fc140000004788031c09103328", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r5 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x635c, 0x1f480, 0x0, 0x399})
ioctl$MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0)
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x0)
io_uring_enter(r5, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd)

0s ago: executing program 5 (id=1812):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000)
r1 = syz_io_uring_setup(0x4ed, &(0x7f0000000300)={0x0, 0xfec9, 0x0, 0xff7ffffc, 0x274}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r1, 0xdb4, 0xd070, 0x0, 0x0, 0x0)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r0, 0x800c5012, &(0x7f0000000200))

kernel console output (not intermixed with test programs):

563][T11305] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1060 (11305)
[  637.017075][T11305] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  637.027318][T11305] BTRFS info (device loop3): using crc32c checksum algorithm
[  637.036585][T11305] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  637.971377][T11305] BTRFS info (device loop3): rebuilding free space tree
[  638.012890][T11305] BTRFS info (device loop3): disabling free space tree
[  638.019939][T11305] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  638.030005][T11305] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  638.052171][T11305] BTRFS info (device loop3): enabling ssd optimizations
[  638.060242][T11305] BTRFS info (device loop3): turning on async discard
[  638.067158][T11305] BTRFS info (device loop3): enabling disk space caching
[  638.074334][T11305] BTRFS info (device loop3): force clearing of disk cache
[  638.081481][T11305] BTRFS info (device loop3): use zstd compression, level 3
[  638.457230][T11341] input: syz1 as /devices/virtual/input/input20
[  639.129115][T10257] BTRFS info (device loop6): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  640.971867][   T42] IPVS: starting estimator thread 0...
[  641.082130][T11369] IPVS: using max 25 ests per chain, 60000 per kthread
[  643.933971][T11395] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  644.859890][T11406] : entered promiscuous mode
[  646.225082][T10326] BTRFS info (device loop3): last unmount of filesystem b6b06ab5-dc0f-40e9-aac4-de5dcadbc47d
[  647.812386][T11442] loop7: detected capacity change from 0 to 32768
[  652.175742][T11476] loop3: detected capacity change from 0 to 1024
[  652.235216][T11476] EXT4-fs: Ignoring removed i_version option
[  652.241269][T11476] EXT4-fs: inline encryption not supported
[  652.525483][T11476] EXT4-fs (loop3): Test dummy encryption mode enabled
[  652.982492][T11482] loop5: detected capacity change from 0 to 32768
[  653.002313][T11482] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1089 (11482)
[  653.027783][T11476] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  653.042717][T11482] BTRFS info (device loop5): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  653.052994][T11482] BTRFS info (device loop5): using crc32c checksum algorithm
[  653.060535][T11482] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  653.957394][   T10] IPVS: starting estimator thread 0...
[  654.073975][T11482] BTRFS info (device loop5): rebuilding free space tree
[  654.104538][T11482] BTRFS info (device loop5): disabling free space tree
[  654.111794][T11482] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  654.121650][T11482] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  654.155352][T11482] BTRFS info (device loop5): enabling ssd optimizations
[  654.162541][T11482] BTRFS info (device loop5): turning on async discard
[  654.169335][T11482] BTRFS info (device loop5): enabling disk space caching
[  654.176564][T11482] BTRFS info (device loop5): force clearing of disk cache
[  654.183899][T11482] BTRFS info (device loop5): use zstd compression, level 3
[  654.191776][T11507] IPVS: using max 30 ests per chain, 72000 per kthread
[  656.193144][T10326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  656.411434][T11530] loop1: detected capacity change from 0 to 32768
[  657.942722][   T29] audit: type=1800 audit(1771575968.674:3): pid=11540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1097" name="/" dev="fuse" ino=4 res=0 errno=0
[  658.445708][T11548] loop3: detected capacity change from 0 to 32768
[  658.462095][T11548] BTRFS info: device /dev/loop3 (7:3) using temp-fsid 92c23e41-da2f-4413-ae79-5483ab16273d
[  658.472314][T11548] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1101 (11548)
[  658.543660][T11548] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  658.553990][T11548] BTRFS info (device loop3): using crc32c checksum algorithm
[  658.561416][T11548] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  658.778369][T11548] BTRFS info (device loop3): rebuilding free space tree
[  658.858815][T11548] BTRFS info (device loop3): disabling free space tree
[  658.865846][T11548] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  658.875787][T11548] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  658.890669][T11548] BTRFS info (device loop3): enabling ssd optimizations
[  658.897717][T11548] BTRFS info (device loop3): turning on async discard
[  658.904655][T11548] BTRFS info (device loop3): enabling disk space caching
[  658.911837][T11548] BTRFS info (device loop3): force clearing of disk cache
[  658.919035][T11548] BTRFS info (device loop3): use zstd compression, level 3
[  658.937732][ T9185] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  660.075422][ T9185] usb 2-1: config 0 has an invalid interface number: 146 but max is 0
[  660.412047][ T9185] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  660.419268][T10326] BTRFS info (device loop3): last unmount of filesystem 92c23e41-da2f-4413-ae79-5483ab16273d
[  660.582056][ T9185] usb 2-1: config 0 has no interface number 0
[  660.807651][ T9185] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0x1C, changing to 0xC
[  660.819340][ T9185] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  660.969350][ T9185] usb 2-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  661.031513][ T9185] usb 2-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 64
[  661.056140][T10587] BTRFS info (device loop5): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  661.062136][ T9185] usb 2-1: config 0 interface 146 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  661.215354][ T9185] usb 2-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  661.238482][ T9185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.295580][ T9185] usb 2-1: Product: syz
[  661.554560][T11591] loop7: detected capacity change from 0 to 32768
[  661.567941][ T9185] usb 2-1: Manufacturer: syz
[  661.602397][ T9185] usb 2-1: SerialNumber: syz
[  661.959722][ T9185] usb 2-1: config 0 descriptor??
[  662.269596][ T9185] usb 2-1: can't set config #0, error -71
[  663.466242][ T9185] usb 2-1: USB disconnect, device number 14
[  666.760500][T11632] loop5: detected capacity change from 0 to 4096
[  666.855560][   T24] IPVS: starting estimator thread 0...
[  666.972172][T11633] IPVS: using max 25 ests per chain, 60000 per kthread
[  667.424518][T11634] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  667.457605][T11631] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  668.223407][T11647] No such timeout policy "syz1"
[  669.109635][T11655] input: syz1 as /devices/virtual/input/input23
[  670.206096][T11661] loop7: detected capacity change from 0 to 32768
[  671.962108][ T5935] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  672.652778][ T5935] usb 7-1: config 0 has an invalid interface number: 146 but max is 0
[  672.706267][ T5935] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  672.768257][ T5935] usb 7-1: config 0 has no interface number 0
[  673.243985][ T5935] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0x1C, changing to 0xC
[  673.382040][ T5935] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  673.480055][ T5935] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  673.567333][ T5935] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 64
[  674.447994][T11706] loop1: detected capacity change from 0 to 4096
[  674.962056][ T5935] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  675.144540][T11711] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  675.155219][ T5935] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  675.167556][   T10] IPVS: starting estimator thread 0...
[  675.186651][T11701] NILFS error (device loop1): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  675.295088][ T5935] usb 7-1: string descriptor 0 read error: -71
[  675.324227][T11712] IPVS: using max 26 ests per chain, 62400 per kthread
[  675.397115][ T5935] usb 7-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  675.417334][ T5935] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.509243][ T5935] usb 7-1: config 0 descriptor??
[  675.548431][ T5935] usb 7-1: can't set config #0, error -71
[  675.620762][ T5935] usb 7-1: USB disconnect, device number 12
[  675.903918][T11724] binder: BINDER_SET_CONTEXT_MGR already set
[  675.933888][T11724] binder: 11720:11724 ioctl 4018620d 200000004a80 returned -16
[  679.678043][T11765] loop3: detected capacity change from 0 to 4096
[  680.274685][T11766] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  680.299988][T11764] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  681.922095][ T5935] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  682.150592][T11784] loop5: detected capacity change from 0 to 32768
[  682.162609][T11784] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1143 (11784)
[  682.198195][T11784] BTRFS info (device loop5): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  682.208408][T11784] BTRFS info (device loop5): using crc32c checksum algorithm
[  682.215952][T11784] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  682.254123][ T5935] usb 4-1: config 0 has an invalid interface number: 146 but max is 0
[  682.279184][ T5935] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  682.324558][ T5935] usb 4-1: config 0 has no interface number 0
[  682.330828][ T5935] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0x1C, changing to 0xC
[  682.391645][ T5935] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  682.424619][T11784] BTRFS info (device loop5): rebuilding free space tree
[  682.451905][ T5935] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  682.489044][T11784] BTRFS info (device loop5): disabling free space tree
[  682.496132][T11784] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  682.507246][T11784] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  682.527421][T11784] BTRFS info (device loop5): enabling ssd optimizations
[  682.534612][T11784] BTRFS info (device loop5): turning on async discard
[  682.541423][T11784] BTRFS info (device loop5): enabling disk space caching
[  682.548539][T11784] BTRFS info (device loop5): force clearing of disk cache
[  682.555812][T11784] BTRFS info (device loop5): use zstd compression, level 3
[  682.602100][ T5935] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 64
[  682.695471][T11801] syzkaller0: entered promiscuous mode
[  682.715021][T11801] syzkaller0: entered allmulticast mode
[  683.497307][ T9687] Bluetooth: hci1: command 0x0406 tx timeout
[  683.578578][ T5935] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  683.651745][ T5935] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  683.667126][ T5935] usb 4-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  683.676441][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.684552][ T5935] usb 4-1: Product: syz
[  683.688862][ T5935] usb 4-1: Manufacturer: syz
[  683.693575][ T5935] usb 4-1: SerialNumber: syz
[  683.701235][ T5935] usb 4-1: config 0 descriptor??
[  683.707380][T11778] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  683.724147][ T5935] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 130 is not bulk.
[  683.769133][ T5935] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  684.201905][T11818] loop7: detected capacity change from 0 to 40427
[  684.315661][T11818] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  684.323043][T11818] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  684.364939][T11818] F2FS-fs (loop7): invalid crc value
[  684.833861][T11818] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  684.887727][ T5935] usb 4-1: USB disconnect, device number 11
[  684.908301][T11818] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  684.915826][T11818] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  686.009438][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  686.016484][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  687.860429][T10587] BTRFS info (device loop5): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  688.084271][ T5845] Bluetooth: hci0: command 0x0406 tx timeout
[  691.470950][T11891] loop3: detected capacity change from 0 to 64
[  691.487237][T11891] hfs: unable to locate alternate MDB
[  691.498008][T11891] hfs: continuing without an alternate MDB
[  691.802654][ T5935] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  692.604494][ T5935] usb 6-1: config 0 has an invalid interface number: 146 but max is 0
[  692.632833][ T5935] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  692.649270][ T5935] usb 6-1: config 0 has no interface number 0
[  692.656858][ T5935] usb 6-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0x1C, changing to 0xC
[  692.669902][ T5935] usb 6-1: config 0 interface 146 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  692.862420][T11898] loop3: detected capacity change from 0 to 32768
[  693.040046][ T5935] usb 6-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  693.055565][ T5935] usb 6-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 64
[  693.067576][ T5935] usb 6-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  693.079707][ T5935] usb 6-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  693.126968][ T5935] usb 6-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  693.154714][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.204962][ T9687] Bluetooth: hci4: command 0x0406 tx timeout
[  693.240667][ T5935] usb 6-1: Product: syz
[  693.259962][ T5935] usb 6-1: Manufacturer: syz
[  693.287258][ T5935] usb 6-1: SerialNumber: syz
[  693.340544][ T5935] usb 6-1: config 0 descriptor??
[  693.363618][T11889] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  693.427024][ T5935] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 130 is not bulk.
[  693.477729][ T5935] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  693.657374][ T5935] usb 6-1: USB disconnect, device number 5
[  695.534958][T11907] loop5: detected capacity change from 0 to 40427
[  695.659931][T11907] F2FS-fs (loop5): Image doesn't support compression
[  695.697500][T11907] F2FS-fs (loop5): build fault injection rate: 684
[  695.732140][T11907] F2FS-fs (loop5): build fault injection type: 0x35f7
[  695.767209][T11907] F2FS-fs (loop5): invalid crc value
[  695.880207][T11907] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  695.900594][T11907] F2FS-fs (loop5): Start checkpoint disabled!
[  695.930914][T11907] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  695.947832][T11907] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  696.047845][   T35] kworker/u8:2: attempt to access beyond end of device
[  696.047845][   T35] loop5: rw=2049, sector=45096, nr_sectors = 32 limit=40427
[  696.070351][   T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  696.070386][   T35] Tainted: [L]=SOFTLOCKUP
[  696.070393][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  696.070406][   T35] Workqueue: writeback wb_workfn (flush-7:5)
[  696.070439][   T35] Call Trace:
[  696.070448][   T35]  <TASK>
[  696.070458][   T35]  dump_stack_lvl+0xe8/0x150
[  696.070490][   T35]  f2fs_handle_critical_error+0x37c/0x540
[  696.070526][   T35]  f2fs_write_end_io+0xcdb/0xff0
[  696.070560][   T35]  __submit_merged_bio+0x256/0x700
[  696.070595][   T35]  __submit_merged_write_cond+0x3c9/0x4e0
[  696.070633][   T35]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  696.070683][   T35]  f2fs_write_data_pages+0x2975/0x35e0
[  696.070743][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  696.070787][   T35]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  696.070845][   T35]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  696.070903][   T35]  ? __lock_acquire+0x6b5/0x2cf0
[  696.070945][   T35]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  696.070979][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  696.071002][   T35]  do_writepages+0x32e/0x550
[  696.071040][   T35]  ? reacquire_held_locks+0x104/0x190
[  696.071070][   T35]  ? writeback_sb_inodes+0x477/0x1a20
[  696.071105][   T35]  __writeback_single_inode+0x133/0x11a0
[  696.071136][   T35]  ? do_raw_spin_unlock+0xf5/0x210
[  696.071164][   T35]  writeback_sb_inodes+0x992/0x1a20
[  696.071223][   T35]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  696.071247][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.071309][   T35]  ? rcu_is_watching+0x15/0xb0
[  696.071351][   T35]  wb_writeback+0x456/0xb70
[  696.071382][   T35]  ? queue_io+0x1e1/0x4a0
[  696.071418][   T35]  ? __pfx_wb_writeback+0x10/0x10
[  696.071443][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.071483][   T35]  wb_workfn+0x414/0xf50
[  696.071518][   T35]  ? look_up_lock_class+0x57/0x110
[  696.071562][   T35]  ? __pfx_wb_workfn+0x10/0x10
[  696.071589][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.071615][   T35]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  696.071661][   T35]  ? process_one_work+0x87c/0x1650
[  696.071688][   T35]  process_one_work+0x949/0x1650
[  696.071740][   T35]  ? __pfx_process_one_work+0x10/0x10
[  696.071770][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.071811][   T35]  worker_thread+0xb46/0x1140
[  696.071851][   T35]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  696.071893][   T35]  kthread+0x388/0x470
[  696.071921][   T35]  ? __pfx_worker_thread+0x10/0x10
[  696.071947][   T35]  ? __pfx_kthread+0x10/0x10
[  696.071970][   T35]  ret_from_fork+0x51e/0xb90
[  696.072002][   T35]  ? __pfx_ret_from_fork+0x10/0x10
[  696.072029][   T35]  ? __switch_to+0xc7d/0x1450
[  696.072058][   T35]  ? __pfx_kthread+0x10/0x10
[  696.072082][   T35]  ret_from_fork_asm+0x1a/0x30
[  696.072121][   T35]  </TASK>
[  696.408833][   T35] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  696.418505][   T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  696.418537][   T35] Tainted: [L]=SOFTLOCKUP
[  696.418545][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  696.418558][   T35] Workqueue: writeback wb_workfn (flush-7:5)
[  696.418602][   T35] Call Trace:
[  696.418610][   T35]  <TASK>
[  696.418619][   T35]  dump_stack_lvl+0xe8/0x150
[  696.418653][   T35]  f2fs_handle_critical_error+0x37c/0x540
[  696.418691][   T35]  f2fs_write_end_io+0xcdb/0xff0
[  696.418734][   T35]  __submit_merged_bio+0x256/0x700
[  696.418762][   T35]  __submit_merged_write_cond+0x3c9/0x4e0
[  696.418792][   T35]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  696.418834][   T35]  f2fs_write_data_pages+0x2975/0x35e0
[  696.418879][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  696.418907][   T35]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  696.418953][   T35]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  696.418996][   T35]  ? __lock_acquire+0x6b5/0x2cf0
[  696.419028][   T35]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  696.419049][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  696.419065][   T35]  do_writepages+0x32e/0x550
[  696.419094][   T35]  ? reacquire_held_locks+0x104/0x190
[  696.419117][   T35]  ? writeback_sb_inodes+0x477/0x1a20
[  696.419143][   T35]  __writeback_single_inode+0x133/0x11a0
[  696.419166][   T35]  ? do_raw_spin_unlock+0xf5/0x210
[  696.419187][   T35]  writeback_sb_inodes+0x992/0x1a20
[  696.419232][   T35]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  696.419251][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.419301][   T35]  ? rcu_is_watching+0x15/0xb0
[  696.419332][   T35]  wb_writeback+0x456/0xb70
[  696.419355][   T35]  ? queue_io+0x1e1/0x4a0
[  696.419382][   T35]  ? __pfx_wb_writeback+0x10/0x10
[  696.419400][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.419430][   T35]  wb_workfn+0x414/0xf50
[  696.419450][   T35]  ? look_up_lock_class+0x57/0x110
[  696.419483][   T35]  ? __pfx_wb_workfn+0x10/0x10
[  696.419503][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.419522][   T35]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  696.419558][   T35]  ? process_one_work+0x87c/0x1650
[  696.419583][   T35]  process_one_work+0x949/0x1650
[  696.419623][   T35]  ? __pfx_process_one_work+0x10/0x10
[  696.419642][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.419673][   T35]  worker_thread+0xb46/0x1140
[  696.419703][   T35]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  696.419735][   T35]  kthread+0x388/0x470
[  696.419752][   T35]  ? __pfx_worker_thread+0x10/0x10
[  696.419772][   T35]  ? __pfx_kthread+0x10/0x10
[  696.419789][   T35]  ret_from_fork+0x51e/0xb90
[  696.419815][   T35]  ? __pfx_ret_from_fork+0x10/0x10
[  696.419834][   T35]  ? __switch_to+0xc7d/0x1450
[  696.419857][   T35]  ? __pfx_kthread+0x10/0x10
[  696.419874][   T35]  ret_from_fork_asm+0x1a/0x30
[  696.419903][   T35]  </TASK>
[  696.419910][   T35] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  696.714649][   T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  696.714679][   T35] Tainted: [L]=SOFTLOCKUP
[  696.714688][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  696.714700][   T35] Workqueue: writeback wb_workfn (flush-7:5)
[  696.714735][   T35] Call Trace:
[  696.714743][   T35]  <TASK>
[  696.714751][   T35]  dump_stack_lvl+0xe8/0x150
[  696.714785][   T35]  f2fs_handle_critical_error+0x37c/0x540
[  696.714826][   T35]  f2fs_write_end_io+0xcdb/0xff0
[  696.714871][   T35]  __submit_merged_bio+0x256/0x700
[  696.714911][   T35]  __submit_merged_write_cond+0x3c9/0x4e0
[  696.714952][   T35]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  696.715012][   T35]  f2fs_write_data_pages+0x2975/0x35e0
[  696.715080][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  696.715119][   T35]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  696.715186][   T35]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  696.715248][   T35]  ? __lock_acquire+0x6b5/0x2cf0
[  696.715291][   T35]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  696.715321][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  696.715344][   T35]  do_writepages+0x32e/0x550
[  696.715383][   T35]  ? reacquire_held_locks+0x104/0x190
[  696.715413][   T35]  ? writeback_sb_inodes+0x477/0x1a20
[  696.715449][   T35]  __writeback_single_inode+0x133/0x11a0
[  696.715480][   T35]  ? do_raw_spin_unlock+0xf5/0x210
[  696.715510][   T35]  writeback_sb_inodes+0x992/0x1a20
[  696.715580][   T35]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  696.715607][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.715676][   T35]  ? rcu_is_watching+0x15/0xb0
[  696.715720][   T35]  wb_writeback+0x456/0xb70
[  696.715753][   T35]  ? queue_io+0x1e1/0x4a0
[  696.715791][   T35]  ? __pfx_wb_writeback+0x10/0x10
[  696.715816][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.715860][   T35]  wb_workfn+0x414/0xf50
[  696.715880][   T35]  ? look_up_lock_class+0x57/0x110
[  696.715913][   T35]  ? __pfx_wb_workfn+0x10/0x10
[  696.715933][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.715952][   T35]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  696.715988][   T35]  ? process_one_work+0x87c/0x1650
[  696.716008][   T35]  process_one_work+0x949/0x1650
[  696.716047][   T35]  ? __pfx_process_one_work+0x10/0x10
[  696.716066][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  696.716097][   T35]  worker_thread+0xb46/0x1140
[  696.716127][   T35]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  696.716160][   T35]  kthread+0x388/0x470
[  696.716176][   T35]  ? __pfx_worker_thread+0x10/0x10
[  696.716196][   T35]  ? __pfx_kthread+0x10/0x10
[  696.716214][   T35]  ret_from_fork+0x51e/0xb90
[  696.716238][   T35]  ? __pfx_ret_from_fork+0x10/0x10
[  696.716258][   T35]  ? __switch_to+0xc7d/0x1450
[  696.716280][   T35]  ? __pfx_kthread+0x10/0x10
[  696.716298][   T35]  ret_from_fork_asm+0x1a/0x30
[  696.716327][   T35]  </TASK>
[  696.716333][   T35] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  697.006504][   T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  697.006544][   T35] Tainted: [L]=SOFTLOCKUP
[  697.006552][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  697.006566][   T35] Workqueue: writeback wb_workfn (flush-7:5)
[  697.006601][   T35] Call Trace:
[  697.006610][   T35]  <TASK>
[  697.006619][   T35]  dump_stack_lvl+0xe8/0x150
[  697.006654][   T35]  f2fs_handle_critical_error+0x37c/0x540
[  697.006692][   T35]  f2fs_write_end_io+0xcdb/0xff0
[  697.006733][   T35]  __submit_merged_bio+0x256/0x700
[  697.006771][   T35]  __submit_merged_write_cond+0x3c9/0x4e0
[  697.006809][   T35]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  697.006862][   T35]  f2fs_write_data_pages+0x2975/0x35e0
[  697.006922][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  697.006957][   T35]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  697.007017][   T35]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  697.007070][   T35]  ? __lock_acquire+0x6b5/0x2cf0
[  697.007110][   T35]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  697.007139][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  697.007159][   T35]  do_writepages+0x32e/0x550
[  697.007190][   T35]  ? reacquire_held_locks+0x104/0x190
[  697.007215][   T35]  ? writeback_sb_inodes+0x477/0x1a20
[  697.007243][   T35]  __writeback_single_inode+0x133/0x11a0
[  697.007267][   T35]  ? do_raw_spin_unlock+0xf5/0x210
[  697.007290][   T35]  writeback_sb_inodes+0x992/0x1a20
[  697.007336][   T35]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  697.007357][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  697.007406][   T35]  ? rcu_is_watching+0x15/0xb0
[  697.007439][   T35]  wb_writeback+0x456/0xb70
[  697.007464][   T35]  ? queue_io+0x1e1/0x4a0
[  697.007493][   T35]  ? __pfx_wb_writeback+0x10/0x10
[  697.007513][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  697.007552][   T35]  wb_workfn+0x414/0xf50
[  697.007573][   T35]  ? look_up_lock_class+0x57/0x110
[  697.007608][   T35]  ? __pfx_wb_workfn+0x10/0x10
[  697.007629][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  697.007650][   T35]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  697.007691][   T35]  ? process_one_work+0x87c/0x1650
[  697.007713][   T35]  process_one_work+0x949/0x1650
[  697.007754][   T35]  ? __pfx_process_one_work+0x10/0x10
[  697.007776][   T35]  ? do_raw_spin_lock+0x12b/0x2f0
[  697.007809][   T35]  worker_thread+0xb46/0x1140
[  697.007840][   T35]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  697.007874][   T35]  kthread+0x388/0x470
[  697.007892][   T35]  ? __pfx_worker_thread+0x10/0x10
[  697.007915][   T35]  ? __pfx_kthread+0x10/0x10
[  697.007933][   T35]  ret_from_fork+0x51e/0xb90
[  697.007960][   T35]  ? __pfx_ret_from_fork+0x10/0x10
[  697.007982][   T35]  ? __switch_to+0xc7d/0x1450
[  697.008006][   T35]  ? __pfx_kthread+0x10/0x10
[  697.008025][   T35]  ret_from_fork_asm+0x1a/0x30
[  697.008055][   T35]  </TASK>
[  697.010339][   T35] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  698.734269][ T9687] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  698.786359][ T9687] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  698.801891][ T9687] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  698.819577][ T9687] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  698.829628][ T9687] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  699.488729][T11948] syzkaller0: entered promiscuous mode
[  699.506347][T11948] syzkaller0: entered allmulticast mode
[  699.752146][T10136] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  699.942016][T10136] usb 8-1: Using ep0 maxpacket: 16
[  699.953110][T10136] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  699.972068][T10136] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  700.002084][T10136] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  700.033627][T10136] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  700.062051][T10136] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.136640][T10136] usb 8-1: config 0 descriptor??
[  700.286455][ T6962] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.650277][T10136] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  701.041582][T10136] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  701.048677][ T9687] Bluetooth: hci5: command tx timeout
[  701.101677][T10136] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  701.170023][T10136] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  701.202068][T10136] shield 0003:0955:7214.000C: unknown main item tag 0x0
[  701.216060][ T6962] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.451172][T10136] input: HID 0955:7214 Haptics as /devices/virtual/input/input25
[  702.520968][T10136] shield 0003:0955:7214.000C: Registered Thunderstrike controller
[  703.123430][ T5845] Bluetooth: hci5: command tx timeout
[  703.210182][ T6962] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.218525][T10136] shield 0003:0955:7214.000C: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.7-1/input0
[  703.434735][ T5935] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  703.446513][ T5845] Bluetooth: hci3: command 0x0406 tx timeout
[  703.463982][T10136] usb 8-1: USB disconnect, device number 8
[  703.507686][ T5935] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  703.615311][ T5935] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  703.671646][ T5935] shield 0003:0955:7214.000C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  703.789972][ T6962] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  704.793756][T11927] chnl_net:caif_netlink_parms(): no params data found
[  705.666794][ T9687] Bluetooth: hci5: command tx timeout
[  706.941653][ T6962] bridge_slave_1: left allmulticast mode
[  706.961860][ T6962] bridge_slave_1: left promiscuous mode
[  706.982379][ T6962] bridge0: port 2(bridge_slave_1) entered disabled state
[  706.994357][ T6962] bridge_slave_0: left allmulticast mode
[  707.000150][ T6962] bridge_slave_0: left promiscuous mode
[  707.007848][ T6962] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.399566][T12058] loop1: detected capacity change from 0 to 128
[  707.704761][ T5845] Bluetooth: hci5: command tx timeout
[  708.112347][T12058] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  708.173235][T12058] FAT-fs (loop1): error, invalid FAT chain (i_pos 548, last_block 8)
[  708.181347][T12058] FAT-fs (loop1): Filesystem has been set read-only
[  708.210000][T12058] FAT-fs (loop1): error, corrupted file size (i_pos 548, 522)
[  708.566023][ T5845] Bluetooth: hci2: command 0x0406 tx timeout
[  708.805489][ T6962] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  708.819164][ T6962] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  708.830945][ T6962] bond0 (unregistering): Released all slaves
[  708.887075][ T6962] : left promiscuous mode
[  708.944538][T11927] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.989689][T11927] bridge0: port 1(bridge_slave_0) entered disabled state
[  709.007360][T11927] bridge_slave_0: entered allmulticast mode
[  709.040908][T11927] bridge_slave_0: entered promiscuous mode
[  709.051246][T11927] bridge0: port 2(bridge_slave_1) entered blocking state
[  709.059208][T11927] bridge0: port 2(bridge_slave_1) entered disabled state
[  709.066910][T11927] bridge_slave_1: entered allmulticast mode
[  709.167206][T11927] bridge_slave_1: entered promiscuous mode
[  709.458844][ T6962] tipc: Left network mode
[  709.745405][T12078] loop1: detected capacity change from 0 to 32768
[  710.913988][T11927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  711.088849][T11927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  711.146098][T12099] loop7: detected capacity change from 0 to 128
[  711.221335][T12099] FAT-fs (loop7): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  712.379432][T11927] team0: Port device team_slave_0 added
[  712.427543][T11927] team0: Port device team_slave_1 added
[  712.594024][ T6962] hsr_slave_0: left promiscuous mode
[  712.607301][ T6962] hsr_slave_1: left promiscuous mode
[  712.616357][ T6962] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  712.635034][ T6962] batman_adv: batadv0: Removing interface: batadv_slave_0
[  712.648572][ T6962] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  712.660485][ T6962] batman_adv: batadv0: Removing interface: batadv_slave_1
[  712.684703][ T6962] veth1_macvtap: left promiscuous mode
[  712.691832][ T6962] veth0_macvtap: left promiscuous mode
[  712.720837][ T6962] veth1_vlan: left promiscuous mode
[  712.763880][ T6962] veth0_vlan: left promiscuous mode
[  713.660361][ T6962] team0 (unregistering): Port device team_slave_1 removed
[  713.721028][ T6962] team0 (unregistering): Port device team_slave_0 removed
[  713.943094][T11927] batman_adv: batadv0: Adding interface: batadv_slave_0
[  713.950312][T11927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  713.997656][T11927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  714.012261][T11927] batman_adv: batadv0: Adding interface: batadv_slave_1
[  714.019495][T11927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  714.050293][T11927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  714.214498][T12156] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size.
[  714.285727][T11927] hsr_slave_0: entered promiscuous mode
[  714.413452][T11927] hsr_slave_1: entered promiscuous mode
[  714.528749][T11927] debugfs: 'hsr0' already exists in 'hsr'
[  714.601803][T11927] Cannot create hsr debugfs directory
[  715.400460][T12164] loop5: detected capacity change from 0 to 32768
[  717.716685][ T6962] IPVS: stop unused estimator thread 0...
[  718.918732][T12204] binder: BINDER_SET_CONTEXT_MGR already set
[  718.951240][T12204] binder: 12203:12204 ioctl 4018620d 200000000040 returned -16
[  719.660470][T12208] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  719.828491][T11927] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  720.092994][T11927] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  720.715020][T11927] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  720.831301][T11927] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  721.203549][T12245] loop3: detected capacity change from 0 to 4096
[  721.816206][T12247] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  721.865222][T12244] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  722.250710][T11927] 8021q: adding VLAN 0 to HW filter on device bond0
[  722.366417][T11927] 8021q: adding VLAN 0 to HW filter on device team0
[  722.401471][ T1015] bridge0: port 1(bridge_slave_0) entered blocking state
[  722.408788][ T1015] bridge0: port 1(bridge_slave_0) entered forwarding state
[  722.496933][  T174] bridge0: port 2(bridge_slave_1) entered blocking state
[  722.504135][  T174] bridge0: port 2(bridge_slave_1) entered forwarding state
[  724.475574][T12274] loop7: detected capacity change from 0 to 40427
[  724.527707][T12274] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  724.535582][T12274] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  724.571365][T12274] F2FS-fs (loop7): invalid crc value
[  724.626602][T12274] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  724.645260][T11927] 8021q: adding VLAN 0 to HW filter on device batadv0
[  724.655233][T12274] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  724.662400][T12274] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  726.912394][T12306] loop1: detected capacity change from 0 to 1024
[  727.034169][T12306] hfsplus: b-tree write err: -5, ino 2
[  727.108741][ T6962] hfsplus: b-tree write err: -5, ino 25
[  727.129438][ T6962] hfsplus: b-tree write err: -5, ino 4
[  727.142797][ T6962] hfsplus: b-tree write err: -5, ino 2
[  727.149497][ T6962] hfsplus: b-tree write err: -5, ino 26
[  727.217263][T11927] veth0_vlan: entered promiscuous mode
[  727.267249][T11927] veth1_vlan: entered promiscuous mode
[  727.282444][ T5990] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  728.134450][ T5990] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  728.142560][ T5990] usb 4-1: config 0 has no interface number 0
[  728.179536][T12319] : entered promiscuous mode
[  728.295261][ T5990] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  728.320746][ T5990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.332636][ T5990] usb 4-1: Product: syz
[  728.336861][ T5990] usb 4-1: Manufacturer: syz
[  728.341586][ T5990] usb 4-1: SerialNumber: syz
[  728.356336][T11927] veth0_macvtap: entered promiscuous mode
[  728.383057][ T5990] usb 4-1: config 0 descriptor??
[  728.407202][T11927] veth1_macvtap: entered promiscuous mode
[  728.656423][ T5990] dvb_usb_ec168 4-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[  729.346526][ T5990] usb 4-1: USB disconnect, device number 12
[  729.371116][T11927] batman_adv: batadv0: Interface activated: batadv_slave_0
[  729.454223][T11927] batman_adv: batadv0: Interface activated: batadv_slave_1
[  729.503113][ T1015] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  729.526988][ T1015] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  729.536010][ T1015] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  729.722128][ T1015] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  731.089845][T12342] loop3: detected capacity change from 0 to 40427
[  731.107147][T12342] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  731.114989][T12342] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  731.128752][T12342] F2FS-fs (loop3): invalid crc value
[  731.206384][T12342] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  731.219510][T12342] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  731.226766][T12342] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  731.449124][ T6962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  731.525808][ T6962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  731.961517][ T1015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  732.000620][T12363] No control pipe specified
[  732.002061][ T1015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  732.487480][T12372] No such timeout policy "syz1"
[  733.304148][T12384] : entered promiscuous mode
[  734.398765][T12399] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  735.450832][T12410] autofs: Bad value for 'fd'
[  735.451192][T12406] loop5: detected capacity change from 0 to 40427
[  735.469836][T12406] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  735.478023][T12406] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  735.491210][T12406] F2FS-fs (loop5): invalid crc value
[  735.606062][T12406] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  735.642274][T12406] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  735.650947][T12406] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  737.402064][ T5896] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  737.598069][ T5896] usb 4-1: unable to get BOS descriptor or descriptor too short
[  737.618084][ T5896] usb 4-1: not running at top speed; connect to a high speed hub
[  737.653149][ T5896] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  737.701526][ T5896] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  737.721624][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.740385][ T5896] usb 4-1: Product: syz
[  737.745441][ T5896] usb 4-1: Manufacturer: syz
[  737.750089][ T5896] usb 4-1: SerialNumber: syz
[  738.103390][T12452] No such timeout policy "syz1"
[  738.501094][T12460] kvm: pic: single mode not supported
[  738.501284][T12460] kvm: pic: level sensitive irq not supported
[  738.641089][T12465] : entered promiscuous mode
[  738.934140][T12460] kvm: pic: level sensitive irq not supported
[  738.954190][T12460] kvm: pic: single mode not supported
[  739.105157][T12460] kvm: pic: single mode not supported
[  739.110659][T12460] kvm: pic: level sensitive irq not supported
[  739.130095][T12445] loop1: detected capacity change from 0 to 32768
[  739.144492][T12460] kvm: pic: single mode not supported
[  739.144651][T12460] kvm: pic: level sensitive irq not supported
[  739.221101][ T5896] usb 4-1: reset full-speed USB device number 13 using dummy_hcd
[  741.345856][ T5896] usb 4-1: device descriptor read/all, error -71
[  742.422084][ T5946] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  742.578191][T12485] zonefs (nullb0) ERROR: Not a zoned block device
[  742.994225][T12488] loop3: detected capacity change from 0 to 40427
[  743.042854][ T5946] usb 6-1: Using ep0 maxpacket: 32
[  743.051146][ T5946] usb 6-1: config 0 has an invalid interface number: 191 but max is 0
[  743.062566][T12488] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  743.070350][T12488] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  743.083493][ T5946] usb 6-1: config 0 has no interface number 0
[  743.089943][T12488] F2FS-fs (loop3): invalid crc value
[  743.097152][ T5946] usb 6-1: config 0 interface 191 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 24
[  743.115132][ T5946] usb 6-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1
[  743.134865][ T5946] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.214549][T12488] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  743.244753][ T5896] usb 4-1: USB disconnect, device number 13
[  743.251486][ T5946] usb 6-1: Product: syz
[  743.272003][ T5946] usb 6-1: Manufacturer: syz
[  743.281459][ T5946] usb 6-1: SerialNumber: syz
[  743.292032][T12488] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  743.299159][T12488] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  744.302689][ T5946] usb 6-1: config 0 descriptor??
[  744.310405][T12475] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  744.463093][ T5946] usb 6-1: can't set config #0, error -71
[  744.471768][ T5946] usb 6-1: USB disconnect, device number 6
[  745.792149][ T5946] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  745.972161][ T5946] usb 8-1: Using ep0 maxpacket: 32
[  746.048617][ T5946] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  746.101004][ T5946] usb 8-1: config 0 has no interface number 0
[  746.155017][T12545] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  746.220960][ T5946] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  746.320581][ T5946] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.435531][ T5946] usb 8-1: Product: syz
[  746.517862][ T5946] usb 8-1: Manufacturer: syz
[  746.745890][ T5946] usb 8-1: SerialNumber: syz
[  746.892067][ T5946] usb 8-1: config 0 descriptor??
[  747.171199][T12555] random: crng reseeded on system resumption
[  747.453049][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  747.469995][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  747.612555][T12563] zonefs (nullb0) ERROR: Not a zoned block device
[  748.268607][T12568] loop5: detected capacity change from 0 to 40427
[  748.374817][T12568] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  748.382662][T12568] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  748.393936][T12568] F2FS-fs (loop5): invalid crc value
[  748.875173][T12568] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  749.098413][T12568] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  749.105629][T12568] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  749.186647][T12574] loop8: detected capacity change from 0 to 65536
[  749.280357][T12574] XFS (loop8): Mounting V5 Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  749.325190][ T5946] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  749.344937][ T5946] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  749.400735][ T5946] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  749.459807][ T5946] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -71
[  749.622535][T12574] XFS (loop8): Ending clean mount
[  750.638110][ T5946] usb 8-1: USB disconnect, device number 9
[  751.009821][T12601] loop3: detected capacity change from 0 to 1024
[  751.263708][T11927] XFS (loop8): Unmounting Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  751.592477][ T1015] hfsplus: b-tree write err: -5, ino 25
[  751.612265][ T1015] hfsplus: b-tree write err: -5, ino 4
[  751.617889][ T1015] hfsplus: b-tree write err: -5, ino 2
[  751.862480][T12613] capability: warning: `syz.7.1293' uses 32-bit capabilities (legacy support in use)
[  751.938477][T12619] program syz.7.1293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  753.240001][T12639] zonefs (nullb0) ERROR: Not a zoned block device
[  755.489282][T12654] loop3: detected capacity change from 0 to 40427
[  755.765323][T12654] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  755.773234][T12654] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  755.876587][ T9185] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  755.892272][T12654] F2FS-fs (loop3): invalid crc value
[  756.082711][ T9185] usb 6-1: Using ep0 maxpacket: 32
[  756.092886][T12654] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  756.142110][T12666] loop9: detected capacity change from 0 to 7
[  756.160505][T12666] buffer_io_error: 9 callbacks suppressed
[  756.161107][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.175966][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.185843][ T9185] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  756.186146][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.204469][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.212869][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.220861][T12654] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  756.229252][T12654] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  756.385476][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.394567][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.404795][T12666] ldm_validate_partition_table(): Disk read failed.
[  756.412003][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.420523][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.429076][T12666] Buffer I/O error on dev loop9, logical block 0, async page read
[  756.453485][T12666] Dev loop9: unable to read RDB block 0
[  756.478446][T12666]  loop9: unable to read partition table
[  756.486429][T12666] loop9: partition table beyond EOD, truncated
[  756.493124][T12666] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  756.493124][T12666] 
) failed (rc=-5)
[  756.640816][ T9185] usb 6-1: config 0 has no interface number 0
[  756.673965][ T9185] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  756.703648][ T9185] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.746877][ T9185] usb 6-1: Product: syz
[  756.769154][ T9185] usb 6-1: Manufacturer: syz
[  756.789242][ T9185] usb 6-1: SerialNumber: syz
[  756.889787][ T9185] usb 6-1: config 0 descriptor??
[  757.084535][T12666] ldm_validate_partition_table(): Disk read failed.
[  757.095125][T12666] Dev loop9: unable to read RDB block 0
[  757.101513][T12666]  loop9: unable to read partition table
[  757.109709][T12666] loop9: partition table beyond EOD, truncated
[  757.469200][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  757.504860][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  757.536530][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  757.552039][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  757.568026][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  757.743914][T12679] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1306'.
[  758.185649][T12687] zonefs (nullb0) ERROR: Not a zoned block device
[  759.455816][T12706] loop8: detected capacity change from 0 to 1024
[  759.477704][T12706] EXT4-fs: Ignoring removed i_version option
[  759.508671][T12706] EXT4-fs: inline encryption not supported
[  759.537439][T12706] EXT4-fs (loop8): Test dummy encryption mode enabled
[  759.627862][T12706] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  759.653829][ T9185] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  759.667990][ T9185] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  759.690361][ T9185] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  759.710942][ T9185] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  760.697656][T11927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  760.716611][ T9185] usb 6-1: USB disconnect, device number 7
[  760.805848][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  760.818067][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  760.842915][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  760.887821][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  760.905959][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  760.933674][T12724] ldm_validate_partition_table(): Disk read failed.
[  761.037336][T12724] Dev loop9: unable to read RDB block 0
[  761.541678][    C1] buffer_io_error: 57 callbacks suppressed
[  761.541701][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  761.558893][T12724] Buffer I/O error on dev loop9, logical block 1, async page read
[  763.142495][T12724] Buffer I/O error on dev loop9, logical block 1, async page read
[  763.550094][    C0] blk_print_req_error: 8 callbacks suppressed
[  763.550110][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  763.566955][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  763.575206][T12724]  loop9: unable to read partition table
[  763.581056][T12724] loop9: partition table beyond EOD, truncated
[  764.357657][T12762] zonefs (nullb0) ERROR: Not a zoned block device
[  764.711928][    C1] hrtimer: interrupt took 40179 ns
[  765.870180][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  765.903025][T12775] No such timeout policy "syz1"
[  766.283507][   T24] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  766.484522][   T24] usb 8-1: Using ep0 maxpacket: 32
[  766.502409][   T24] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[  766.555253][   T24] usb 8-1: config 0 has no interface number 0
[  766.664732][   T24] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  766.687573][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  767.567526][   T24] usb 8-1: Product: syz
[  767.572039][   T24] usb 8-1: Manufacturer: syz
[  767.576988][   T24] usb 8-1: SerialNumber: syz
[  767.587679][   T24] usb 8-1: config 0 descriptor??
[  767.804544][T12798] loop3: detected capacity change from 0 to 64
[  767.961497][T12798] gfs2: path_lookup on c::;ø�N€�…L‰´¶;o$: returned error -2
[  768.570031][T12803] loop1: detected capacity change from 0 to 32768
[  769.659870][   T24] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  769.811277][   T24] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  769.830827][   T24] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  769.855693][   T24] smsc95xx 8-1:0.67: probe with driver smsc95xx failed with error -71
[  770.068413][   T24] usb 8-1: USB disconnect, device number 10
[  773.257939][T12858] loop1: detected capacity change from 0 to 64
[  774.298429][T12857] gfs2: path_lookup on c::;ø�N€�…L‰´¶;o$: returned error -2
[  774.663109][T12871] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1347'.
[  775.287651][T12872] netlink: 56 bytes leftover after parsing attributes in process `syz.8.1349'.
[  775.544615][T12876] loop1: detected capacity change from 0 to 512
[  775.577992][T12876] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  775.732076][ T5896] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  775.845389][T12890] loop7: detected capacity change from 0 to 64
[  775.872494][T12876] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  775.912071][ T5896] usb 6-1: Using ep0 maxpacket: 32
[  775.928942][ T5896] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  775.953128][T12890] hfs: get root inode failed
[  775.981102][ T5896] usb 6-1: config 0 has no interface number 0
[  776.021358][ T5896] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  776.050949][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  776.071167][ T5896] usb 6-1: Product: syz
[  776.088165][ T5896] usb 6-1: Manufacturer: syz
[  776.108626][T12876] EXT4-fs error (device loop1): ext4_map_blocks:776: inode #2: block 18: comm syz.1.1350: lblock 23 mapped to illegal pblock 18 (length 1)
[  776.115887][ T5896] usb 6-1: SerialNumber: syz
[  776.214652][T12897] EXT4-fs error (device loop1): ext4_map_blocks:776: inode #2: block 18: comm syz.1.1350: lblock 23 mapped to illegal pblock 18 (length 1)
[  776.240800][ T5896] usb 6-1: config 0 descriptor??
[  776.541743][T10424] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  777.444774][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71
[  777.464093][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  777.482382][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  777.512973][ T5896] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  777.561813][ T5896] usb 6-1: USB disconnect, device number 8
[  778.246455][T12928] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1361'.
[  778.785745][T12930] loop1: detected capacity change from 0 to 4096
[  778.846595][T12939] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  781.200187][T12960] loop1: detected capacity change from 0 to 512
[  781.614105][T12960] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  781.730841][T12960] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  782.006177][T12960] EXT4-fs error (device loop1): ext4_map_blocks:776: inode #2: block 18: comm syz.1.1367: lblock 23 mapped to illegal pblock 18 (length 1)
[  782.147670][T12960] EXT4-fs error (device loop1): ext4_map_blocks:776: inode #2: block 18: comm syz.1.1367: lblock 23 mapped to illegal pblock 18 (length 1)
[  782.431837][T10424] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  783.137647][   T24] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  783.425702][ T9185] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  783.709820][   T24] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  783.744398][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.762586][   T24] usb 9-1: Product: syz
[  783.772014][ T9185] usb 2-1: Using ep0 maxpacket: 32
[  783.778939][   T24] usb 9-1: Manufacturer: syz
[  783.785928][ T9185] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  783.800059][   T24] usb 9-1: SerialNumber: syz
[  783.821545][ T9185] usb 2-1: config 0 has no interface number 0
[  783.832869][   T24] usb 9-1: config 0 descriptor??
[  783.870153][ T9185] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  783.921941][ T9185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.930034][ T9185] usb 2-1: Product: syz
[  783.990500][ T9185] usb 2-1: Manufacturer: syz
[  784.006151][ T9185] usb 2-1: SerialNumber: syz
[  784.047929][ T9185] usb 2-1: config 0 descriptor??
[  784.097060][   T24] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  785.361340][T13031] loop3: detected capacity change from 0 to 64
[  786.004664][ T9185] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71
[  786.051155][ T9185] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  786.067438][ T9185] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  786.078935][ T9185] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  786.114344][ T9185] usb 2-1: USB disconnect, device number 15
[  786.305983][   T24] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  786.318719][   T24] usb 9-1: USB disconnect, device number 2
[  788.157588][T13052] binder: 13048:13052 ioctl c0306201 0 returned -14
[  795.759171][ T5896] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  796.803666][ T5896] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  797.532285][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.658542][ T5896] usb 6-1: Product: syz
[  797.670629][ T5896] usb 6-1: Manufacturer: syz
[  797.675950][ T5896] usb 6-1: SerialNumber: syz
[  797.682830][T13142] loop7: detected capacity change from 0 to 1024
[  797.685327][ T5896] usb 6-1: config 0 descriptor??
[  797.722560][T13142] EXT4-fs: Ignoring removed i_version option
[  797.732561][   T24] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  797.761575][T13142] EXT4-fs: inline encryption not supported
[  797.781531][T13142] EXT4-fs (loop7): Test dummy encryption mode enabled
[  797.830350][T13142] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  797.923412][ T5896] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  798.133818][   T24] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  798.142530][   T24] usb 4-1: config 0 has no interface number 0
[  798.148707][   T24] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  798.179063][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.735631][   T24] usb 4-1: config 0 descriptor??
[  798.786513][T10666] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  798.813754][   T24] usb 4-1: selecting invalid altsetting 1
[  798.868111][   T24] dvb_ttusb_budget: ttusb_init_controller: error
[  798.896948][   T24] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  799.433177][   T24] DVB: Unable to find symbol cx22700_attach()
[  799.452627][ T5896] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  799.532145][ T5896] usb 6-1: USB disconnect, device number 9
[  799.702820][   T24] DVB: Unable to find symbol tda10046_attach()
[  799.713938][   T24] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  799.792374][   T24] usb 4-1: USB disconnect, device number 14
[  801.142193][T13183] No such timeout policy "syz1"
[  802.241996][ T5896] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  802.429538][ T5896] usb 6-1: Using ep0 maxpacket: 32
[  802.463319][ T5896] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  802.481845][ T5896] usb 6-1: config 0 has no interface number 0
[  802.538664][ T5896] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  802.571933][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.579996][ T5896] usb 6-1: Product: syz
[  802.674929][ T5896] usb 6-1: Manufacturer: syz
[  802.679695][ T5896] usb 6-1: SerialNumber: syz
[  802.730877][ T5896] usb 6-1: config 0 descriptor??
[  803.064010][T13221] loop8: detected capacity change from 0 to 40427
[  803.120972][T13221] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[  803.129207][T13221] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  803.243454][T13221] F2FS-fs (loop8): invalid crc value
[  803.408552][T13221] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  803.425069][T13221] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  803.432387][T13221] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  803.524516][T13204] loop1: detected capacity change from 0 to 32768
[  803.544312][T13204] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1421 (13204)
[  804.666134][T13204] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  804.729342][T13204] BTRFS info (device loop1): using crc32c checksum algorithm
[  804.754852][T13204] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  805.029256][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  805.089127][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  805.534560][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  805.550747][T13204] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  805.562301][ T5896] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  805.574507][T13204] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  805.610012][ T5896] usb 6-1: USB disconnect, device number 10
[  805.739228][T13204] BTRFS error (device loop1): open_ctree failed: -12
[  806.462164][ T5907] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  806.644599][ T5907] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  806.676861][ T5907] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  806.733558][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  806.760365][ T5907] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0
[  806.788734][ T5907] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  806.833628][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  807.049479][ T5907] usb 4-1: Product: syz
[  807.055115][ T5907] usb 4-1: Manufacturer: syz
[  807.060095][ T5907] usb 4-1: SerialNumber: syz
[  807.095455][ T5907] usb 4-1: config 0 descriptor??
[  807.142358][T13272] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  807.157685][ T5907] usb 4-1: ucan: probing device on interface #0
[  807.429218][ T5907] usb 4-1: ucan: invalid in_ep MaxPacketSize
[  807.445473][ T5907] usb 4-1: ucan: probe failed; try to update the device firmware
[  809.159006][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  809.165583][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  809.277371][ T5946] usb 4-1: USB disconnect, device number 15
[  809.860600][T13320] No such timeout policy "syz1"
[  810.367863][T13327] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1446'.
[  812.094142][T13343] atomic_op ffff88804eaea998 conn xmit_atomic 0000000000000000
[  814.522038][ T5896] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  814.683818][ T5896] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  814.720385][ T5896] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  814.820663][ T5896] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  814.986360][ T5896] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  815.034471][T13376] Buffer I/O error on dev loop9, logical block 1, async page read
[  815.063662][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  815.255863][ T5896] usb 6-1: Product: syz
[  815.260169][ T5896] usb 6-1: Manufacturer: syz
[  815.266362][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.277052][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  815.310066][T13376] Buffer I/O error on dev loop9, logical block 1, async page read
[  815.317929][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.317971][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  815.345586][ T5896] usb 6-1: SerialNumber: syz
[  815.357884][ T5896] usb 6-1: config 0 descriptor??
[  815.388973][T13357] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  815.405123][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.415842][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  815.432715][T13376] Buffer I/O error on dev loop9, logical block 1, async page read
[  815.445184][T13357] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  815.465557][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.476312][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  815.484398][T13376] Buffer I/O error on dev loop9, logical block 1, async page read
[  815.505084][ T5896] usb 6-1: ucan: probing device on interface #0
[  815.523980][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.534785][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  815.551243][T13376] Buffer I/O error on dev loop9, logical block 1, async page read
[  815.559682][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.571400][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.583027][T13376] ldm_validate_partition_table(): Disk read failed.
[  815.597595][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.642383][    C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.656224][    C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  815.672407][T13376] Dev loop9: unable to read RDB block 0
[  815.696775][T13376]  loop9: unable to read partition table
[  815.727880][ T5896] usb 6-1: ucan: could not read protocol version, ret=-32
[  815.738298][T13376] loop9: partition table beyond EOD, truncated
[  815.752258][ T5896] usb 6-1: ucan: probe failed; try to update the device firmware
[  817.008303][ T5896] usb 6-1: USB disconnect, device number 11
[  817.584546][T13411] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1466'.
[  818.402392][ T5907] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  818.786605][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  818.838443][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  818.934849][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  818.970691][ T5907] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  819.013108][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  819.085714][ T5907] usb 6-1: config 0 descriptor??
[  819.158585][T13409] loop3: detected capacity change from 0 to 32768
[  819.169920][T13409] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1465 (13409)
[  819.211539][T13409] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  819.222168][T13409] BTRFS info (device loop3): using crc32c checksum algorithm
[  819.229614][T13409] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  819.382368][  T804] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  819.449045][T13409] BTRFS info (device loop3): rebuilding free space tree
[  819.505043][T13409] BTRFS info (device loop3): disabling free space tree
[  819.514259][T13409] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  819.526957][T13409] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  819.547658][T13447] No such timeout policy "syz1"
[  819.554547][ T5907] usbhid 6-1:0.0: can't add hid device: -32
[  819.565241][ T5907] usbhid 6-1:0.0: probe with driver usbhid failed with error -32
[  819.574181][T13409] BTRFS info (device loop3): enabling ssd optimizations
[  819.581186][T13409] BTRFS info (device loop3): turning on async discard
[  819.593306][ T5907] usb 6-1: USB disconnect, device number 12
[  819.600737][T13409] BTRFS info (device loop3): enabling disk space caching
[  819.608618][  T804] usb 2-1: config 0 has no interfaces?
[  819.618573][T13409] BTRFS info (device loop3): force clearing of disk cache
[  819.628113][T13409] BTRFS info (device loop3): use zstd compression, level 3
[  819.646314][  T804] usb 2-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  819.713585][  T804] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  819.778589][  T804] usb 2-1: config 0 descriptor??
[  820.194271][  T804] usb 2-1: USB disconnect, device number 16
[  821.211826][ T5845] Bluetooth: hci5: command 0x0406 tx timeout
[  821.713840][T10326] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  821.809582][   T29] audit: type=1326 audit(1771576132.544:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  821.952767][   T29] audit: type=1326 audit(1771576132.544:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  822.129981][   T29] audit: type=1326 audit(1771576132.544:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  822.272734][   T29] audit: type=1326 audit(1771576132.544:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  822.422133][   T29] audit: type=1326 audit(1771576132.544:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  822.444958][   T29] audit: type=1326 audit(1771576132.544:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  822.445908][ T5907] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  822.467618][   T29] audit: type=1326 audit(1771576132.544:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  822.516420][T13483] loop8: detected capacity change from 0 to 64
[  822.563554][T13483] hfs: unable to locate alternate MDB
[  822.570729][T13483] hfs: continuing without an alternate MDB
[  823.400575][   T29] audit: type=1326 audit(1771576132.544:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  823.412249][ T5907] usb 2-1: Using ep0 maxpacket: 32
[  823.552206][ T5907] usb 2-1: no configurations
[  823.556851][ T5907] usb 2-1: can't read configurations, error -22
[  823.597225][   T29] audit: type=1326 audit(1771576132.544:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  823.881545][   T29] audit: type=1326 audit(1771576132.544:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13467 comm="syz.1.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c5d9c629 code=0x7ffc0000
[  823.902739][ T9185] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  824.590680][ T5907] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  824.684237][ T9185] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  824.695275][ T9185] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  824.707394][ T9185] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  824.727771][ T9185] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  824.738478][ T9185] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  824.784668][ T9185] usb 4-1: Product: syz
[  824.799051][ T9185] usb 4-1: Manufacturer: syz
[  824.822975][ T9185] usb 4-1: SerialNumber: syz
[  824.873167][ T9185] usb 4-1: config 0 descriptor??
[  824.950919][T13492] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  825.002380][T13492] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  825.041546][ T9185] usb 4-1: ucan: probing device on interface #0
[  825.232062][ T9185] usb 4-1: ucan: could not read protocol version, ret=-32
[  825.262038][ T9185] usb 4-1: ucan: probe failed; try to update the device firmware
[  825.310515][ T5990] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  825.556724][ T5990] usb 9-1: config index 0 descriptor too short (expected 45, got 36)
[  825.590535][ T5990] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  825.667878][ T5990] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  825.738600][ T5990] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  825.806157][ T5990] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  826.109173][ T5990] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  826.181774][ T5990] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.466240][ T5990] usb 9-1: config 0 descriptor??
[  826.584335][T13505] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  827.192206][ T5946] usb 4-1: USB disconnect, device number 16
[  827.333706][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  827.341222][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  827.433066][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  827.489695][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  827.558298][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  827.618338][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  827.784824][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  827.928032][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  828.081507][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  828.191688][ T5990] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  828.297862][ T5990] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  828.415179][ T5990] usb 9-1: USB disconnect, device number 3
[  828.625827][T13544] loop8: detected capacity change from 0 to 64
[  828.768841][T13544] hfs: unable to locate alternate MDB
[  828.851618][T13544] hfs: continuing without an alternate MDB
[  829.565054][T13542] fido_id[13542]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  832.582905][T13577] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1498'.
[  834.147699][T13594] No control pipe specified
[  834.391817][T13601] loop1: detected capacity change from 0 to 64
[  834.425437][T13601] hfs: unable to locate alternate MDB
[  834.464000][T13601] hfs: continuing without an alternate MDB
[  836.650387][T13617] loop7: detected capacity change from 0 to 128
[  838.388639][T13633] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1513'.
[  838.808305][T13642] No such timeout policy "syz1"
[  841.482044][T13675] loop8: detected capacity change from 0 to 1024
[  841.513690][T13675] EXT4-fs: Ignoring removed i_version option
[  841.539353][T13675] EXT4-fs: inline encryption not supported
[  841.602257][T13675] EXT4-fs (loop8): Test dummy encryption mode enabled
[  841.674307][T13675] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  842.585642][T11927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  844.112077][ T9185] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  845.198217][ T9185] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  845.216267][ T9185] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  845.238596][ T9185] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  845.306436][ T9185] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  845.347842][ T9185] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.383815][ T9185] usb 6-1: config 0 descriptor??
[  845.655540][T13740] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1534'.
[  846.154598][ T9185] hid_parser_main: 3 callbacks suppressed
[  846.154619][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.303063][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.322029][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.329879][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.337429][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.347249][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.354713][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.362234][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.369680][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.377254][ T9185] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  846.415202][T13743] netlink: 'syz.7.1534': attribute type 4 has an invalid length.
[  846.467387][ T9185] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  846.521312][T13749] netlink: 'syz.7.1534': attribute type 4 has an invalid length.
[  846.540272][ T9185] usb 6-1: USB disconnect, device number 13
[  847.299895][T13740] xt_CT: You must specify a L4 protocol and not use inversions on it
[  847.334596][T13750] fido_id[13750]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  847.852107][ T9185] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  848.023756][ T9185] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  848.080500][ T9185] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  848.120024][ T9185] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  848.136456][ T9185] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  848.162147][ T9185] usb 6-1: Manufacturer: syz
[  848.171356][ T9185] usb 6-1: config 0 descriptor??
[  848.672449][ T9185] pyra 0003:1E7D:2CF6.000F: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[  850.070384][ T9185] pyra 0003:1E7D:2CF6.000F: couldn't init struct pyra_device
[  850.100753][ T9185] pyra 0003:1E7D:2CF6.000F: couldn't install mouse
[  850.148848][ T9185] pyra 0003:1E7D:2CF6.000F: probe with driver pyra failed with error -71
[  850.240497][ T9185] usb 6-1: USB disconnect, device number 14
[  850.749069][T13805] fido_id[13805]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  851.070965][T13810] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  852.297357][T13829] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  855.426322][T13852] loop8: detected capacity change from 0 to 32768
[  858.898728][T13891] tipc: Started in network mode
[  858.920739][T13891] tipc: Node identity 2e90df465215, cluster identity 4711
[  858.960368][T13891] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  859.003605][T13894] tipc: Disabling bearer <eth:syzkaller0>
[  859.101058][T13862] loop7: detected capacity change from 0 to 40427
[  859.146967][T13862] F2FS-fs (loop7): Image doesn't support compression
[  859.184456][T13862] F2FS-fs (loop7): build fault injection rate: 684
[  859.238813][T13862] F2FS-fs (loop7): build fault injection type: 0x35f7
[  859.383263][T13862] F2FS-fs (loop7): invalid crc value
[  860.611393][T13862] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  860.723664][T13862] F2FS-fs (loop7): Start checkpoint disabled!
[  860.747778][T13862] F2FS-fs (loop7): f2fs_disable_checkpoint() finish, err:0
[  861.043377][T13915] loop1: detected capacity change from 0 to 32768
[  862.619769][T13927] loop8: detected capacity change from 0 to 32768
[  862.951993][ T5896] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  863.184051][ T5896] usb 6-1: Using ep0 maxpacket: 32
[  863.261079][ T5896] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  863.590111][ T5896] usb 6-1: config 0 has no interface number 0
[  863.653626][ T5896] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  863.692275][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.743273][ T5896] usb 6-1: Product: syz
[  863.749203][ T5896] usb 6-1: Manufacturer: syz
[  863.829820][ T5896] usb 6-1: SerialNumber: syz
[  863.947481][ T5896] usb 6-1: config 0 descriptor??
[  864.025797][T13936] loop1: detected capacity change from 0 to 40427
[  864.042315][T13936] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  864.049360][T13936] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  864.063163][T13936] F2FS-fs (loop1): invalid crc value
[  864.191451][T13936] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  864.211457][T13936] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  864.220284][T13936] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  864.942499][ T5990] hid_parser_main: 12 callbacks suppressed
[  864.942527][ T5990] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  865.117993][ T5990] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  866.030073][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  866.065083][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  866.085434][ T5896] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  866.152181][ T5896] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  866.192566][ T5896] usb 6-1: USB disconnect, device number 15
[  866.458139][T13972] loop1: detected capacity change from 0 to 32768
[  867.739752][T13987] loop7: detected capacity change from 0 to 32768
[  868.982219][T13993] syz.5.1582 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  869.765929][T13999] loop7: detected capacity change from 0 to 32768
[  870.693315][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  870.699713][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  871.054400][T14011] netlink: 60 bytes leftover after parsing attributes in process `syz.8.1587'.
[  871.996952][T13993] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  874.509751][T14016] loop1: detected capacity change from 0 to 40427
[  874.574372][T14016] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  874.610360][T14016] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  874.673876][T14016] F2FS-fs (loop1): invalid crc value
[  874.989099][T14016] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  875.147788][T14035] loop5: detected capacity change from 0 to 40427
[  875.189834][T14035] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  875.229616][T14035] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  875.261646][T14035] F2FS-fs (loop5): invalid crc value
[  875.544752][T14035] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  875.604983][T14035] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  875.637587][T14035] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  876.021614][T14050] loop8: detected capacity change from 0 to 40427
[  876.236769][T14080] No such timeout policy "syz1"
[  876.819751][T14050] F2FS-fs (loop8): Image doesn't support compression
[  876.847090][T14050] F2FS-fs (loop8): build fault injection rate: 684
[  876.885047][T14050] F2FS-fs (loop8): build fault injection type: 0x35f7
[  876.915020][T14050] F2FS-fs (loop8): invalid crc value
[  877.263139][T14083] loop7: detected capacity change from 0 to 32768
[  877.577709][T14050] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  878.128969][T14050] F2FS-fs (loop8): Start checkpoint disabled!
[  878.154570][T14050] F2FS-fs (loop8): f2fs_disable_checkpoint() finish, err:0
[  878.221331][T14050] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  879.670900][T14104] loop1: detected capacity change from 0 to 32768
[  879.923043][T14109] capability: warning: `syz.5.1601' uses deprecated v2 capabilities in a way that may be insecure
[  881.405668][T14122] loop5: detected capacity change from 0 to 40427
[  881.439556][T14122] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  881.446678][T14122] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  881.456718][T14122] F2FS-fs (loop5): invalid crc value
[  881.903507][T14132] No such timeout policy "syz1"
[  882.174947][T14122] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  882.237456][T14122] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  882.244694][T14122] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  883.913226][T14158] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  884.345866][T14150] loop8: detected capacity change from 0 to 40427
[  884.400299][T14150] F2FS-fs (loop8): Image doesn't support compression
[  884.456101][T14150] F2FS-fs (loop8): build fault injection rate: 684
[  884.482062][T14150] F2FS-fs (loop8): build fault injection type: 0x35f7
[  884.527990][T14150] F2FS-fs (loop8): invalid crc value
[  884.915348][T14150] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  884.958051][T14150] F2FS-fs (loop8): Start checkpoint disabled!
[  884.979045][T14150] F2FS-fs (loop8): f2fs_disable_checkpoint() finish, err:0
[  885.104398][T14182] loop1: detected capacity change from 0 to 4096
[  885.128662][T14150] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  885.427884][T14184] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  885.452546][T14180] NILFS error (device loop1): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  885.484095][ T6852] kworker/u8:12: attempt to access beyond end of device
[  885.484095][ T6852] loop8: rw=2049, sector=45096, nr_sectors = 32 limit=40427
[  885.520418][ T6852] CPU: 1 UID: 0 PID: 6852 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  885.520452][ T6852] Tainted: [L]=SOFTLOCKUP
[  885.520460][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  885.520473][ T6852] Workqueue: writeback wb_workfn (flush-7:8)
[  885.520507][ T6852] Call Trace:
[  885.520515][ T6852]  <TASK>
[  885.520524][ T6852]  dump_stack_lvl+0xe8/0x150
[  885.520558][ T6852]  f2fs_handle_critical_error+0x37c/0x540
[  885.520598][ T6852]  f2fs_write_end_io+0xcdb/0xff0
[  885.520643][ T6852]  __submit_merged_bio+0x256/0x700
[  885.520683][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  885.520725][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  885.520784][ T6852]  f2fs_write_data_pages+0x2975/0x35e0
[  885.520848][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  885.520886][ T6852]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  885.520953][ T6852]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  885.521011][ T6852]  ? __lock_acquire+0x6b5/0x2cf0
[  885.521055][ T6852]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  885.521084][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  885.521107][ T6852]  do_writepages+0x32e/0x550
[  885.521146][ T6852]  ? reacquire_held_locks+0x104/0x190
[  885.521176][ T6852]  ? writeback_sb_inodes+0x477/0x1a20
[  885.521213][ T6852]  __writeback_single_inode+0x133/0x11a0
[  885.521242][ T6852]  ? do_raw_spin_unlock+0xf5/0x210
[  885.521270][ T6852]  writeback_sb_inodes+0x992/0x1a20
[  885.521329][ T6852]  ? __lock_acquire+0x6b5/0x2cf0
[  885.521364][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  885.521397][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  885.521471][ T6852]  ? rcu_is_watching+0x15/0xb0
[  885.521513][ T6852]  wb_writeback+0x456/0xb70
[  885.521547][ T6852]  ? queue_io+0x1e1/0x4a0
[  885.521586][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  885.521635][ T6852]  wb_workfn+0x414/0xf50
[  885.521662][ T6852]  ? look_up_lock_class+0x57/0x110
[  885.521707][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  885.521735][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  885.521760][ T6852]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  885.521810][ T6852]  ? process_one_work+0x87c/0x1650
[  885.521837][ T6852]  process_one_work+0x949/0x1650
[  885.521890][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  885.521915][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  885.521959][ T6852]  worker_thread+0xb46/0x1140
[  885.522001][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  885.522045][ T6852]  kthread+0x388/0x470
[  885.522068][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  885.522095][ T6852]  ? __pfx_kthread+0x10/0x10
[  885.522119][ T6852]  ret_from_fork+0x51e/0xb90
[  885.522152][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  885.522180][ T6852]  ? __switch_to+0xc7d/0x1450
[  885.522210][ T6852]  ? __pfx_kthread+0x10/0x10
[  885.522239][ T6852]  ret_from_fork_asm+0x1a/0x30
[  885.522269][ T6852]  </TASK>
[  886.005583][ T6852] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  886.013081][ T6852] CPU: 1 UID: 0 PID: 6852 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  886.013111][ T6852] Tainted: [L]=SOFTLOCKUP
[  886.013118][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  886.013130][ T6852] Workqueue: writeback wb_workfn (flush-7:8)
[  886.013163][ T6852] Call Trace:
[  886.013171][ T6852]  <TASK>
[  886.013180][ T6852]  dump_stack_lvl+0xe8/0x150
[  886.013215][ T6852]  f2fs_handle_critical_error+0x37c/0x540
[  886.013257][ T6852]  f2fs_write_end_io+0xcdb/0xff0
[  886.013304][ T6852]  __submit_merged_bio+0x256/0x700
[  886.013345][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  886.013387][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  886.013448][ T6852]  f2fs_write_data_pages+0x2975/0x35e0
[  886.013515][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  886.013555][ T6852]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  886.013620][ T6852]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  886.013679][ T6852]  ? __lock_acquire+0x6b5/0x2cf0
[  886.013722][ T6852]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  886.013750][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  886.013771][ T6852]  do_writepages+0x32e/0x550
[  886.013810][ T6852]  ? reacquire_held_locks+0x104/0x190
[  886.013841][ T6852]  ? writeback_sb_inodes+0x477/0x1a20
[  886.013880][ T6852]  __writeback_single_inode+0x133/0x11a0
[  886.013911][ T6852]  ? do_raw_spin_unlock+0xf5/0x210
[  886.013938][ T6852]  writeback_sb_inodes+0x992/0x1a20
[  886.013992][ T6852]  ? __lock_acquire+0x6b5/0x2cf0
[  886.014027][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  886.014062][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.014135][ T6852]  ? rcu_is_watching+0x15/0xb0
[  886.014178][ T6852]  wb_writeback+0x456/0xb70
[  886.014211][ T6852]  ? queue_io+0x1e1/0x4a0
[  886.014249][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  886.014298][ T6852]  wb_workfn+0x414/0xf50
[  886.014324][ T6852]  ? look_up_lock_class+0x57/0x110
[  886.014371][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  886.014398][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.014425][ T6852]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  886.014485][ T6852]  ? process_one_work+0x87c/0x1650
[  886.014513][ T6852]  process_one_work+0x949/0x1650
[  886.014570][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  886.014596][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.014640][ T6852]  worker_thread+0xb46/0x1140
[  886.014682][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  886.014725][ T6852]  kthread+0x388/0x470
[  886.014748][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  886.014775][ T6852]  ? __pfx_kthread+0x10/0x10
[  886.014799][ T6852]  ret_from_fork+0x51e/0xb90
[  886.014832][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  886.014860][ T6852]  ? __switch_to+0xc7d/0x1450
[  886.014891][ T6852]  ? __pfx_kthread+0x10/0x10
[  886.014916][ T6852]  ret_from_fork_asm+0x1a/0x30
[  886.014958][ T6852]  </TASK>
[  886.014967][ T6852] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  886.376489][ T6852] CPU: 1 UID: 0 PID: 6852 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  886.376523][ T6852] Tainted: [L]=SOFTLOCKUP
[  886.376531][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  886.376544][ T6852] Workqueue: writeback wb_workfn (flush-7:8)
[  886.376578][ T6852] Call Trace:
[  886.376587][ T6852]  <TASK>
[  886.376595][ T6852]  dump_stack_lvl+0xe8/0x150
[  886.376629][ T6852]  f2fs_handle_critical_error+0x37c/0x540
[  886.376666][ T6852]  f2fs_write_end_io+0xcdb/0xff0
[  886.376710][ T6852]  __submit_merged_bio+0x256/0x700
[  886.376747][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  886.376794][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  886.376853][ T6852]  f2fs_write_data_pages+0x2975/0x35e0
[  886.376918][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  886.376956][ T6852]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  886.377023][ T6852]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  886.377083][ T6852]  ? __lock_acquire+0x6b5/0x2cf0
[  886.377128][ T6852]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  886.377157][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  886.377182][ T6852]  do_writepages+0x32e/0x550
[  886.377221][ T6852]  ? reacquire_held_locks+0x104/0x190
[  886.377252][ T6852]  ? writeback_sb_inodes+0x477/0x1a20
[  886.377288][ T6852]  __writeback_single_inode+0x133/0x11a0
[  886.377320][ T6852]  ? do_raw_spin_unlock+0xf5/0x210
[  886.377357][ T6852]  writeback_sb_inodes+0x992/0x1a20
[  886.377411][ T6852]  ? __lock_acquire+0x6b5/0x2cf0
[  886.377448][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  886.377473][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.377547][ T6852]  ? rcu_is_watching+0x15/0xb0
[  886.377590][ T6852]  wb_writeback+0x456/0xb70
[  886.377622][ T6852]  ? queue_io+0x1e1/0x4a0
[  886.377660][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  886.377710][ T6852]  wb_workfn+0x414/0xf50
[  886.377737][ T6852]  ? look_up_lock_class+0x57/0x110
[  886.377782][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  886.377810][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.377835][ T6852]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  886.377886][ T6852]  ? process_one_work+0x87c/0x1650
[  886.377913][ T6852]  process_one_work+0x949/0x1650
[  886.377965][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  886.377990][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.378033][ T6852]  worker_thread+0xb46/0x1140
[  886.378073][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  886.378116][ T6852]  kthread+0x388/0x470
[  886.378140][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  886.378167][ T6852]  ? __pfx_kthread+0x10/0x10
[  886.378192][ T6852]  ret_from_fork+0x51e/0xb90
[  886.378226][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  886.378254][ T6852]  ? __switch_to+0xc7d/0x1450
[  886.378285][ T6852]  ? __pfx_kthread+0x10/0x10
[  886.378310][ T6852]  ret_from_fork_asm+0x1a/0x30
[  886.378359][ T6852]  </TASK>
[  886.379353][ T6852] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  886.700393][ T6852] CPU: 1 UID: 0 PID: 6852 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  886.700427][ T6852] Tainted: [L]=SOFTLOCKUP
[  886.700435][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  886.700448][ T6852] Workqueue: writeback wb_workfn (flush-7:8)
[  886.700484][ T6852] Call Trace:
[  886.700492][ T6852]  <TASK>
[  886.700501][ T6852]  dump_stack_lvl+0xe8/0x150
[  886.700535][ T6852]  f2fs_handle_critical_error+0x37c/0x540
[  886.700575][ T6852]  f2fs_write_end_io+0xcdb/0xff0
[  886.700619][ T6852]  __submit_merged_bio+0x256/0x700
[  886.700659][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  886.700700][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  886.700760][ T6852]  f2fs_write_data_pages+0x2975/0x35e0
[  886.700827][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  886.700865][ T6852]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  886.700933][ T6852]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  886.700994][ T6852]  ? __lock_acquire+0x6b5/0x2cf0
[  886.701039][ T6852]  ? lock_list_lru_of_memcg+0x2e/0x4c0
[  886.701069][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  886.701093][ T6852]  do_writepages+0x32e/0x550
[  886.701133][ T6852]  ? reacquire_held_locks+0x104/0x190
[  886.701163][ T6852]  ? writeback_sb_inodes+0x477/0x1a20
[  886.701200][ T6852]  __writeback_single_inode+0x133/0x11a0
[  886.701230][ T6852]  ? do_raw_spin_unlock+0xf5/0x210
[  886.701260][ T6852]  writeback_sb_inodes+0x992/0x1a20
[  886.701320][ T6852]  ? __lock_acquire+0x6b5/0x2cf0
[  886.701356][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  886.701382][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.701455][ T6852]  ? rcu_is_watching+0x15/0xb0
[  886.701497][ T6852]  wb_writeback+0x456/0xb70
[  886.701530][ T6852]  ? queue_io+0x1e1/0x4a0
[  886.701568][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  886.701618][ T6852]  wb_workfn+0x414/0xf50
[  886.701644][ T6852]  ? look_up_lock_class+0x57/0x110
[  886.701690][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  886.701719][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.701746][ T6852]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  886.701797][ T6852]  ? process_one_work+0x87c/0x1650
[  886.701824][ T6852]  process_one_work+0x949/0x1650
[  886.701881][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  886.701907][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  886.701949][ T6852]  worker_thread+0xb46/0x1140
[  886.701990][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  886.702031][ T6852]  kthread+0x388/0x470
[  886.702051][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  886.702077][ T6852]  ? __pfx_kthread+0x10/0x10
[  886.702101][ T6852]  ret_from_fork+0x51e/0xb90
[  886.702135][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  886.702163][ T6852]  ? __switch_to+0xc7d/0x1450
[  886.702194][ T6852]  ? __pfx_kthread+0x10/0x10
[  886.702219][ T6852]  ret_from_fork_asm+0x1a/0x30
[  886.702261][ T6852]  </TASK>
[  887.106817][ T6852] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  887.374882][T14193] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1621'.
[  887.889480][T14210] No such timeout policy "syz1"
[  888.673915][T14212] loop3: detected capacity change from 0 to 32768
[  889.854272][T14218] loop5: detected capacity change from 0 to 40427
[  889.879464][T14218] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  889.887390][T14218] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  889.907856][T14218] F2FS-fs (loop5): invalid crc value
[  889.977846][T14218] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  890.057177][T14218] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  890.065939][T14218] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  893.236025][T14255] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1627'.
[  893.579006][T14262] input: syz1 as /devices/virtual/input/input26
[  893.631074][T14255] block device autoloading is deprecated and will be removed.
[  893.772614][T14265] netlink: 'syz.5.1627': attribute type 4 has an invalid length.
[  893.899434][T14271] netlink: 'syz.5.1627': attribute type 4 has an invalid length.
[  894.209429][T14255] xt_CT: You must specify a L4 protocol and not use inversions on it
[  894.927261][T14284] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  895.592533][T14289] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1634'.
[  896.391097][T14298] No such timeout policy "syz1"
[  897.430498][T14301] loop8: detected capacity change from 0 to 32768
[  897.854476][T14310] loop1: detected capacity change from 0 to 40427
[  897.887273][T14310] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  897.894511][T14310] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  897.917578][T14310] F2FS-fs (loop1): invalid crc value
[  898.230284][T14310] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  898.283171][T14310] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  898.290507][T14310] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  901.402534][T14365] No such timeout policy "syz1"
[  901.618408][T14327] loop8: detected capacity change from 0 to 40427
[  901.679809][T14327] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  901.717983][T14327] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  901.794877][T14327] F2FS-fs (loop8): invalid crc value
[  901.856253][T14374] input: syz1 as /devices/virtual/input/input27
[  902.268525][T14327] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  903.605819][T14388] loop8: detected capacity change from 0 to 32768
[  903.692645][T14391] loop7: detected capacity change from 0 to 40427
[  903.728931][T14391] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  903.736017][T14391] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  903.747190][T14391] F2FS-fs (loop7): invalid crc value
[  903.814762][T14391] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  903.826524][T14391] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  903.833777][T14391] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  903.969791][T14383] binder: 14382:14383 ioctl c0306201 0 returned -14
[  906.348617][T14423] No such timeout policy "syz1"
[  907.309131][T14429] loop1: detected capacity change from 0 to 32768
[  908.925419][T14458] wg1: left allmulticast mode
[  909.236773][T14464] loop3: detected capacity change from 0 to 32768
[  910.712984][T10136] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  910.902169][T10136] usb 8-1: device descriptor read/64, error -71
[  911.192095][T10136] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  911.372021][T10136] usb 8-1: device descriptor read/64, error -71
[  911.514108][T10136] usb usb8-port1: attempt power cycle
[  911.848673][T14485] input: syz1 as /devices/virtual/input/input28
[  911.903290][T10136] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  911.974110][T10136] usb 8-1: device descriptor read/8, error -71
[  912.335487][T10136] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  912.404580][T10136] usb 8-1: device descriptor read/8, error -71
[  912.542648][T10136] usb usb8-port1: unable to enumerate USB device
[  913.373809][T14508] No such timeout policy "syz1"
[  914.278390][T14511] loop1: detected capacity change from 0 to 32768
[  915.666617][T14528] loop8: detected capacity change from 0 to 32768
[  916.985192][T14537] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1678'.
[  917.375393][T14542] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1679'.
[  918.062188][ T5907] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  918.762285][ T5907] usb 6-1: device descriptor read/64, error -71
[  919.043611][ T5907] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  919.192002][ T5907] usb 6-1: device descriptor read/64, error -71
[  919.293626][T14562] loop7: detected capacity change from 0 to 32768
[  919.313686][ T5907] usb usb6-port1: attempt power cycle
[  920.221940][ T5907] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  920.284527][ T5907] usb 6-1: device descriptor read/8, error -71
[  920.561960][ T5907] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  920.632677][ T5907] usb 6-1: device descriptor read/8, error -71
[  920.740833][T14577] loop8: detected capacity change from 0 to 32768
[  920.752736][ T5907] usb usb6-port1: unable to enumerate USB device
[  921.914332][T14592] netlink: 112 bytes leftover after parsing attributes in process `syz.7.1689'.
[  922.000624][T14597] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1691'.
[  924.372320][   T10] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  924.566280][   T10] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  924.589727][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  924.642436][   T10] usb 6-1: Product: syz
[  924.646956][   T10] usb 6-1: Manufacturer: syz
[  924.651718][   T10] usb 6-1: SerialNumber: syz
[  924.677637][   T10] usb 6-1: config 0 descriptor??
[  924.762026][ T5907] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  924.927656][ T5907] usb 9-1: Using ep0 maxpacket: 32
[  924.965131][ T5907] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  924.999233][ T5907] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  925.036121][ T5907] usb 9-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  925.088444][ T5907] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  925.123040][ T5907] usb 9-1: config 0 descriptor??
[  925.449154][T14656] loop7: detected capacity change from 0 to 32768
[  927.201122][ T5896] usb 6-1: USB disconnect, device number 20
[  927.297422][T14685] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1704'.
[  927.624683][T10136] usb 9-1: USB disconnect, device number 4
[  928.542118][T14698] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1705'.
[  931.786180][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  931.792781][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  932.444525][T14730] loop5: detected capacity change from 0 to 32768
[  933.172013][ T5907] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  933.523065][ T5907] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  933.561991][ T5907] usb 2-1: config 0 has no interface number 0
[  933.577062][ T5907] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  933.598747][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.635708][ T5907] usb 2-1: Product: syz
[  933.654168][ T5907] usb 2-1: Manufacturer: syz
[  933.658982][ T5907] usb 2-1: SerialNumber: syz
[  933.865532][ T5907] usb 2-1: config 0 descriptor??
[  934.005919][T14754] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1717'.
[  934.159795][ T5896] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  934.456060][ T5896] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  934.532217][ T5896] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  934.583311][ T5896] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  934.625602][ T5896] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  934.639046][ T5907] dvb_usb_ec168 2-1:0.1: probe with driver dvb_usb_ec168 failed with error -32
[  934.655290][ T5907] usb 2-1: USB disconnect, device number 19
[  934.699878][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  934.747045][ T5896] usb 4-1: Product: syz
[  934.774011][ T5896] usb 4-1: Manufacturer: syz
[  934.778774][ T5896] usb 4-1: SerialNumber: syz
[  934.863347][ T5896] usb 4-1: config 0 descriptor??
[  934.892945][T14751] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  934.951295][T14751] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  935.001768][ T5896] usb 4-1: ucan: probing device on interface #0
[  935.952280][ T5896] usb 4-1: ucan: device protocol version 0 is not supported
[  935.959670][ T5896] usb 4-1: ucan: probe failed; try to update the device firmware
[  936.361967][ T5896] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  936.544169][ T5896] usb 6-1: config 0 has no interfaces?
[  936.567538][ T5896] usb 6-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  936.630458][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.707896][ T5896] usb 6-1: config 0 descriptor??
[  936.954922][ T5896] usb 6-1: USB disconnect, device number 21
[  937.361553][ T5907] usb 4-1: USB disconnect, device number 17
[  937.692500][T14802] ptrace attach of "./syz-executor exec"[10587] was attempted by ""[14802]
[  938.093207][ T5907] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  938.301961][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  938.314244][ T5907] usb 6-1: config 0 has an invalid interface number: 4 but max is 0
[  938.332236][ T5907] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  938.370529][ T5907] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  938.391923][ T5907] usb 6-1: config 0 has no interface number 1
[  938.420687][ T5907] usb 6-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  938.465656][ T5907] usb 6-1: New USB device found, idVendor=046d, idProduct=08b0, bcdDevice=e5.27
[  938.524293][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  938.561961][ T5907] usb 6-1: Product: syz
[  938.580782][ T5907] usb 6-1: Manufacturer: syz
[  939.366244][ T5907] usb 6-1: SerialNumber: syz
[  939.405392][ T5907] usb 6-1: config 0 descriptor??
[  939.430024][ T5907] pwc: Logitech QuickCam Pro 3000 USB webcam detected.
[  939.627758][ T5907] pwc: Failed to set LED on/off time (-71)
[  939.874164][T14829] loop1: detected capacity change from 0 to 4096
[  940.107421][T14831] : entered promiscuous mode
[  940.317948][T14832] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  940.364879][T14828] NILFS error (device loop1): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  940.402615][ T5907] pwc: send_video_command error -71
[  940.415429][ T5907] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  940.528850][ T5907] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  940.540572][ T5907] usb 6-1: USB disconnect, device number 22
[  940.811987][  T804] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  941.001085][  T804] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  941.029874][  T804] usb 4-1: config 0 has no interface number 0
[  941.475942][  T804] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  941.519812][  T804] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  941.545889][  T804] usb 4-1: Product: syz
[  941.560552][  T804] usb 4-1: Manufacturer: syz
[  941.578823][  T804] usb 4-1: SerialNumber: syz
[  941.614710][  T804] usb 4-1: config 0 descriptor??
[  941.903597][  T804] dvb_usb_ec168 4-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[  941.932640][  T804] usb 4-1: USB disconnect, device number 18
[  946.497452][  T804] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  946.650984][T14931] No such timeout policy "syz1"
[  947.243867][  T804] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  947.254523][  T804] usb 2-1: config 0 has no interface number 0
[  947.283215][  T804] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  947.303249][  T804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  947.374140][  T804] usb 2-1: Product: syz
[  947.409229][  T804] usb 2-1: Manufacturer: syz
[  947.425303][  T804] usb 2-1: SerialNumber: syz
[  947.455525][  T804] usb 2-1: config 0 descriptor??
[  947.706810][  T804] dvb_usb_ec168 2-1:0.1: probe with driver dvb_usb_ec168 failed with error -32
[  947.768574][  T804] usb 2-1: USB disconnect, device number 20
[  948.628150][T14955] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1753'.
[  953.218961][T14821] Set syz1 is full, maxelem 65536 reached
[  953.422039][ T5907] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  953.639058][ T5907] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  953.674661][ T5907] usb 4-1: config 0 has no interface number 0
[  953.752954][ T5907] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  953.763678][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.801888][ T5907] usb 4-1: Product: syz
[  953.816686][ T5907] usb 4-1: Manufacturer: syz
[  953.821753][ T5907] usb 4-1: SerialNumber: syz
[  953.861725][ T5907] usb 4-1: config 0 descriptor??
[  954.115239][ T5907] dvb_usb_ec168 4-1:0.1: probe with driver dvb_usb_ec168 failed with error -32
[  954.175420][ T5907] usb 4-1: USB disconnect, device number 19
[  955.413035][ T9185] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  955.602578][ T5907] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  955.621908][ T9185] usb 4-1: Using ep0 maxpacket: 16
[  955.642074][ T9185] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  955.680142][ T9185] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.760858][ T9185] usb 4-1: Product: syz
[  955.766424][ T9185] usb 4-1: Manufacturer: syz
[  955.774592][T15058] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1770'.
[  955.792530][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  955.808117][ T9185] usb 4-1: SerialNumber: syz
[  955.825873][ T5907] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  955.859074][ T9185] r8152-cfgselector 4-1: Unknown version 0x0000
[  955.890981][ T5907] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  955.913154][ T9185] r8152-cfgselector 4-1: config 0 descriptor??
[  956.115713][ T5907] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  956.181745][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  956.312962][ T5907] usb 6-1: config 0 descriptor??
[  956.343071][ T5907] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  956.469791][T15044] loop5: detected capacity change from 0 to 7
[  956.480004][ T5970]  loop5: p1 < > p4
[  956.505901][ T5970] loop5: partition table partially beyond EOD, truncated
[  956.664736][T15044]  loop5: p1 < > p4
[  956.676612][T15044] loop5: partition table partially beyond EOD, truncated
[  956.737731][ T9185] r8152-cfgselector 4-1: Unknown version 0x0000
[  956.755233][ T9185] r8152-cfgselector 4-1: bad CDC descriptors
[  956.802413][ T9185] r8152-cfgselector 4-1: USB disconnect, device number 20
[  957.002092][ T5970] udevd[5970]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  957.006532][ T5950] udevd[5950]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  957.139439][ T5950] udevd[5950]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  957.200058][ T5970] udevd[5970]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  959.866139][ T5946] usb 6-1: USB disconnect, device number 23
[  962.743939][T15161] loop7: detected capacity change from 0 to 32768
[  962.777133][T15161] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1789 (15161)
[  962.823636][T15161] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  962.833943][T15161] BTRFS info (device loop7): using crc32c checksum algorithm
[  962.841390][T15161] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  962.910183][T15159] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1787'.
[  963.024747][T15161] BTRFS info (device loop7): rebuilding free space tree
[  963.058229][T15161] BTRFS info (device loop7): disabling free space tree
[  963.065256][T15161] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  963.076436][T15161] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  963.116949][T15161] BTRFS info (device loop7): enabling ssd optimizations
[  963.124119][T15161] BTRFS info (device loop7): turning on async discard
[  963.130923][T15161] BTRFS info (device loop7): enabling disk space caching
[  963.138104][T15161] BTRFS info (device loop7): force clearing of disk cache
[  963.145334][T15161] BTRFS info (device loop7): use zstd compression, level 3
[  963.706246][T10666] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  963.812413][ T5907] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  964.198662][ T5907] usb 4-1: Using ep0 maxpacket: 32
[  964.252261][ T5907] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  964.461558][ T5907] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  964.644357][ T5907] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  964.815865][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  964.951650][ T5907] usb 4-1: config 0 descriptor??
[  965.029257][ T5907] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  965.662116][T15208] binder: 15204:15208 ioctl c0306201 0 returned -14
[  966.758586][T15233] No such timeout policy "syz1"
[  967.424756][ T5907] usb 4-1: USB disconnect, device number 21
[  967.962017][   T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  968.122815][   T10] usb 4-1: Using ep0 maxpacket: 8
[  968.155372][   T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  968.213634][   T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  968.309079][   T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  968.361910][   T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  968.441960][   T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  968.502698][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  968.813795][   T10] usb 4-1: GET_CAPABILITIES returned 0
[  968.851956][   T10] usbtmc 4-1:16.0: can't read capabilities
[  969.034550][ T5946] usb 4-1: USB disconnect, device number 22
[  969.877677][T15269] syz.8.1807 uses obsolete (PF_INET,SOCK_PACKET)
[  970.162129][ T5946] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  970.376125][ T5946] usb 9-1: Using ep0 maxpacket: 16
[  970.434207][ T5946] usb 9-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  970.487097][ T5946] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  970.507144][ T5946] usb 9-1: Product: syz
[  970.526675][ T5946] usb 9-1: Manufacturer: syz
[  970.540663][ T5946] usb 9-1: SerialNumber: syz
[  970.609865][ T5946] usb 9-1: config 0 descriptor??
[  970.651944][ T5907] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  970.853473][ T5907] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  970.947275][T15285] binder: 15284:15285 ioctl c0306201 0 returned -14
[  970.952137][ T5907] usb 2-1: config 0 has no interface number 0
[  970.992576][ T5907] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  971.001733][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  971.062691][ T5907] usb 2-1: Product: syz
[  971.066998][ T5907] usb 2-1: Manufacturer: syz
[  971.071733][ T5907] usb 2-1: SerialNumber: syz
[  971.115490][ T5946] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  971.172363][ T5907] usb 2-1: config 0 descriptor??
[  971.178997][ T5946] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  971.422082][ T5946] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  971.430306][ T5946] usb 9-1: media controller created
[  971.458834][ T5907] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in cold state
[  971.464355][ T5946] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  971.569630][ T5907] usb 2-1: Direct firmware load for dvb-usb-ec168.fw failed with error -2
[  971.598982][ T5946] zl10353_read_register: readreg error (reg=127, ret==0)
[  971.609688][ T5907] usb 2-1: Falling back to sysfs fallback for: dvb-usb-ec168.fw
[  971.630774][ T5946] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  971.682223][T15281] ------------[ cut here ]------------
[  971.688284][T15281] usb 9-1: BOGUS control dir, pipe 80000580 doesn't match bRequestType c0
[  971.696969][T15281] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x1052/0x18b0, CPU#1: syz.1.1809/15281
[  971.707395][T15281] Modules linked in:
[  971.711625][T15281] CPU: 1 UID: 0 PID: 15281 Comm: syz.1.1809 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  971.722879][T15281] Tainted: [L]=SOFTLOCKUP
[  971.727240][T15281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  971.737364][T15281] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  971.743061][T15281] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  971.763135][T15281] RSP: 0018:ffffc9000566f928 EFLAGS: 00010246
[  971.769703][T15281] RAX: 0000000000000000 RBX: ffff888034a37a00 RCX: 0000000080000580
[  971.777821][T15281] RDX: ffff888021ab6140 RSI: ffffffff8c7f3860 RDI: ffffffff901f0340
[  971.786949][T15281] RBP: 1ffff1100678b44c R08: 00000000000000c0 R09: 0000000000000000
[  971.795734][T15281] R10: ffffc9000566fa20 R11: fffff52000acdf50 R12: ffff88807d7a4100
[  971.805762][T15281] R13: ffff888033c5a260 R14: 0000000080000580 R15: ffff888021ab6140
[  971.813915][T15281] FS:  00007f64c6b846c0(0000) GS:ffff888125557000(0000) knlGS:0000000000000000
[  971.822979][T15281] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  971.829588][T15281] CR2: 00007facb55757d0 CR3: 0000000044d3a000 CR4: 00000000003526f0
[  971.837770][T15281] Call Trace:
[  971.841078][T15281]  <TASK>
[  971.844145][T15281]  ? __init_swait_queue_head+0xa9/0x150
[  971.850055][T15281]  usb_start_wait_urb+0x12b/0x510
[  971.855168][T15281]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  971.860758][T15281]  usb_control_msg+0x232/0x3e0
[  971.865613][T15281]  dtv5100_i2c_msg+0x231/0x2f0
[  971.870407][T15281]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  971.875411][T15281]  __i2c_transfer+0x79a/0x2020
[  971.880200][T15281]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  971.886651][T15281]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  971.892989][T15281]  ? i2c_transfer+0xc8/0x2d0
[  971.897801][T15281]  i2c_transfer+0x1cc/0x2d0
[  971.902463][T15281]  i2cdev_ioctl_rdwr+0x460/0x740
[  971.907440][T15281]  i2cdev_ioctl+0x6a5/0x880
[  971.912217][T15281]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  971.917305][T15281]  ? __fget_files+0x3a0/0x420
[  971.922053][T15281]  ? __fget_files+0x2a/0x420
[  971.926694][T15281]  ? bpf_lsm_file_ioctl+0x9/0x20
[  971.931671][T15281]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  971.936935][T15281]  __se_sys_ioctl+0xfc/0x170
[  971.941599][T15281]  do_syscall_64+0x14d/0xf80
[  971.946462][T15281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.952647][T15281]  ? clear_bhb_loop+0x40/0x90
[  971.957370][T15281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.963351][T15281] RIP: 0033:0x7f64c5d9c629
[  971.967801][T15281] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  971.988260][T15281] RSP: 002b:00007f64c6b84028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  971.997218][T15281] RAX: ffffffffffffffda RBX: 00007f64c6015fa0 RCX: 00007f64c5d9c629
[  972.005636][T15281] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
[  972.013943][T15281] RBP: 00007f64c5e32b39 R08: 0000000000000000 R09: 0000000000000000
[  972.022067][T15281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  972.030092][T15281] R13: 00007f64c6016038 R14: 00007f64c6015fa0 R15: 00007ffecf230ab8
[  972.038276][T15281]  </TASK>
[  972.041374][T15281] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  972.048689][T15281] CPU: 1 UID: 0 PID: 15281 Comm: syz.1.1809 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  972.059724][T15281] Tainted: [L]=SOFTLOCKUP
[  972.064064][T15281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  972.074267][T15281] Call Trace:
[  972.077651][T15281]  <TASK>
[  972.080592][T15281]  vpanic+0x56c/0xa60
[  972.084686][T15281]  ? __pfx__printk+0x10/0x10
[  972.089338][T15281]  ? __pfx_vpanic+0x10/0x10
[  972.093903][T15281]  ? is_bpf_text_address+0x292/0x2b0
[  972.099338][T15281]  ? is_bpf_text_address+0x26/0x2b0
[  972.104578][T15281]  panic+0xc5/0xd0
[  972.108340][T15281]  ? __pfx_panic+0x10/0x10
[  972.112967][T15281]  __warn+0x315/0x4f0
[  972.117005][T15281]  ? usb_submit_urb+0x1052/0x18b0
[  972.122139][T15281]  ? usb_submit_urb+0x1052/0x18b0
[  972.127242][T15281]  __report_bug+0x29a/0x540
[  972.131863][T15281]  ? unwind_get_return_address+0x4d/0x90
[  972.137575][T15281]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  972.143756][T15281]  ? usb_submit_urb+0x1052/0x18b0
[  972.148822][T15281]  ? __pfx___report_bug+0x10/0x10
[  972.153870][T15281]  ? __pfx_stack_trace_save+0x10/0x10
[  972.159346][T15281]  ? stack_depot_save_flags+0x33/0x810
[  972.164829][T15281]  report_bug_entry+0x19a/0x290
[  972.169702][T15281]  ? usb_submit_urb+0x1114/0x18b0
[  972.174759][T15281]  ? usb_submit_urb+0x1119/0x18b0
[  972.179842][T15281]  handle_bug+0xca/0x200
[  972.184202][T15281]  exc_invalid_op+0x1a/0x50
[  972.188745][T15281]  asm_exc_invalid_op+0x1a/0x20
[  972.193843][T15281] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  972.199544][T15281] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  972.219555][T15281] RSP: 0018:ffffc9000566f928 EFLAGS: 00010246
[  972.225719][T15281] RAX: 0000000000000000 RBX: ffff888034a37a00 RCX: 0000000080000580
[  972.233726][T15281] RDX: ffff888021ab6140 RSI: ffffffff8c7f3860 RDI: ffffffff901f0340
[  972.241775][T15281] RBP: 1ffff1100678b44c R08: 00000000000000c0 R09: 0000000000000000
[  972.249820][T15281] R10: ffffc9000566fa20 R11: fffff52000acdf50 R12: ffff88807d7a4100
[  972.258081][T15281] R13: ffff888033c5a260 R14: 0000000080000580 R15: ffff888021ab6140
[  972.266101][T15281]  ? usb_submit_urb+0x10a3/0x18b0
[  972.271385][T15281]  ? __init_swait_queue_head+0xa9/0x150
[  972.277007][T15281]  usb_start_wait_urb+0x12b/0x510
[  972.282069][T15281]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  972.287895][T15281]  usb_control_msg+0x232/0x3e0
[  972.292721][T15281]  dtv5100_i2c_msg+0x231/0x2f0
[  972.297545][T15281]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  972.302426][T15281]  __i2c_transfer+0x79a/0x2020
[  972.307215][T15281]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  972.313159][T15281]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  972.318986][T15281]  ? i2c_transfer+0xc8/0x2d0
[  972.323614][T15281]  i2c_transfer+0x1cc/0x2d0
[  972.328164][T15281]  i2cdev_ioctl_rdwr+0x460/0x740
[  972.333134][T15281]  i2cdev_ioctl+0x6a5/0x880
[  972.337669][T15281]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  972.342717][T15281]  ? __fget_files+0x3a0/0x420
[  972.347504][T15281]  ? __fget_files+0x2a/0x420
[  972.352139][T15281]  ? bpf_lsm_file_ioctl+0x9/0x20
[  972.357107][T15281]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  972.362166][T15281]  __se_sys_ioctl+0xfc/0x170
[  972.366786][T15281]  do_syscall_64+0x14d/0xf80
[  972.371428][T15281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.377610][T15281]  ? clear_bhb_loop+0x40/0x90
[  972.382314][T15281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.388275][T15281] RIP: 0033:0x7f64c5d9c629
[  972.392732][T15281] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  972.412722][T15281] RSP: 002b:00007f64c6b84028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  972.421167][T15281] RAX: ffffffffffffffda RBX: 00007f64c6015fa0 RCX: 00007f64c5d9c629
[  972.429193][T15281] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
[  972.437216][T15281] RBP: 00007f64c5e32b39 R08: 0000000000000000 R09: 0000000000000000
[  972.445476][T15281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  972.453483][T15281] R13: 00007f64c6016038 R14: 00007f64c6015fa0 R15: 00007ffecf230ab8
[  972.461573][T15281]  </TASK>
[  972.465319][T15281] Kernel Offset: disabled
[  972.469659][T15281] Rebooting in 86400 seconds..