last executing test programs:

16m14.895519861s ago: executing program 2 (id=801):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x81}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0xffffffff, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffa, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623d, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0x400ba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x7c, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x7, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x4, 0x8, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x10, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x7, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x6], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x4, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x13, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x4, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x6, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x0, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x0, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x16a, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x9, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xa, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r4, 0x5501)
readv(r4, 0x0, 0x0)
write$input_event(r4, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x4)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000100)={'ip_vti0\x00', 0x0})

16m8.071183081s ago: executing program 2 (id=809):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a80000000000000", @ANYRES32=0x0, @ANYBLOB="080003000eba"], 0x2c}}, 0x0)

16m7.05758663s ago: executing program 2 (id=811):
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x28, 0xd, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x6}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c814}, 0x4004)
setxattr$trusted_overlay_origin(0x0, &(0x7f0000000040), 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r3, 0x5412, 0x0)
ioctl$TIOCSTI(r3, 0x5412, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000140)=0x7f)
open$dir(&(0x7f0000000180)='./bus\x00', 0x200, 0x0)
stat(&(0x7f00000001c0)='./bus\x00', &(0x7f00000008c0))

16m5.917293892s ago: executing program 2 (id=812):
socket(0x10, 0x3, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000340)={'pimreg1\x00', 0x1})
r0 = gettid()
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010025bd7000f9dbdf2500000004", @ANYRES32=0x0, @ANYBLOB="158804000300000008001b000000000008000d"], 0x30}, 0x1, 0x0, 0x0, 0x40800}, 0x4040000)

16m5.671054177s ago: executing program 2 (id=813):
setxattr$system_posix_acl(0x0, &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100)=ANY=[@ANYRES32], 0x24, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = socket(0x1f, 0x2, 0x6)
recvmmsg$unix(r3, &(0x7f0000001a00)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000200)=""/4106, 0x100a}], 0x1}}], 0x1, 0x0, 0x0)
listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=""/133, 0x85)
pipe(&(0x7f00000000c0)={<r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f0000000040)=[{0x0}], 0x1, 0xf)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000001240)=[{0x0}, {&(0x7f00000012c0)=""/90, 0x5a}], 0x2, 0xf, 0x8000)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0xa00, 0x0, 0x101, 0x100}})

16m4.354946972s ago: executing program 2 (id=814):
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file1\x00', 0x2000000, &(0x7f0000000800)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c00a37e941910c27d130b55ac2d5f7a61e59ec6d5de07239091924c32eeb367d16409d6d3ec1fb755f9a7989ebc4e96918e268f0b7acebf67c07bc4731200f87d27b5e9e61000e70f0c6a4e2432073d0d3e18f864e9ef64637d14e548355376ec821c05008685c055a367ea51b653eff6581710e72f1e7e4d9d1607d004d9ed64f6c3824bc667bd24219163c60803099f985567be0d978e301b4f6611628606afadb04e0158f42f1853f2e8598a5e250e0f4c9a"], 0x1, 0x1506, &(0x7f0000002ac0)="$eJzs3QnYj9XWMPC19t43D0n/JPNee938k2GTJBmSZEiSJEkyJSRJjiQkHjIlIQmZk8whmUIyz1PmJDmSJAkJSfZ3PXXOcc7b+d7e853zft73POt3Xfd173Xte+177//ifw/Xcz3PNx0HV61frVJdZoZ/Cv66SwWAFADoBwDXAEAEAKWylcqW1p9JY+o/dxLxr/XQtCs9A3ElSf3TN6l/+ib1T9+k/umb1D99k/qnb1L/9E3qL0R6tm167mtlS7/bP//+P+XXnbz//19Irv/pm9T/382ZTP/I0VL/fyeXQgj/WIbUP32T+qdvUv/0Teqfvkn90zepvxDp2ZV+/yzbld2u9L8/IYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBDpw/lwmQGAtH10pSclhBBCCCGEEEKIf6mQ8UrPQAghhBBCCCGEEP/9EBRoMBBBBsgIKZAJMsNVkAWuhqxwDSTgWsgG10F2uB5yQE7IBbkhD+SFfGCBwAFDDPmhACThBigIN0IhKAxFoCh4KAbF4SYoATdDSbgFSsGtUBpugzJQFspBebgdKsAdUBHuhEpwF1SGKlAVqsHdUB3ugRpwL9SE+6AW3A+14QGoAw9CXXgI6sHDUB8egQbwKDSERtAYmkDT/6f8F6ArvAjdoDukQg/oCS9BL+gNfaAv9IOXoT+8AgPgVRgIg2AwvAZD4HUYCm/AMBgOI+BNGAmjYDSMgbEwDsbDWzAB3oaJ8A5MgskwBabCNJgOM+BdmAmzYDa8B3PgfZgL82A+LICF8AEsgsWwBD6EpfARLIPlsAJWwipYDWtgLayD9bABNsIm2AxbYCtsg49hO+yAnbALdsMe2AufwD74FPbDZ3AAPv8H88/9h/xOCAioUKFBgxkwA6ZgCmbGzJgFs2BWzIoJTGA2zIbZMTvmwByYC3NhHsyD+TAfEhIyMubH/JjEJBbEglgIC2ERLIIePRbH4lgCb8aSWBJLYSksjaWxDJbFslgey2MFrIAVsSJWwkpYGStjVayKd+PdeA/WwBpYE2tiLayFtbE21sE6WBfrYj2sh/WxPjbABtgQG2JjbIxNsSk2w2bYHJtjS2yJrbAVtsbW2AbbYFtsi+2wHbbH9tgBO2BH7IidsDN2xhfwBXwRX8TuWFn1wJ7YE3thL+yDfbEvvoz98RV8BV/FgTgIB+Nr+Bq+jkPxLA7D4TgCR2AFNQpH4xhkNQ7H43icgBNwIk7ESTgZJ+NUnIbTcQbOwJk4C2fhezgH38f3cR7OwwW4EBfiIlyMS3AJLsVzuAyX4wpciatwNa7CtbgO1+IG3IgbcDNuxq24FT/Gj3EH7sBduAv34B78BD/BT/FTHIgH8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8jifwBJ7EU3gaT+EZPINn8Ryex/N4AS/gRbyIl/BS2n9+lcYoozKoDCpFpajMKrPKorKorCqrSqiEyqayqewqu8qhcqhcKpfKo/KofCqfIkWKVazyq/wqqZKqoCqoCqlCqogqorzyqrgqrkqoEqqkKqlKqVtVaXWbKqPKqha+vCqvKqiWvqK6U1VSlVRlVUVVVdVUNVVdVVc1VA1VU9VUtVQtVVs9oOqoHtgHH1JplamvBmEDNRgbqkaqsWqiXsfHVDM1FJurFqqlekINx2HYWjXzbdTTqq0aje3UH9QYfFZ1UOOwo3pedVKdVRf1guqqmvtuqruahD1UTzUVe6neqo/qq2ZiFZVWsarqVTVQDVKD1WtqAb6uhqo31DA1XI1Qb6qRapQarcaosWqcGq/eUhPU22qiekdNUpPVFDVVTVPT1Yy0r1Y1S81W76k56n01V81T89UCtVB9oBapxWqJ+lAtVR+pZWq5WqFWqlVqtVqj1qp1ar3aoDaqTRGoLWqr2qY+VtvVDrVT7VK71R61V32i9qlP1X71mTqgPlcH1R/VIfWFOqy+VEfUV+qo+lodU9+o4+pbdUJ9p06qU+q0+l6dUT+os+qcOq9+VBfUT+qi+lldUkGBRq201kZHOoPOqFN0Jp1ZX6Wz6Kt1Vn2NTuhrdTZ9nc6ur9c5dE6dS+fWeXRenU9bTdpp1rHOrwvopL5BF9Q36kK6sC6ii2qvi+ni+iZdQt+sS+pbdCl9qy6tb9NldFldTpfXt+sK+g5dUd+pK+m7dGVdRVfV1fTdurq+R9fQ9+qa+j5dS9+va+sHdB39oK6rH9L19MO6vn5EN9CP6oa6kW6sm+im+jHdTD+um+sWuqV+QrfST+rW+indRj+t2+pndDv9B91eP6s76Od0R/287qQ76y76Z31JB91Nd9epuofuqV/SvXRv3Uf31f30y7q/fkUP0K/qgXqQHqxf00P063qofkMP08P1CP2mHqlH6dF6jB6rx+nx+i09Qb+tJ+p39CQ9WU/RU/U0PV33+dNIs/8L+W//nfwBv5x9q96mP9bb9Q69U+/Su/UevVfv1fv0Pr1f79cH9AF9UB/Uh/QhfVgf1kf0EX1UH9XH9DF9XB/XJ/QJfVKf0j/q7/UZ/YM+q8/pc/pHfUFf0Bf/9BmAQaOMNsZEJoPJaFJMJpPZXGWymKtNVnONSZhrTTZznclurjc5TE6Ty+Q2eUxek89YQ8YZNrHJbwqYpLnBFDQ3mkKmsCliihpvipni5qZ/Ov/35tfUNDXNTDPT3DQ3LU1L08q0Mq1Na9PGtDFtTVvTzrQz7U1708F0MB1NR9PJdDJdTBfT1XQ1AQBSTarpaV4yvUxv08f0Nf3My6a/6W8GmAFmoBloBpvBZogZYoaaoWaYGWZGmBFmpBlpRpvRZqwZa8ab8WaCmWAmmolmkplkppgpZpqZZmaYGWammWlmm9lmjplj5pq5Zr6ZbxaahWaRWWSWmCVmqVlqlpnlZrlZaVaa1Wa1WWvWmvVmvdloNprNZrNZZv78A5o7zU6z2+w2e81es8/sM/vNfnPAHDAHzUFzyBwyh81hc8QcMUfNUXPMHDPHzXFzwpwwJ81Jc9qcNmfMGXPWnDXnzXlzwVwwF81Fc8lcSrvti1SkIhOZKEOUIUqJUqLMUeYoS5QlyhpljRJRIsoWZYuyR9dHOaKcUa4od5Qnyhvli2xEkYs4iqP8UYEoGd0QFYxujApFhaMiUdHIR8Wi4tFNUYno5qhkdEtUKro1Kh3dFpWJykblovLR7VGF6I6oYnRnVCm6K6ocVYmqRtWiu6Pq0T1RjejeqGZ0X1Qruj+qHT0Q1YkejOpGD0X1ooej+tEjUYPo0ahh1ChqHDWJmv5Lxw/hbM7HfTfb3abaHranfcn2sr1tH9vX9rMv2/72FTvAvmoH2kF2sH3NDrGv26H2DTvMDrcj7Jt2pB1lR9sxdqwdZ8fbt+wE+7adaN+xk+xkO8VOtdPsdDvDvmtn2ll2tn3PzrHv27l2np1vF9iF9gO7yC62S+yHdqn9yC6zy+0Ku9KusqvtGrvWrrPr7Qa70W6ym+0Wu9Vusx/b7XaH3Wl32d12j91rP7H77Kd2v/3MHrCf24P2j/aQ/cIetl/aI/Yre9R+bY/Zb+xx+609Yb+zJ+0pe9p+b8/YH+xZe86etz/aC/Yne9H+bC/ZkHZzn3Z5J0OGMlAGSqEUykyZKQtloayUlRKUoGyUjbJTdspBOSgX5aI8lIfyUT5Kw8SUn/JTkpJUkApSISpERagIefJUnIpTCSpBJakklaJSVJpKUxkqQ+Uo7aJ5O91Bd9CddCfdRXdRFapC1agaVafqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUgBpQQ2pIjakxNaWm1IyaUXNqTi2pJbWiVtSaWlMbakNtqS21o3bUntpTB+pAHakjdaJO1IW6UFfqSt2oG6VSKvWkntSLelEf6kP9qB/1p/40gAbQQBpIg2kwDaEhNJSG0jAaTiPoTRpJo2g0jaGxNI7G03iaQBNoIk2kSTSJptAUmkbTaAbNoJk0k2bTbJpDc2guzaX5NJ8W0kJaRItoCS2hpbSUltEyWkEraBWtojW0htbROtpAG2gTbaIttIW20TbaTttpJ+2k3bSb9tJe2kf7aD/tpwN0gA7SQTpEh+gwHaYjdISO0lE6RsfoOB2nE3SCTtJJPE2n6QydobN0ls7TebpAP9FF+pkuUaAUl8lldle5LO5ql9Vd41Jcpu4A8Jc4l8vt8ri8Lp+zLofL+TcxOecKucKuiCvqvCvmirubfhOX6VHWlXPl3e2ugrvDVXRl3N/G1d09roa719V097lq7u6/iWu5+11t94ir4x51dV0jV881cfXdI66Be9Q1dI1cY9fEtXJPutbuKdfGPe3aumd+Ey9yi906t95tcBvdPvepO+9+dMfcN+6C+8l1c91dP/ey6+9ecQPcq26gG/SbeIR70410o9xoN8aNdeN+E09xU900N93NcO+6mW7Wb+KF7gM3xy1xc908N98t+CVOm9MS96Fb6j5yy9xyt8KtdKvcarfGrf3LXFe6zW6L2+r2uk/cdrfD7XS73G6355c4bR373WfugPvcHXVfu0PuC3fYHXdH3Fe/xGnrO+6+dSfcd+6kO+VOu+/dGfeDO+vO/bL+tLV/7352l1xwwMiKNRuOOANn5BTOxJn5Ks7CV3NWvoYTfC1n4+s4O1/POTgn5+LcnIfzcj62TOyYOeb8XICTfAMX5Bu5EBfmIlyUPRfj4nwTl+CbuSTfwqX4Vi7Nt3EZLsvluDzfzhX4Dq7Id3IlvosrcxWuytX4bq7O93ANvpdr8n1ci+/n2vwA1+EHuS4/xPX4Ya7Pj3ADfpQbciNuzE24KT/Gzfhxbs4tuCU/wa34SW7NT3Ebfprb8jPcjv/A7flZ7sDPcUd+njtxZ+7CL3BXfpG7cXdO5R7ck1/iXtyb+3Bf7scvc39+hQfwqzyQB/Fgfo2H8Os8lN/gYTycR/CbPJJH8Wgew2N5HI/nt3gCv80T+R2exJN5Ck/laTydZ/C7PJNn8Wx+j+fw+zyX5/F8XsAL+QNexIt5CX/IS/kjXsbLeQWv5FW8mtfwWl7H63kDb+RNvJm38Fbexh/zdt7BO3kX7+Y9vJc/4X38Ke/nz/gAf84H+Y98iL/gw/wlH+Gv+Ch/zcf4Gz7O3/IJ/o5P8ik+zd/zGf6Bz/I5Ps8/8gX+iS/yz3yJA0OMsYp1bOIozhBnjFPiTHHm+Ko4S3x1nDW+Jk7E18bZ4uvi7PH1cY44Z5wrzh3nifPG+WIbU+xijuM4f1wgTsY3xAXjG+NCceG4SFw09nGxuHh8U1wivjkuGd8Sl4pvjUvHt8Vl4rJxubh8fHtcIb4jrhjfGVeK74orx1XiqnG1+O64enxPXCO+N64Z3xeXjO+Pa8cPxHXiB+O68UNxvfjhuH78SNwgfjRuGDeKG8dN4qbxY3Gz+PG4edwibhk/EbeKn4xbx0/FbeKn47bxM7/bnxr3iHvGL8UvxSHcq+cnFyQXJj9ILkouTi5JfphcmvwouSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ObkluTUZQrWM4NErr73xkc/gM/oUn8ln9lf5LP5qn9Vf4xP+Wp/NX+ez++t9Dp/T5/K5fR6f1+fz1pN3nn3s8/sCPulv8AX9jb6QL+yL+KLe+2K+uG/im/qmvpl/3Df3LXxL/4R/wj/pn/RP+af8076tf8a385Bo75/1Hfxz/jn/vO/kO/su/gXf1b/ou/nuPtWn+p6+p+/le/k+vo/v5/v5/r6/H+AH+IF+oB/sB/shfogf6of6YX6YH+FH+JF+pB/tR/uxfqwf78f7CX6Cn+gn+kl+kp/ip/hpfpqf4Wf4mX6mn+1n+zl+jp/r5/r5fr5f6Bf6RX6RX+KX+KV+qV/ml/kVfoVf5Vf5NX6NX+fX+Q1+g9/kN/ktfovf5rf57X673+l3+t1+t9/r9/p9fp/f7/f7A/6AP+gP+kP+kD/sv/RH/Ff+qP/aH/Pf+OP+W3/Cf+dP+lP+tP/en/E/+LP+nD/vf/QX/E/+ov/ZX/LBj0+8lZiQeDsxMfFOYlJicmJKYmpiWmJ6Ykbi3cTMxKzE7MR7iTmJ9xNzE/MS8xMLEgsTHyQWJRYnliQ+TCxNfJRYllieWJFYmViVWJ0IIe/2OOQPBUIy3BAKhhtDoVA4FAlFgw/FQvFwUygRbg4lwy2hVLg1lA63hTKhbCgXHg0NQ6PQODQJTcNjoVl4PDQPLULL8ERoFZ4MrcNToU14OrQNz4R24Q+hfXg2dAjPhY7h+dApdA5dwguha3gxdAvdQ2roEXqGl0Kv0Dv0CX1Dv/By6B9eCQPCq2FgGBQGh9fCkPB6GBreCMPC8DAivBlGhlFhdBgTxoZxYXx4K0wIb4eJ4Z0wKUwOU8LUMC1MDzPCu2FmmBVmh/fCnPB+mBvmhflhQVgYPgiLwuKwJHwYloaPwrKwPKwIK8OqsDqsCWvDurA+bAgbw6awOWwJW8O28HHYHnaEnWFX2B32hL3hk7AvfBr2h8/CgfB5OBj+GA6FL8Lh8GU4Er4KR8PX4Vj4JhwP34YT4btwMpwKp8P34Uz4IZwN58L58GO4EH4KF8PP4VII4Uq/SRdCCCGE+N9A/05/j/9LjvpTuycAXL0j95H/2L8px6/t3hnztEoAwNPdOz70561y5dTU1D8du0xDVGAeACQu52eAy/FyaAlPQhtoASX+0p/yV+fqrTpf4P9sfIAoeStA5r/KScv/c3x5/Jv/7vp7q1Fz/tPxNUTJeQCFClzOyQSX48vjl/y746eqnM1+Z/xMX4wHaP5XOVngcnx5/OLwODwDbf7mSCGEEEIIIYQQ4le9Vbn2v/d8m/Z8nsdczskIl+O/93wuhBBCCCGEEEKI/1me7dzlqcfatGnRXhr/HY0UAAjX/PpR/0+YjzSk8V9sXOlvJiGEEEIIIcS/2uWb/is9EyGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQIv36//HrxP58rt/7W4NCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHEv6v/EwAA//8oYjL2")
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000140)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x25dfdbfd, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x0, 0x0, 0x0, 0xffffffff}, {0x3, 0x4, 0x20, 0x1000000}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x2}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x7, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)

15m48.618459713s ago: executing program 32 (id=814):
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file1\x00', 0x2000000, &(0x7f0000000800)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c00a37e941910c27d130b55ac2d5f7a61e59ec6d5de07239091924c32eeb367d16409d6d3ec1fb755f9a7989ebc4e96918e268f0b7acebf67c07bc4731200f87d27b5e9e61000e70f0c6a4e2432073d0d3e18f864e9ef64637d14e548355376ec821c05008685c055a367ea51b653eff6581710e72f1e7e4d9d1607d004d9ed64f6c3824bc667bd24219163c60803099f985567be0d978e301b4f6611628606afadb04e0158f42f1853f2e8598a5e250e0f4c9a"], 0x1, 0x1506, &(0x7f0000002ac0)="$eJzs3QnYj9XWMPC19t43D0n/JPNee938k2GTJBmSZEiSJEkyJSRJjiQkHjIlIQmZk8whmUIyz1PmJDmSJAkJSfZ3PXXOcc7b+d7e853zft73POt3Xfd173Xte+177//ifw/Xcz3PNx0HV61frVJdZoZ/Cv66SwWAFADoBwDXAEAEAKWylcqW1p9JY+o/dxLxr/XQtCs9A3ElSf3TN6l/+ib1T9+k/umb1D99k/qnb1L/9E3qL0R6tm167mtlS7/bP//+P+XXnbz//19Irv/pm9T/382ZTP/I0VL/fyeXQgj/WIbUP32T+qdvUv/0Teqfvkn90zepvxDp2ZV+/yzbld2u9L8/IYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBDpw/lwmQGAtH10pSclhBBCCCGEEEKIf6mQ8UrPQAghhBBCCCGEEP/9EBRoMBBBBsgIKZAJMsNVkAWuhqxwDSTgWsgG10F2uB5yQE7IBbkhD+SFfGCBwAFDDPmhACThBigIN0IhKAxFoCh4KAbF4SYoATdDSbgFSsGtUBpugzJQFspBebgdKsAdUBHuhEpwF1SGKlAVqsHdUB3ugRpwL9SE+6AW3A+14QGoAw9CXXgI6sHDUB8egQbwKDSERtAYmkDT/6f8F6ArvAjdoDukQg/oCS9BL+gNfaAv9IOXoT+8AgPgVRgIg2AwvAZD4HUYCm/AMBgOI+BNGAmjYDSMgbEwDsbDWzAB3oaJ8A5MgskwBabCNJgOM+BdmAmzYDa8B3PgfZgL82A+LICF8AEsgsWwBD6EpfARLIPlsAJWwipYDWtgLayD9bABNsIm2AxbYCtsg49hO+yAnbALdsMe2AufwD74FPbDZ3AAPv8H88/9h/xOCAioUKFBgxkwA6ZgCmbGzJgFs2BWzIoJTGA2zIbZMTvmwByYC3NhHsyD+TAfEhIyMubH/JjEJBbEglgIC2ERLIIePRbH4lgCb8aSWBJLYSksjaWxDJbFslgey2MFrIAVsSJWwkpYGStjVayKd+PdeA/WwBpYE2tiLayFtbE21sE6WBfrYj2sh/WxPjbABtgQG2JjbIxNsSk2w2bYHJtjS2yJrbAVtsbW2AbbYFtsi+2wHbbH9tgBO2BH7IidsDN2xhfwBXwRX8TuWFn1wJ7YE3thL+yDfbEvvoz98RV8BV/FgTgIB+Nr+Bq+jkPxLA7D4TgCR2AFNQpH4xhkNQ7H43icgBNwIk7ESTgZJ+NUnIbTcQbOwJk4C2fhezgH38f3cR7OwwW4EBfiIlyMS3AJLsVzuAyX4wpciatwNa7CtbgO1+IG3IgbcDNuxq24FT/Gj3EH7sBduAv34B78BD/BT/FTHIgH8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8jifwBJ7EU3gaT+EZPINn8Ryex/N4AS/gRbyIl/BS2n9+lcYoozKoDCpFpajMKrPKorKorCqrSqiEyqayqewqu8qhcqhcKpfKo/KofCqfIkWKVazyq/wqqZKqoCqoCqlCqogqorzyqrgqrkqoEqqkKqlKqVtVaXWbKqPKqha+vCqvKqiWvqK6U1VSlVRlVUVVVdVUNVVdVVc1VA1VU9VUtVQtVVs9oOqoHtgHH1JplamvBmEDNRgbqkaqsWqiXsfHVDM1FJurFqqlekINx2HYWjXzbdTTqq0aje3UH9QYfFZ1UOOwo3pedVKdVRf1guqqmvtuqruahD1UTzUVe6neqo/qq2ZiFZVWsarqVTVQDVKD1WtqAb6uhqo31DA1XI1Qb6qRapQarcaosWqcGq/eUhPU22qiekdNUpPVFDVVTVPT1Yy0r1Y1S81W76k56n01V81T89UCtVB9oBapxWqJ+lAtVR+pZWq5WqFWqlVqtVqj1qp1ar3aoDaqTRGoLWqr2qY+VtvVDrVT7VK71R61V32i9qlP1X71mTqgPlcH1R/VIfWFOqy+VEfUV+qo+lodU9+o4+pbdUJ9p06qU+q0+l6dUT+os+qcOq9+VBfUT+qi+lldUkGBRq201kZHOoPOqFN0Jp1ZX6Wz6Kt1Vn2NTuhrdTZ9nc6ur9c5dE6dS+fWeXRenU9bTdpp1rHOrwvopL5BF9Q36kK6sC6ii2qvi+ni+iZdQt+sS+pbdCl9qy6tb9NldFldTpfXt+sK+g5dUd+pK+m7dGVdRVfV1fTdurq+R9fQ9+qa+j5dS9+va+sHdB39oK6rH9L19MO6vn5EN9CP6oa6kW6sm+im+jHdTD+um+sWuqV+QrfST+rW+indRj+t2+pndDv9B91eP6s76Od0R/287qQ76y76Z31JB91Nd9epuofuqV/SvXRv3Uf31f30y7q/fkUP0K/qgXqQHqxf00P063qofkMP08P1CP2mHqlH6dF6jB6rx+nx+i09Qb+tJ+p39CQ9WU/RU/U0PV33+dNIs/8L+W//nfwBv5x9q96mP9bb9Q69U+/Su/UevVfv1fv0Pr1f79cH9AF9UB/Uh/QhfVgf1kf0EX1UH9XH9DF9XB/XJ/QJfVKf0j/q7/UZ/YM+q8/pc/pHfUFf0Bf/9BmAQaOMNsZEJoPJaFJMJpPZXGWymKtNVnONSZhrTTZznclurjc5TE6Ty+Q2eUxek89YQ8YZNrHJbwqYpLnBFDQ3mkKmsCliihpvipni5qZ/Ov/35tfUNDXNTDPT3DQ3LU1L08q0Mq1Na9PGtDFtTVvTzrQz7U1708F0MB1NR9PJdDJdTBfT1XQ1AQBSTarpaV4yvUxv08f0Nf3My6a/6W8GmAFmoBloBpvBZogZYoaaoWaYGWZGmBFmpBlpRpvRZqwZa8ab8WaCmWAmmolmkplkppgpZpqZZmaYGWammWlmm9lmjplj5pq5Zr6ZbxaahWaRWWSWmCVmqVlqlpnlZrlZaVaa1Wa1WWvWmvVmvdloNprNZrNZZv78A5o7zU6z2+w2e81es8/sM/vNfnPAHDAHzUFzyBwyh81hc8QcMUfNUXPMHDPHzXFzwpwwJ81Jc9qcNmfMGXPWnDXnzXlzwVwwF81Fc8lcSrvti1SkIhOZKEOUIUqJUqLMUeYoS5QlyhpljRJRIsoWZYuyR9dHOaKcUa4od5Qnyhvli2xEkYs4iqP8UYEoGd0QFYxujApFhaMiUdHIR8Wi4tFNUYno5qhkdEtUKro1Kh3dFpWJykblovLR7VGF6I6oYnRnVCm6K6ocVYmqRtWiu6Pq0T1RjejeqGZ0X1Qruj+qHT0Q1YkejOpGD0X1ooej+tEjUYPo0ahh1ChqHDWJmv5Lxw/hbM7HfTfb3abaHranfcn2sr1tH9vX9rMv2/72FTvAvmoH2kF2sH3NDrGv26H2DTvMDrcj7Jt2pB1lR9sxdqwdZ8fbt+wE+7adaN+xk+xkO8VOtdPsdDvDvmtn2ll2tn3PzrHv27l2np1vF9iF9gO7yC62S+yHdqn9yC6zy+0Ku9KusqvtGrvWrrPr7Qa70W6ym+0Wu9Vusx/b7XaH3Wl32d12j91rP7H77Kd2v/3MHrCf24P2j/aQ/cIetl/aI/Yre9R+bY/Zb+xx+609Yb+zJ+0pe9p+b8/YH+xZe86etz/aC/Yne9H+bC/ZkHZzn3Z5J0OGMlAGSqEUykyZKQtloayUlRKUoGyUjbJTdspBOSgX5aI8lIfyUT5Kw8SUn/JTkpJUkApSISpERagIefJUnIpTCSpBJakklaJSVJpKUxkqQ+Uo7aJ5O91Bd9CddCfdRXdRFapC1agaVafqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUgBpQQ2pIjakxNaWm1IyaUXNqTi2pJbWiVtSaWlMbakNtqS21o3bUntpTB+pAHakjdaJO1IW6UFfqSt2oG6VSKvWkntSLelEf6kP9qB/1p/40gAbQQBpIg2kwDaEhNJSG0jAaTiPoTRpJo2g0jaGxNI7G03iaQBNoIk2kSTSJptAUmkbTaAbNoJk0k2bTbJpDc2guzaX5NJ8W0kJaRItoCS2hpbSUltEyWkEraBWtojW0htbROtpAG2gTbaIttIW20TbaTttpJ+2k3bSb9tJe2kf7aD/tpwN0gA7SQTpEh+gwHaYjdISO0lE6RsfoOB2nE3SCTtJJPE2n6QydobN0ls7TebpAP9FF+pkuUaAUl8lldle5LO5ql9Vd41Jcpu4A8Jc4l8vt8ri8Lp+zLofL+TcxOecKucKuiCvqvCvmirubfhOX6VHWlXPl3e2ugrvDVXRl3N/G1d09roa719V097lq7u6/iWu5+11t94ir4x51dV0jV881cfXdI66Be9Q1dI1cY9fEtXJPutbuKdfGPe3aumd+Ey9yi906t95tcBvdPvepO+9+dMfcN+6C+8l1c91dP/ey6+9ecQPcq26gG/SbeIR70410o9xoN8aNdeN+E09xU900N93NcO+6mW7Wb+KF7gM3xy1xc908N98t+CVOm9MS96Fb6j5yy9xyt8KtdKvcarfGrf3LXFe6zW6L2+r2uk/cdrfD7XS73G6355c4bR373WfugPvcHXVfu0PuC3fYHXdH3Fe/xGnrO+6+dSfcd+6kO+VOu+/dGfeDO+vO/bL+tLV/7352l1xwwMiKNRuOOANn5BTOxJn5Ks7CV3NWvoYTfC1n4+s4O1/POTgn5+LcnIfzcj62TOyYOeb8XICTfAMX5Bu5EBfmIlyUPRfj4nwTl+CbuSTfwqX4Vi7Nt3EZLsvluDzfzhX4Dq7Id3IlvosrcxWuytX4bq7O93ANvpdr8n1ci+/n2vwA1+EHuS4/xPX4Ya7Pj3ADfpQbciNuzE24KT/Gzfhxbs4tuCU/wa34SW7NT3Ebfprb8jPcjv/A7flZ7sDPcUd+njtxZ+7CL3BXfpG7cXdO5R7ck1/iXtyb+3Bf7scvc39+hQfwqzyQB/Fgfo2H8Os8lN/gYTycR/CbPJJH8Wgew2N5HI/nt3gCv80T+R2exJN5Ck/laTydZ/C7PJNn8Wx+j+fw+zyX5/F8XsAL+QNexIt5CX/IS/kjXsbLeQWv5FW8mtfwWl7H63kDb+RNvJm38Fbexh/zdt7BO3kX7+Y9vJc/4X38Ke/nz/gAf84H+Y98iL/gw/wlH+Gv+Ch/zcf4Gz7O3/IJ/o5P8ik+zd/zGf6Bz/I5Ps8/8gX+iS/yz3yJA0OMsYp1bOIozhBnjFPiTHHm+Ko4S3x1nDW+Jk7E18bZ4uvi7PH1cY44Z5wrzh3nifPG+WIbU+xijuM4f1wgTsY3xAXjG+NCceG4SFw09nGxuHh8U1wivjkuGd8Sl4pvjUvHt8Vl4rJxubh8fHtcIb4jrhjfGVeK74orx1XiqnG1+O64enxPXCO+N64Z3xeXjO+Pa8cPxHXiB+O68UNxvfjhuH78SNwgfjRuGDeKG8dN4qbxY3Gz+PG4edwibhk/EbeKn4xbx0/FbeKn47bxM7/bnxr3iHvGL8UvxSHcq+cnFyQXJj9ILkouTi5JfphcmvwouSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ObkluTUZQrWM4NErr73xkc/gM/oUn8ln9lf5LP5qn9Vf4xP+Wp/NX+ez++t9Dp/T5/K5fR6f1+fz1pN3nn3s8/sCPulv8AX9jb6QL+yL+KLe+2K+uG/im/qmvpl/3Df3LXxL/4R/wj/pn/RP+af8076tf8a385Bo75/1Hfxz/jn/vO/kO/su/gXf1b/ou/nuPtWn+p6+p+/le/k+vo/v5/v5/r6/H+AH+IF+oB/sB/shfogf6of6YX6YH+FH+JF+pB/tR/uxfqwf78f7CX6Cn+gn+kl+kp/ip/hpfpqf4Wf4mX6mn+1n+zl+jp/r5/r5fr5f6Bf6RX6RX+KX+KV+qV/ml/kVfoVf5Vf5NX6NX+fX+Q1+g9/kN/ktfovf5rf57X673+l3+t1+t9/r9/p9fp/f7/f7A/6AP+gP+kP+kD/sv/RH/Ff+qP/aH/Pf+OP+W3/Cf+dP+lP+tP/en/E/+LP+nD/vf/QX/E/+ov/ZX/LBj0+8lZiQeDsxMfFOYlJicmJKYmpiWmJ6Ykbi3cTMxKzE7MR7iTmJ9xNzE/MS8xMLEgsTHyQWJRYnliQ+TCxNfJRYllieWJFYmViVWJ0IIe/2OOQPBUIy3BAKhhtDoVA4FAlFgw/FQvFwUygRbg4lwy2hVLg1lA63hTKhbCgXHg0NQ6PQODQJTcNjoVl4PDQPLULL8ERoFZ4MrcNToU14OrQNz4R24Q+hfXg2dAjPhY7h+dApdA5dwguha3gxdAvdQ2roEXqGl0Kv0Dv0CX1Dv/By6B9eCQPCq2FgGBQGh9fCkPB6GBreCMPC8DAivBlGhlFhdBgTxoZxYXx4K0wIb4eJ4Z0wKUwOU8LUMC1MDzPCu2FmmBVmh/fCnPB+mBvmhflhQVgYPgiLwuKwJHwYloaPwrKwPKwIK8OqsDqsCWvDurA+bAgbw6awOWwJW8O28HHYHnaEnWFX2B32hL3hk7AvfBr2h8/CgfB5OBj+GA6FL8Lh8GU4Er4KR8PX4Vj4JhwP34YT4btwMpwKp8P34Uz4IZwN58L58GO4EH4KF8PP4VII4Uq/SRdCCCGE+N9A/05/j/9LjvpTuycAXL0j95H/2L8px6/t3hnztEoAwNPdOz70561y5dTU1D8du0xDVGAeACQu52eAy/FyaAlPQhtoASX+0p/yV+fqrTpf4P9sfIAoeStA5r/KScv/c3x5/Jv/7vp7q1Fz/tPxNUTJeQCFClzOyQSX48vjl/y746eqnM1+Z/xMX4wHaP5XOVngcnx5/OLwODwDbf7mSCGEEEIIIYQQ4le9Vbn2v/d8m/Z8nsdczskIl+O/93wuhBBCCCGEEEKI/1me7dzlqcfatGnRXhr/HY0UAAjX/PpR/0+YjzSk8V9sXOlvJiGEEEIIIcS/2uWb/is9EyGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQIv36//HrxP58rt/7W4NCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHEv6v/EwAA//8oYjL2")
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000140)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x25dfdbfd, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x0, 0x0, 0x0, 0xffffffff}, {0x3, 0x4, 0x20, 0x1000000}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x2}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x7, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)

14m22.067503497s ago: executing program 3 (id=958):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='sched_switch\x00'}, 0xe)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmsg(r4, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x4000000)
dup(0xffffffffffffffff)

14m20.360520609s ago: executing program 3 (id=959):
socket(0x10, 0x3, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000340)={'pimreg1\x00', 0x1})
r0 = gettid()
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4040000)

14m18.037709973s ago: executing program 3 (id=962):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x104, 0x4, 0x3f0, 0x110, 0x1f8, 0x1f8, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @rand_addr, @rand_addr, 0x8}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x5}}}, {{@arp={@remote, @private, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x0, 'gre0\x00', 'pimreg\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @mac=@random="8249ca4ee4e7", @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x2}}}}, 0x440)
syz_mount_image$erofs(&(0x7f00000000c0), &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[], 0xfd, 0x206, &(0x7f0000000600)="$eJzsmb9v00AUx793dhy3ICQWBhaQqESRWsd2AHVhKP8ASC2/NiJqqoLboNQDjYTAYmHhz+BfYMiUgY2NFQZAQmIgI/OhO5/tI3EC5IcY+j7D5eu7d+/evbOfJQcEQRxbvn75+fn19Y3tNQAnsYK67v9ulTbcsP/kavHxzbuDU896w/6kLctkf3S1emUM/U0LidZCCGGOrejfbfBC3wLHJa3vgMHT+j44bmsdgeGe1o8M3V7SIo68B+145+FeHPmyCWQTyqZprm8DGKQMOwBcHR8zxg+Puo9bcRx1hkVN5OuMDFUJW/ursqlMWhmfPdjkuGbkT57B3VcvU3md58Y38heAI9C6CYYtrTdQh+d58pCylBj7P2uX/q2/2f804kZtlulpkT4HWc/p9Umz1uYS85TCAbAQz/nhzNdz+lvP8/+RsfkJZvQsSSEf6KLnzKD3fnTWtz94zsvKVIGdX9ROs8cT7phb4sPybEs4etOVNmX9lLm5aNQnG3ZRPxrJ/pPG4VF3fW+/tRvtRgdh2LzqX/b9K2FD1easnVD/XFWflg3/tTG2DnNQjCWdQF6fQJJ0wqct2RoVd+tt+4cy46r+caxeyKbJW0Vtu/pVpsZZ8R6UatUaGzxBEARBEARBEARBEARBEMQ/cQ5MfQXVf1QJIfAiGxEi/+4qhAhvKvUrAAD//+x/QCM=")

14m4.801961396s ago: executing program 3 (id=982):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000480)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20008080}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x4)
timer_settime(0x0, 0x1, &(0x7f0000000380)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r6, 0x2)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)

14m2.929719142s ago: executing program 3 (id=985):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x40}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="160000000000000004f1", @ANYBLOB="51b2bdda7ea166076784ce2f0782079a9309f554caec6bf221a77f054d0a3ec9d3f12d041e043d18bcb637b89f7e4503916ad8b6d25b65abcfb96d2f3b07ac166d24994b0de81bf47cbe6b999338b00b8282e1784fbedb09fb23cc71d57805507f930cae720c83797bb2766dfb055433162d13823a1d29a63858ec7241bd5e500e08d3f0dcb9ba6ceccf1bb2f2c164286740d595658f4beb583c8b223801668b041ec0d554214ea4c4da42f19b53aa9802bd6f9cc48caab435f3f946e2c24c9be410402100b32452dc77075f226241923389048a9b1a5ddd44828928a21cb997381694b51cab3ea7acf8", @ANYBLOB="00000000000000000000000000000000000000001a9ab316341b0e3ac651a0da9527df8d38fddaa0bb03a4", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in=@rand_addr=0x64010102, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x2, 0x5, 0x40000000, 0x0, &(0x7f0000000000), 0x2000000)
r5 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'batadv_slave_0\x00'})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x2, 0x1000, 0x44, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, 0x7, 0x0, 0xfffffffc}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

14m1.027456128s ago: executing program 3 (id=988):
setxattr$system_posix_acl(0x0, &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100)=ANY=[@ANYRES32], 0x24, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = socket(0x1f, 0x2, 0x6)
recvmmsg$unix(r3, &(0x7f0000001a00)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000200)=""/4106, 0x100a}], 0x1}}], 0x1, 0x0, 0x0)
listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=""/133, 0x85)
pipe(&(0x7f00000000c0)={<r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f0000000040)=[{0x0}], 0x1, 0xf)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000001240)=[{0x0}, {&(0x7f00000012c0)=""/90, 0x5a}], 0x2, 0xf, 0x8000)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0xa00, 0x0, 0x101, 0x100}})

13m44.422914616s ago: executing program 33 (id=988):
setxattr$system_posix_acl(0x0, &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100)=ANY=[@ANYRES32], 0x24, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = socket(0x1f, 0x2, 0x6)
recvmmsg$unix(r3, &(0x7f0000001a00)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000200)=""/4106, 0x100a}], 0x1}}], 0x1, 0x0, 0x0)
listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=""/133, 0x85)
pipe(&(0x7f00000000c0)={<r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f0000000040)=[{0x0}], 0x1, 0xf)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/stat\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000001240)=[{0x0}, {&(0x7f00000012c0)=""/90, 0x5a}], 0x2, 0xf, 0x8000)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0xa00, 0x0, 0x101, 0x100}})

13m19.949687022s ago: executing program 0 (id=1042):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$pptp(0x18, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x64}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

13m17.92442671s ago: executing program 0 (id=1044):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e9"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

13m16.91537192s ago: executing program 0 (id=1045):
chroot(&(0x7f0000000480)='./file0/../file0\x00')
setxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20008080}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x4)

13m16.685188495s ago: executing program 0 (id=1047):
syz_mount_image$f2fs(&(0x7f0000000100), &(0x7f0000000040)='./bus\x00', 0x2000410, &(0x7f00000001c0)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06adb7b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02040000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f6505003cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096746a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd970140495fde085", @ANYRES8=0x0], 0xfe, 0x555e, &(0x7f0000005f80)="$eJzs3EtvG1UUAOA7TpPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKKhJ48R9fJ80PjPX12fusUaRzkzkADy15tPff03CxXAmhDATQjifhHw/KbbcSgwvhBAuhRBK/9iSYvzvgbkQwtkQwsVR8pgzKd768srw8vIvb/323Q+nT5376tsfp1c1MG0vhhC6m3F/pxtj1orxTjFeG7bz2L0+LGJ8o3u3OM5i3Gmu5xl2auN5tTxea8X52eZ2fxQ3OrX6KLbaG/n4Zi+esD9sjfPkH7hT28qPG831PLb7WR5be3Fdu3vxb9tefxDzNIp8H+fpw2AwjnG8uduM9WzezWO9NyjGY96s0dwdxWERi9OFetZp5OtYP8o3/Wh7u93b3k2Hza1+O+uly5XqS5XqjXJ1K2s0B83r5Vq3ceN6utDqjKaVB81ad6WVZa1Os1LPuovpQqteL1er6cLN5nq71kur1cq1ytXy8mKxdyV9/fb7aaeRLoziq+3e9ly70083sq00fmIxXapce3kxvVxN311dS9feuXVrde29D29+cPuV1TdfKybdt6x0Yenq0lK5erW8VF18cI1zx13/6AQHrH9wlPo/KxZ9iPqTQ10NcEguMIBDu6//D/p/4OFdPOC8x73/D5Ps/0ctlf7/wf1v6ej9/5H634fs/ydW/wTufzxq9cOR6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5aP81+/Ua+Mx+PzxXjF4qh54rjJIRQCiH8+R9mwty+nDNFntn/mT/7rzV8n4Q8w+gcp4vtbAhhpdj+ePa4vwUAAAB4cn3zyaUvYrceX+anvSBOUrxpUzr/0YTyJSGE2fmfJ5StNHp5fkLJ8uv7VNidULb8BtYzE0oWb7mdmlS2A5kZh08v3BvMC0piKJ3ocgAAgBMxsy+cbBcCAADASfp82gtgOpIwfpQ5fhac/+f9vUebZ/a9BwAAADyGkmkvAAAAADh2ef/v9/8AAADgyRZ//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiLnbvJWRqI4wD8b/uWDz8iMe69ijs4hkdw6VI4gJfgCHgFL8AZcOcRDDW0E5IqJMZObSTPk3TKtOQ3M9DNTJMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAMX2rD5svn95+HppzbobJMxoAAADgllN92LQfVl39ebr+Ml16nepFRJQR8fvMfRlVzHqZVcqpb36/aepf+vA1ok24tDFPx7OIeJeO6tXYvwIAAAA8ruNuv+5m612xmrpD/Evdok354n2mvCIi6tX3TGnlpXiTKax9vp/iY6a0dgFrkSmsW3J7un1vlquRvqp3SiNZbNs/sa2V47QLAABMqT8TuDMLAQAA4AF8mLoDTKO4Ftf3jPPulF4ILns1AAAA4D9UTN0BAAAAYHTt/H/4/n9NM/b+fz/s/wcAAAB/rdv/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDGd6sPmuNuv793f/mHOuRkm34gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Mn+vKNACIRBGOxd35nM/Q8rDRoam1SB8PE3BgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/vzkgIhEARRMGf876Tvf1hJ0DOIEAENjypq0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf9Ltf/k9MjTPJ3Glj6XgkWbtqbF019h40jh6Mt38DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzv38xtFFQcA/Ls7O0tBibWaHqoGEw96kXZBkKMeNI0H/wSTpmyxuogCByGNphc9mZ5J1OjRGBNNvfE/cKYJF7xx6KEmnjXzqww/lA2pM0v7+SRv3nd2J+993+yG8O2bFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKttvx4vdMk6yw3QRV6/d3Flbzvqt+/rM9Y1bc1nL4s6jJvr6rb1PfrK9VD85Nls7+bL5ZAAAADgYkqq+j4jb6eZi1nen8/o/ra7Jav4fjhZxVc/fX/dv7axNlW/NVfX/77/deX53oulinmzQldXRcOHBVHr/0xIn3jOPvKKX3/n8Zy9J/oF031t/bjvN72fnmxs33unn4aEmsgUAHsfxqi+D6v9DWT9oMzEADoxerfCu6v9kut2cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJqwvR5PVXEnIuZ6d+PM1s7a8sP66xu35qp2+tq1jfqY2RBpRKysjoZpg2uZdJeuXP14aTQaXmw+OBYR7c1eBh+McU3Ef19Tfj2jvVX8e9CZjDRaDbrl5zMp+exlUH339n7klv5BAgBgH0qORlmPp2VdfzvdXMxe68xE/P3jvfX/q7U4xqz/73x4+mZ9xnr9P2hqmRPv2+8izn86f+nK1ddXzy+dG54bfvLGicGbg5NnTp06M5/dq4X5legOF9pOFAAAgCdYv2z1+r878+D+/5FaHGPW/599P/iiPlei/n+ou5t+bWcCAABwEPV3o2df/uvPTv2tqaLr9Pvx+dLlyxcHxXH3/ERxbDzlx3CobPX6P5lpOysAAACgCdvrnXv2/8/W4hhz///pn174pT5mEhGHIy5ExPD48oXR2eaWM9Ga+EXlfKJ+2ysFAACgLYfLVuz/9/L9/zR//r+7+8hDNyJee6WIq791NU79n7z71c/1uerP/59sbokTqTtb3I+8n43ozbadEQAAAPvZVNmyYv+PdHPxo1+PvN/3/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA0/4JAAD//880Myg=")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x10000}, 0x50)
socket(0x1e, 0x4, 0x8)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0x1000004}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1}, 0x6e)
close(0xffffffffffffffff)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
sendfile(r3, r0, 0x0, 0x3ffff)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

13m14.33536938s ago: executing program 0 (id=1050):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x81}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0xffffffff, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffa, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623d, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0x400ba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x7c, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x7, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x4, 0x8, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x10, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x7, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x6], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x4, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x13, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x4, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x6, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x0, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x0, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x16a, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x9, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xa, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r3, 0x5501)
readv(r3, 0x0, 0x0)
write$input_event(r3, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)

13m8.563644992s ago: executing program 0 (id=1056):
gettid()
timer_settime(0x0, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000480)=""/95, 0x0, 0x10000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
r1 = eventfd2(0x1, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0500000004000009047f000001000000007b0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = dup2(r3, r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r5 = gettid()
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r6}, &(0x7f0000bbdffc))
kcmp$KCMP_EPOLL_TFD(r6, r5, 0x7, r2, &(0x7f0000000040)={r4, r0, 0xf})
r7 = syz_io_uring_setup(0x98c, &(0x7f00000010c0)={0x0, 0x637, 0x2, 0x2, 0xbfdffffc}, &(0x7f0000000080), &(0x7f0000000280))
io_uring_enter(r7, 0x56a0, 0x7501, 0x5, &(0x7f0000000000)={[0x67d]}, 0x8)
r8 = timerfd_create(0x9, 0x0)
timerfd_settime(r8, 0x2, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r10 = socket$inet6(0xa, 0x3, 0x2)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x4e24, 0x3, @empty}, 0x1c)
sendmmsg(r10, &(0x7f00000092c0), 0x4ff, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)

12m52.685557831s ago: executing program 34 (id=1056):
gettid()
timer_settime(0x0, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000480)=""/95, 0x0, 0x10000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
r1 = eventfd2(0x1, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0500000004000009047f000001000000007b0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = dup2(r3, r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r5 = gettid()
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r6}, &(0x7f0000bbdffc))
kcmp$KCMP_EPOLL_TFD(r6, r5, 0x7, r2, &(0x7f0000000040)={r4, r0, 0xf})
r7 = syz_io_uring_setup(0x98c, &(0x7f00000010c0)={0x0, 0x637, 0x2, 0x2, 0xbfdffffc}, &(0x7f0000000080), &(0x7f0000000280))
io_uring_enter(r7, 0x56a0, 0x7501, 0x5, &(0x7f0000000000)={[0x67d]}, 0x8)
r8 = timerfd_create(0x9, 0x0)
timerfd_settime(r8, 0x2, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r10 = socket$inet6(0xa, 0x3, 0x2)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x4e24, 0x3, @empty}, 0x1c)
sendmmsg(r10, &(0x7f00000092c0), 0x4ff, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)

9m32.250104922s ago: executing program 1 (id=1390):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='kfree\x00'}, 0x18)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x1018e58, &(0x7f0000000000), 0x6, 0x5fe, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvzCYxaaNpRcQWxYCHFqRpUotVL7b1YA8FC/Yg4qGhSWro9gdNCrYWTMGDgoKIV5Fe/Ae8S+/eRFBvnoUqUlFQ6crszqbbZDfdttmdNPP5wGbnvZnd97778jJvZvJ2Aiit8exHGrEj4taJJGKsZd1oNFaO59vd/OPKyeyRRK325u9JJHlec/skf96aJ4Yj4vvDEY9XVpe7cOny6elqreGDiL2LZ87vXbh0ec/8melTs6dmz07te2n/gcmXp/ZPrUucW/PnI0ffePrTD999ce6H6p4kDsbxwfdnYkUc62U8xuNWHmJr/kBEHMgW2nwuD5tNEEKpVfLfx8GIeDLGolJPNYzF/CeFVg7oqVologaUVKL/Q0k1xwHNY/vujoOP93hU0j83DjUOgFbHP9A4NxLD9WOjLTeTliOjxrmNbetQflbGf1d2fpk94o7zEH8vt87AOpTTydLViHiqXfxJvW7b6pFm8aeRtrwuiYjJiBjK6/faA9QhaVnuxXmYtdxL/K3tkH0WB/PnLP/wfZY/viLd7/gBKKfrh/Id+VKWur3/y8YezfFPtBn/jLbZd92Povd/ncd/zf39cP0cebpiHJaNWY61f8vBlRm/fHzk807lt47/skdWfnMs2A83rkbsXBH/R/WBXrLc/kmb9s82OXGwuzJe//G3I53WFR1/7VrErrbHP7dHpdnSGtcn987NV2cnGz/blvHtd+983an8ouPP2n9Lh/hb2j9d+brsMznfZRnfHLt2ptO60bvGn/46lDSON4fynPemFxcvTEUMJUfzTVry961dl+Y2zffI4t/9XPv+f8fv/9U732ek+SezC+ffOn2z07r7af+Wi8m3al3WoZMs/pm7t/+q/p/lfdZlGX+9ffGZTuvWin/kQQIDAAAAAACAEkrr12CTdGJ5OU0nJhrzZZ+ILWn13MLi83PnLp6didhd/3/IwbR5pXuskU6y9FT+/7DN9L4V6RciYntEfFEZqacnTp6rzhQdPAAAAAAAAAAAAAAAAAAAAGwQW/P5/837VP9Zacz/B0qilzeYAzY2/R/Kq97/V93iCSgD+38oL/0fykv/h/LS/6G89H8oL/0fykv/h/LS/wEAAABgU9r+7PWfk4hYemWk/sgM5evMCILNbbDoCgCFqRRdAaAwy5f+DfahdLoa//+Tfzlg76sDFCBpl1kfHNTW7vzX274SAAAAAAAAAAAAAOiBXTs6z/83Nxg2N9P+oLweYP6/rw6Ah5yv/ofycowP3G0W/3CnFeb/AwAAAAAAAAAAAEDfjNYfSTqRzwUejTSdmIh4NCK2xWAyN1+dnYyIxyLip8rgI1l6quhKAwAAAAAAAAAAAAAAAAAAwCazcOny6elqdfZC68K/q3I290LzLqh9KOvVuMdXRdL/j2UkIgpvlJ4tDLTkJBFLWctviIpdWIiNUY36QsF/mAAAAAAAAAAAAAAAAAAAoIRa5h63t/OrPtcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrv9v3/e7dQdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMPp/wAAAP//4OFAKg==")

9m28.370837277s ago: executing program 1 (id=1391):
unshare(0x6020400)
r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@jqfmt_vfsold}, {@minixdf}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
signalfd4(r0, &(0x7f0000000100)={[0x8]}, 0x8, 0x800)

9m27.502367353s ago: executing program 1 (id=1397):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000040)=0xd, 0x4)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3f7, &(0x7f00000004c0)="$eJzs281rXFUbAPDn3nyUt2nfxFq/2qrTBjGgJk2iQsBNRUVBcKE7FxKaaSlOmtKM2BYXKoKr4saVrlzpH+DGhSDuXQmudC+FIMW1jNyZe5txMhMzyYyjvb8fTHLO3DOc88yZZ+bcc2cCKK1K9ieJOBIRP0fEdKv61waV1r/fb793Prsl0Wi8/lvSbJfVi6bF46byylwakX6UxMku/W5ev/H2aq1WvZrXF+rrVxY2r9946tL66sXqxerl5ZVnzi4trzy7sjywWG/ePvXTxuev/fHJmV+mnr/51gvZeI/kx9rjGJRKVKKR6zz22KA7G7GjbeVkfIQDoS9jEZFN10Qz/6djLLYnbzpe/HCkgwOGKvtsOtT78PsN4C6WxKhHAIxG8UFfnNsP4zz432zrXOsEaGf845HmbSY6zm8HKTvbuvbmx99mtxjSPgQAQLvvsvXPk93WP2nc39bu//m1oZmIuCcijkXEvRFxPCLui2i2fSAiHuyz/0pHfef6J721r8D2KFv/Pdd1/Vus/mJmLK8dbcY/kVy4VKuezZ+TuZg4lNUXd+njx1e++rLXsUrb+i+7Zf0Xa8F8HLfGOzbo1lbrqweJud3WBxEnuq5/kztXApKIeCgiTuyzj2/ONT7rdezv4x+uxhcRj3ed/+2roMnu1ycXmq+HheJVsdOpd6+s9ep/1PFn83949/hnkvbrtZv99/H1zOmtXsf2+/qfTN5olifz+66t1utXFyMmk1d33r+0/diiXrTP4p+b7Z7/x2L7mTiZzWNEPBwRj0TEo/nYT0fEmYiY3SX+l2Zfru4//uHK4l/ra/77L6wvff9Dr/73Nv9PN0tz+T17ef/b6wAP8twBAADAf0Xa/A58ks7fKafp/HzrO/zH43Ba29isP3Fh453La63vys/ERFrsdE237Ycu5nvDRX2po76c7xt/Ova/Zn3+/Eat56YY8I+Y6pH/mV/HRj06YOj8XgvKS/5Decl/KC/5D+Ul/6G85D+Ul/yH8pL/UF7yH8pL/kMpHeR3/QoKCndrYdTvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPxZwAAAP//jYTnFQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write(r1, &(0x7f0000000a00)="c7885a8f24f458bed7211672288cfc5eb321cf4074dc131b8e11e775ef7ff1", 0x1f)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

9m24.831534035s ago: executing program 1 (id=1408):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x81}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000340)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0xffffffff, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffa, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623d, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0x400ba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x7c, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x7, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x4, 0x8, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x10, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x7, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x6], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x4, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x13, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x4, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x6, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x0, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x0, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x16a, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x9, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xa, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r3, 0x5501)
readv(r3, 0x0, 0x0)
write$input_event(r3, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCXONC(r5, 0x540a, 0x0)
ioctl$TCFLSH(r5, 0x400455c8, 0x4)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000100)={'ip_vti0\x00', 0x0})

9m17.642228685s ago: executing program 1 (id=1410):
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd, 0x0, 0xffffffffffffffff, 0x28}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x300, 0x22, 0x0, &(0x7f0000000040)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

9m17.35939795s ago: executing program 1 (id=1411):
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open(&(0x7f0000000300)='.\x02\x00', 0x14927e, 0x44)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x4, 0x4, 0x4, 0x10000, 0x808, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")

9m1.266173283s ago: executing program 35 (id=1411):
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open(&(0x7f0000000300)='.\x02\x00', 0x14927e, 0x44)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x4, 0x4, 0x4, 0x10000, 0x808, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")

7m53.027461948s ago: executing program 5 (id=1552):
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
epoll_create(0x8f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
write(0xffffffffffffffff, &(0x7f0000004200), 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
brk(0x55555ede6000)

7m52.874878011s ago: executing program 5 (id=1553):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newlink={0x28, 0x10, 0x1, 0x170bd27, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2100}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

7m51.539329336s ago: executing program 5 (id=1555):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x9, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000021c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
linkat(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
r6 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
fsmount(r6, 0x0, 0xe)
socket(0x840000000002, 0x3, 0xff)
io_uring_setup(0x67bb, &(0x7f0000000280))

7m49.999368246s ago: executing program 5 (id=1558):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
epoll_pwait2(0xffffffffffffffff, &(0x7f00000001c0)=[{}, {}, {}, {}, {}], 0x5, &(0x7f0000000200)={0x77359400}, &(0x7f0000000280)={[0x40]}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180900"/16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000003000000000000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x737, '\x00', 0x0, r5, 0x0, 0x1}, 0x50)
pipe2$9p(&(0x7f0000000240)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
memfd_create(&(0x7f00000002c0)='+,\x00', 0x5)
r8 = dup(r7)
write$FUSE_BMAP(r8, &(0x7f0000000100)={0x18}, 0x18)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
preadv(r9, &(0x7f0000010440)=[{&(0x7f0000000040)=""/160, 0x3fd}], 0x1, 0xc03, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])

7m47.799842919s ago: executing program 5 (id=1559):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x81}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
readv(r4, 0x0, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x4)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000100)={'ip_vti0\x00', 0x0})

7m43.996145102s ago: executing program 5 (id=1568):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$pptp(0x18, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x64}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

7m27.028385812s ago: executing program 36 (id=1568):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$pptp(0x18, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x64}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

9.417719867s ago: executing program 8 (id=2633):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000480)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10)
setxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20008080}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x4)
timer_settime(0x0, 0x1, &(0x7f0000000380)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

9.012523695s ago: executing program 6 (id=2635):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10)
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004}, &(0x7f0000000380))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f00000000c0)={'wg2\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000002480)=@raw={'raw\x00', 0x8, 0x3, 0x4e8, 0x0, 0x11, 0x148, 0x340, 0x0, 0x450, 0x2a8, 0x2a8, 0x450, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)

7.817508918s ago: executing program 6 (id=2636):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040c41090ea00000000000109022400010000002009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x0, 0x18, 0x3, &(0x7f0000000240)={0x91, "a52422ffd60775c221c4031d467d6648a97569b7d49cc4492d050600000000ff00"}})

7.816739988s ago: executing program 8 (id=2637):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, r0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0xa0502, 0x49)
io_setup(0x1, &(0x7f00000016c0)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x8, r6, &(0x7f0000000180)="282fa8c2", 0x4, 0x5}])
sendfile(r3, r4, 0x0, 0x20000023896)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x14c, 0x1a, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1b}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {}, 0x70bd28, 0x3500, 0xa, 0x4}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "217d66d38547aa140db8a200000000c538c7cb7a"}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x880}, 0x0)

5.65952671s ago: executing program 8 (id=2642):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e20, @broadcast}, 0x10)

5.359445645s ago: executing program 6 (id=2644):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff1, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x5, 0x8, 0x4, 0x202, 0x1, 0x7}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r9, {}, {0xffe6, 0xb}, {0xfff2, 0xa}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x34, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4d7c, 0xa}}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0xe3, 0x8}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008080)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

5.346073056s ago: executing program 4 (id=2645):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
r1 = memfd_create(&(0x7f00000003c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000009c0)=ANY=[@ANYBLOB="0020000002000000", @ANYRES32=r1, @ANYBLOB="0000000000000000000000000080"])
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f00000002c0)={r1, 0x1, 0x0, 0x8000})

5.15170055s ago: executing program 4 (id=2647):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/249, 0xf9}], 0x1}, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x400)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x10, @scatter={0x0, 0xcc, 0x0}, &(0x7f0000000240)="238d7acf0800", 0x0, 0x0, 0x0, 0x0, 0x0})
sched_setattr(0x0, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
syz_open_dev$vim2m(0x0, 0x4, 0x2)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x3, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f00000000c0)={0x2, 0x0, 0x40, 0x0, 0x8})
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r7=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r5, 0xc01c64a3, &(0x7f0000000280)={0x1, r7, 0x1, 0x1, 0xa, 0x1ff, 0x1})
close_range(r4, 0xffffffffffffffff, 0x0)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000000)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000080)={@host})

4.905930434s ago: executing program 6 (id=2648):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
r1 = syz_io_uring_setup(0x27f0, &(0x7f0000000340)={0x0, 0x400000, 0x10100, 0x400001, 0x28c}, &(0x7f0000000080), &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0xd762, 0x100, 0x0, 0x134, 0x0, r1}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x0, 0x0})
io_uring_enter(r1, 0x8184c, 0x0, 0x9, 0x0, 0x0)

4.63992255s ago: executing program 8 (id=2650):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r2 = openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000380)={0x0, 0x0, 0x200, 0x5})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r3, 0x3b89, &(0x7f00000002c0)={0x28, 0x3, r4, r5, 0x0, 0x0, 0xdead, 0x40, 0x0})
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x48, 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r5, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5})
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x4, {0x9, @vbi={0x0, 0x101, 0x401, 0x43353039, [0x6, 0x3], [0x7, 0xe], 0x13a}}, 0xfffffffd})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
r7 = io_uring_setup(0x2c23, &(0x7f0000000540)={0x0, 0x3120, 0x800, 0x1, 0xf3})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, 0x0, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca7"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100003441eb4023398a716a76070203010902240001000040000904ee00029490a0000905041c0000000000090588"], 0x0)

4.268144027s ago: executing program 7 (id=2652):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040c41090ea00000000000109022400010000002009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x0, 0x18, 0x3, &(0x7f0000000240)={0x91, "a52422ffd60775c221c4031d467d6648a97569b7d49cc4492d050600000000ff00"}})

3.740584837s ago: executing program 4 (id=2653):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

3.647299949s ago: executing program 4 (id=2654):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@loopback, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x2, 0x2}, {{@in=@empty, 0x1, 0x32}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x400, 0xfffffffd}}, 0xe8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(&(0x7f0000000140), 0xd, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000600))
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2542, 0x0)
write$P9_RLOPEN(r4, &(0x7f0000000000)={0x18, 0xd, 0x1, {{0x2, 0x3}, 0x5}}, 0x18)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(0xffffffffffffffff, 0x80184153, 0x0)

2.893531083s ago: executing program 6 (id=2655):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e20, @broadcast}, 0x10)

1.995021441s ago: executing program 6 (id=2656):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000002c0))
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4138ae84, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, 0x0)
r9 = fsopen(&(0x7f0000000100)='hpfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000180)='gid', &(0x7f0000000440)='\x05\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81F\xa9sz{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x8d\x84\'\xa3\xf1', 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r10, &(0x7f0000000700)={0x0, 0x900, &(0x7f0000000200)={&(0x7f0000000040)={0x34, 0x5, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x40)
landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x1}, 0x18, 0x0)
syz_usb_connect(0x4, 0xd3, &(0x7f0000000480)={{0x12, 0x1, 0x200, 0x84, 0x89, 0x46, 0xff, 0x1d4d, 0xc, 0x1197, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc1, 0x3, 0x21, 0x0, 0x10, 0x1, [{{0x9, 0x4, 0x14, 0xf, 0x0, 0xb8, 0xf, 0xb7, 0x6, [@uac_control={{0xa, 0x24, 0x1, 0x9, 0x9}, [@output_terminal={0x9, 0x24, 0x3, 0x5, 0x2fb, 0x4, 0x3, 0x2}, @feature_unit={0xf, 0x24, 0x6, 0x2, 0x2, 0x4, [0x3, 0x6, 0x4, 0x6], 0x5}, @selector_unit={0x8, 0x24, 0x5, 0x5, 0xfc, "489f31"}, @mixer_unit={0x5, 0x24, 0x4, 0x2, 0x60}, @selector_unit={0x5, 0x24, 0x5, 0x5, 0x81}]}]}}, {{0x9, 0x4, 0x7e, 0x8, 0x5, 0xc4, 0xe4, 0x13, 0x1, [], [{{0x9, 0x5, 0xd, 0x10, 0x3ff, 0x19, 0xe, 0x1d}}, {{0x9, 0x5, 0xe, 0x4, 0x40, 0x7, 0xd, 0x5}}, {{0x9, 0x5, 0xc, 0x10, 0x10, 0x2, 0xe, 0xd, [@generic={0x2f, 0xc, "26f5046af0276a40f990be2b5c39e1a4b6abecbcd88363fc0f8b96224e6ac781fd22ae23eb6bdcf023c58f550c"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x8f, 0x6}]}}, {{0x9, 0x5, 0x9, 0x1, 0x10, 0xd, 0x2, 0xfb, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}]}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0x6, 0x4, 0x8}}]}}, {{0x9, 0x4, 0x6, 0x81, 0x0, 0xfc, 0x5b, 0x82, 0xd7}}]}}]}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.903623783s ago: executing program 7 (id=2657):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x0, &(0x7f0000000180)}, 0x10)
r1 = socket$inet(0x2, 0x3, 0x6)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000140)='batadv0\x00', 0x10)
sendto$inet(r1, &(0x7f0000000000)="9a9c94a4190e99829ee64c8477", 0xd, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10)

1.867256843s ago: executing program 4 (id=2658):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e20, @broadcast}, 0x10)

1.804658104s ago: executing program 7 (id=2659):
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x180)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1.647819658s ago: executing program 7 (id=2660):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r0}, 0x10)
socket$inet(0x2, 0x2, 0x1)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1a1042, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
timerfd_create(0x7, 0x800)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
pipe2$9p(&(0x7f0000001900), 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x303, 0x300}})

1.53030476s ago: executing program 7 (id=2661):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10)
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004}, &(0x7f0000000380))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000000c0)={'wg2\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000002480)=@raw={'raw\x00', 0x8, 0x3, 0x4e8, 0x0, 0x11, 0x148, 0x340, 0x0, 0x450, 0x2a8, 0x2a8, 0x450, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)

936.168831ms ago: executing program 8 (id=2662):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

835.282963ms ago: executing program 4 (id=2663):
creat(&(0x7f0000000340)='./file0\x00', 0x101)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
flock(0xffffffffffffffff, 0x2)
open(0x0, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r6, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, r6, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

771.442415ms ago: executing program 8 (id=2664):
syz_open_procfs(0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0xa0}, {@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x23}}, 0x0, 0x33}, @in6=@empty, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff1, 0x3}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}, {0x0, 0x0, 0x796}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x1a0b1}}, 0xf8}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in=@loopback, @in=@local, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x80, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x502a, 0x9ba3, 0xffff, 0x8251c, 0x5, 0x40}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x2, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, @remote, 0x0, 0x40, 0x0, 0x500, 0x9, 0x6400120})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0)
mremap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)

0s ago: executing program 7 (id=2665):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040c41090ea00000000000109022400010000002009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="2001d4"], 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x0, 0x18, 0x3, &(0x7f0000000240)={0x91, "a52422ffd60775c221c4031d467d6648a97569b7d49cc4492d050600000000ff00"}})

kernel console output (not intermixed with test programs):

.657738][T14277] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4031: comm syz.8.1771: Allocating blocks 385-513 which overlap fs metadata
[ 1213.727641][T14277] EXT4-fs (loop8): pa ffff8880781013a0: logic 16, phys. 129, len 24
[ 1213.736625][T14277] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8
[ 1213.875658][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1214.143052][ T5793] Bluetooth: hci1: command 0x1003 tx timeout
[ 1214.150563][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1218.620562][T14323] input: syz1 as /devices/virtual/input/input136
[ 1218.853400][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1219.314574][T14326] loop8: detected capacity change from 0 to 256
[ 1219.344221][T14326] exFAT-fs (loop8): error, The cluster chain has a loop
[ 1219.378735][T14326] exFAT-fs (loop8): failed to count the number of clusters in root
[ 1219.387934][T14326] exFAT-fs (loop8): failed to recognize exfat type
[ 1219.879336][T14328] loop8: detected capacity change from 0 to 512
[ 1219.985444][T14328] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1220.022483][T14328] EXT4-fs error (device loop8): ext4_xattr_ibody_find:2244: inode #15: comm syz.8.1782: corrupted in-inode xattr: invalid ea_ino
[ 1220.049937][T14328] EXT4-fs error (device loop8): ext4_orphan_get:1404: comm syz.8.1782: couldn't read orphan inode 15 (err -117)
[ 1220.097146][T14328] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1220.228892][T14328] EXT4-fs error (device loop8): ext4_lookup:1862: inode #2: comm syz.8.1782: deleted inode referenced: 15
[ 1220.290464][T14328] EXT4-fs error (device loop8): ext4_lookup:1862: inode #2: comm syz.8.1782: deleted inode referenced: 15
[ 1222.286818][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1222.857111][T14335] input: syz1 as /devices/virtual/input/input137
[ 1222.946719][ T5793] Bluetooth: hci1: sending frame failed (-49)
[ 1222.955746][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -49
[ 1224.554468][T14322] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1226.018534][T14350] loop8: detected capacity change from 0 to 512
[ 1226.233363][T14350] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1226.371622][T14350] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1227.667633][T14369] input: syz1 as /devices/virtual/input/input138
[ 1228.038453][T14372] loop6: detected capacity change from 0 to 512
[ 1229.088612][T13732] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1229.883482][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1231.086320][T14201] Bluetooth: hci0: command 0x0406 tx timeout
[ 1231.339909][T14390] loop4: detected capacity change from 0 to 256
[ 1231.422566][T14390] exFAT-fs (loop4): error, The cluster chain has a loop
[ 1231.436239][T14390] exFAT-fs (loop4): failed to count the number of clusters in root
[ 1231.444761][T14390] exFAT-fs (loop4): failed to recognize exfat type
[ 1231.616694][T14392] input: syz1 as /devices/virtual/input/input139
[ 1232.132351][ T5785] Bluetooth: hci1: command 0x1003 tx timeout
[ 1232.132399][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1233.729352][ T5793] Bluetooth: hci5: command 0x1003 tx timeout
[ 1233.729453][T14201] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1234.481693][T14405] input: syz1 as /devices/virtual/input/input140
[ 1238.238353][T14411] loop6: detected capacity change from 0 to 40427
[ 1238.275799][T14411] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[ 1238.283700][T14411] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1238.306461][T14411] F2FS-fs (loop6): invalid crc value
[ 1238.378496][T14411] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1238.430145][T14411] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1238.439250][T14411] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1238.856417][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.863161][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.874443][T14424] loop4: detected capacity change from 0 to 256
[ 1239.920008][T14424] exFAT-fs (loop4): error, The cluster chain has a loop
[ 1239.943791][T14424] exFAT-fs (loop4): failed to count the number of clusters in root
[ 1239.980247][T14424] exFAT-fs (loop4): failed to recognize exfat type
[ 1240.139631][T13738] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1240.219674][T14427] loop7: detected capacity change from 0 to 512
[ 1240.227456][T14424] loop4: detected capacity change from 0 to 1024
[ 1240.234741][T14424] EXT4-fs: Ignoring removed orlov option
[ 1240.342101][T14424] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1240.584064][   T28] audit: type=1804 audit(1758507488.273:209): pid=14438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1806" name="/newroot/246/bus/bus" dev="loop4" ino=18 res=1 errno=0
[ 1240.638432][T14427] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1240.729938][T14427] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1241.229487][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1241.738684][T14444] input: syz1 as /devices/virtual/input/input141
[ 1244.685754][T14473] loop4: detected capacity change from 0 to 256
[ 1246.911592][T14493] loop8: detected capacity change from 0 to 2048
[ 1246.967854][T12583] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1246.984793][T14493] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1249.895636][T14514] loop7: detected capacity change from 0 to 512
[ 1250.991542][T14514] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #16: comm syz.7.1823: corrupted inode contents
[ 1251.007570][T14514] EXT4-fs error (device loop7): ext4_dirty_inode:6106: inode #16: comm syz.7.1823: mark_inode_dirty error
[ 1251.025490][T14514] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #16: comm syz.7.1823: corrupted inode contents
[ 1251.046568][T14514] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #16: comm syz.7.1823: mark_inode_dirty error
[ 1251.059250][T14514] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #16: comm syz.7.1823: corrupted inode contents
[ 1251.072371][T14514] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem
[ 1251.089022][T14514] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #16: comm syz.7.1823: corrupted inode contents
[ 1251.102445][T14514] EXT4-fs error (device loop7): ext4_truncate:4288: inode #16: comm syz.7.1823: mark_inode_dirty error
[ 1251.125558][T14514] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem
[ 1251.142170][T14514] EXT4-fs (loop7): 1 truncate cleaned up
[ 1251.150659][T14514] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1251.163833][T14514] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1251.249920][T14459] Quota error (device loop7): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1251.281219][T14459] EXT4-fs error (device loop7): ext4_release_dquot:6976: comm kworker/u4:59: Failed to release dquot type 1
[ 1251.308567][T14525] loop6: detected capacity change from 0 to 256
[ 1251.502820][T12583] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1253.500815][T14577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1829'.
[ 1256.723843][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1256.919667][T14614] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1839'.
[ 1257.758229][T14627] loop7: detected capacity change from 0 to 1024
[ 1257.937697][T14627] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1257.956702][T14627] EXT4-fs (loop7): can't mount with both data=journal and delalloc
[ 1257.963704][T14629] syz.6.1844[14629] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1257.965130][T14629] syz.6.1844[14629] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1258.142572][T14635] loop6: detected capacity change from 0 to 128
[ 1258.179310][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.188139][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.196069][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.259521][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.267432][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.275044][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.283003][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.312816][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.372922][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.417944][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.460967][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.486096][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.514765][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.545938][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.594440][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.642605][T14643] loop4: detected capacity change from 0 to 4096
[ 1258.649285][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.665688][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.717655][ T5784] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[ 1258.749214][T14643] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1258.827682][ T5784] hid-generic 0003:0004:0000.0008: hidraw0: USB HID v0.00 Device [syz0] on syz1
[ 1260.325016][T14662] loop6: detected capacity change from 0 to 512
[ 1260.376004][T14662] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[ 1260.392013][T14662] EXT4-fs (loop6): orphan cleanup on readonly fs
[ 1260.400931][T14662] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:512: comm syz.6.1852: Block bitmap for bg 0 marked uninitialized
[ 1260.443308][T14662] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6637: Corrupt filesystem
[ 1260.501300][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1260.526874][T14662] EXT4-fs (loop6): 1 orphan inode deleted
[ 1260.534092][T14662] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1260.663126][T14661] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended
[ 1260.709264][T14661] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[ 1261.313457][T10722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1261.969754][T14675] fuse: Bad value for 'fd'
[ 1263.063238][T14681] loop7: detected capacity change from 0 to 2048
[ 1263.115375][T14681]  loop7: p1 < > p4
[ 1263.137928][T14681] loop7: p4 size 8388608 extends beyond EOD, truncated
[ 1263.228873][T14670] loop4: detected capacity change from 0 to 40427
[ 1263.286031][T14670] F2FS-fs (loop4): Small segment_count (9 < 1 * 24)
[ 1263.303202][T14670] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1263.393727][T14670] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1263.513161][T14670] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1263.521728][T14670] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1263.764345][T14689] input: syz1 as /devices/virtual/input/input143
[ 1263.840811][T13738] udevd[13738]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory
[ 1264.169216][T13732] udevd[13732]: inotify_add_watch(7, /dev/loop7p4, 10) failed: No such file or directory
[ 1265.456263][T14708] loop4: detected capacity change from 0 to 2048
[ 1265.523205][T14708]  loop4: p1 < > p4
[ 1265.540169][T14708] loop4: p4 size 8388608 extends beyond EOD, truncated
[ 1269.659843][T14751] input: syz1 as /devices/virtual/input/input145
[ 1270.368354][T14760] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1879'.
[ 1271.901438][T14768] loop4: detected capacity change from 0 to 2048
[ 1271.979748][T14768]  loop4: p1 < > p3
[ 1272.008902][T14768] loop4: p3 size 134217728 extends beyond EOD, truncated
[ 1272.988836][T14762] loop6: detected capacity change from 0 to 40427
[ 1273.034796][T14762] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[ 1273.116308][T14762] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1273.206430][T14762] F2FS-fs (loop6): invalid crc value
[ 1273.217466][T14768] kvm: emulating exchange as write
[ 1273.255657][T14762] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1273.408893][T14762] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1273.435542][T14762] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1273.549083][ T5784] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1273.572631][T14772] loop4: detected capacity change from 0 to 8192
[ 1273.756082][ T5784] usb 9-1: Using ep0 maxpacket: 32
[ 1273.778519][ T5784] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1273.810209][ T5784] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1273.866038][ T5784] usb 9-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 1273.896121][ T5784] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1273.927343][ T5784] usb 9-1: config 0 descriptor??
[ 1273.938471][ T5784] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[ 1275.722560][T14801] loop6: detected capacity change from 0 to 40427
[ 1275.748434][T14801] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[ 1275.780134][T14801] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1275.829239][T14801] F2FS-fs (loop6): invalid crc value
[ 1275.869614][T14801] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1275.991967][T14801] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1276.012726][T14801] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1276.118925][   T28] audit: type=1804 audit(1758507523.813:210): pid=14801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1890" name="/newroot/202/bus/bus" dev="loop6" ino=10 res=1 errno=0
[ 1276.229028][   T28] audit: type=1804 audit(1758507523.853:211): pid=14801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.1890" name="/newroot/202/bus/bus" dev="loop6" ino=10 res=1 errno=0
[ 1276.281179][T14809] syz.6.1890: attempt to access beyond end of device
[ 1276.281179][T14809] loop6: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[ 1276.357861][T14801] syz.6.1890: attempt to access beyond end of device
[ 1276.357861][T14801] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1276.708928][ T5771] usb 9-1: USB disconnect, device number 3
[ 1278.089089][T14825] input: syz1 as /devices/virtual/input/input147
[ 1278.439564][T14831] loop8: detected capacity change from 0 to 128
[ 1278.557337][T14831] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1278.652695][T14831] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1279.772649][T13475] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1279.871171][T14850] loop6: detected capacity change from 0 to 256
[ 1280.761518][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1280.766307][ T5793] Bluetooth: hci1: command 0x1003 tx timeout
[ 1280.833191][T14850] exFAT-fs (loop6): error, The cluster chain has a loop
[ 1280.935965][T14850] exFAT-fs (loop6): failed to count the number of clusters in root
[ 1280.969813][T14850] exFAT-fs (loop6): failed to recognize exfat type
[ 1281.103585][T14857] loop7: detected capacity change from 0 to 1024
[ 1281.146966][T14857] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1282.509597][T14863] loop6: detected capacity change from 0 to 512
[ 1282.608800][T14863] EXT4-fs (loop6): Test dummy encryption mode enabled
[ 1282.623948][T14857] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:478: comm syz.7.1903: Invalid block bitmap block 0 in block_group 0
[ 1282.827866][T14863] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2244: inode #15: comm syz.6.1901: corrupted in-inode xattr: invalid ea_ino
[ 1282.845927][T14863] EXT4-fs error (device loop6): ext4_orphan_get:1404: comm syz.6.1901: couldn't read orphan inode 15 (err -117)
[ 1282.869308][T14863] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1282.998727][T14863] EXT4-fs error (device loop6): ext4_lookup:1862: inode #2: comm syz.6.1901: deleted inode referenced: 15
[ 1283.787032][T14857] Quota error (device loop7): write_blk: dquota write failed
[ 1283.839610][T14857] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[ 1283.914155][T14857] EXT4-fs error (device loop7): ext4_acquire_dquot:6940: comm syz.7.1903: Failed to acquire dquot type 0
[ 1283.994806][T14857] EXT4-fs error (device loop7): ext4_free_blocks:6676: comm syz.7.1903: Freeing blocks not in datazone - block = 0, count = 4096
[ 1284.067542][T14857] EXT4-fs error (device loop7): ext4_read_inode_bitmap:140: comm syz.7.1903: Invalid inode bitmap blk 0 in block_group 0
[ 1284.162552][T14857] EXT4-fs error (device loop7) in ext4_free_inode:363: Corrupt filesystem
[ 1284.214594][T14857] EXT4-fs (loop7): 1 orphan inode deleted
[ 1284.272456][T14857] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1284.902170][T12637] Quota error (device loop7): do_check_range: Getting block 0 out of range 1-8
[ 1284.953071][T12637] EXT4-fs error (device loop7): ext4_release_dquot:6976: comm kworker/u4:47: Failed to release dquot type 0
[ 1284.983322][T12583] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1285.000359][T10722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1285.394855][T14880] 9pnet_fd: Insufficient options for proto=fd
[ 1285.588656][T14890] overlayfs: invalid redirect ((null))
[ 1286.791037][T14901] input: syz1 as /devices/virtual/input/input148
[ 1286.928805][T14910] netlink: 'syz.7.1917': attribute type 4 has an invalid length.
[ 1288.181721][ T5784] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1288.377353][ T5784] usb 7-1: Using ep0 maxpacket: 32
[ 1288.402580][ T5784] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1288.472011][ T5784] usb 7-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[ 1288.490992][ T5784] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1288.517853][ T5784] usb 7-1: config 0 descriptor??
[ 1288.734692][T14928] overlayfs: invalid redirect ((null))
[ 1288.765442][ T5784] usbhid 7-1:0.0: can't add hid device: -71
[ 1288.775706][ T5784] usbhid: probe of 7-1:0.0 failed with error -71
[ 1288.797140][ T5784] usb 7-1: USB disconnect, device number 7
[ 1290.378502][T14939] input: syz1 as /devices/virtual/input/input149
[ 1291.484809][T14960] overlayfs: failed to resolve './bus': -2
[ 1292.628017][T14959] loop4: detected capacity change from 0 to 16
[ 1292.638613][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1292.715926][T14201] Bluetooth: hci1: command 0x1003 tx timeout
[ 1294.766090][T14972] overlayfs: invalid redirect ((null))
[ 1296.863675][T14967] loop7: detected capacity change from 0 to 40427
[ 1296.876692][T14967] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[ 1296.884873][T14967] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[ 1296.936533][T14967] F2FS-fs (loop7): invalid crc value
[ 1297.076312][T14990] input: syz1 as /devices/virtual/input/input150
[ 1297.106322][T14967] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1297.192544][T14967] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[ 1297.202660][T14967] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[ 1297.357314][T14967] syz.7.1934: attempt to access beyond end of device
[ 1297.357314][T14967] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1297.377163][T14967] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[ 1297.479253][T12601] F2FS-fs (loop7): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1297.499724][T12601] F2FS-fs (loop7): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[ 1298.993045][ T5785] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1299.201772][ T5785] Bluetooth: hci5: command 0x1003 tx timeout
[ 1299.209186][T14201] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1299.759686][T15017] overlayfs: invalid redirect ((null))
[ 1300.904284][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.911098][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1301.501127][T15029] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1952'.
[ 1301.526752][T15029] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1952'.
[ 1303.239091][T15053] overlayfs: invalid redirect ((null))
[ 1303.419655][ T5847] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1303.616756][ T5847] usb 5-1: Using ep0 maxpacket: 16
[ 1303.635614][ T5847] usb 5-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2
[ 1303.656354][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1303.671682][ T5847] usb 5-1: Product: syz
[ 1303.678435][ T5847] usb 5-1: Manufacturer: syz
[ 1303.683318][ T5847] usb 5-1: SerialNumber: syz
[ 1303.711610][ T5847] usb 5-1: config 0 descriptor??
[ 1303.734440][ T5847] usb 5-1: Quirk or no altest; falling back to MIDI 1.0
[ 1303.767922][ T5847] snd-usb-audio: probe of 5-1:0.0 failed with error -2
[ 1303.798038][T13738] udevd[13738]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1305.006286][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1305.191216][T15069] loop8: detected capacity change from 0 to 256
[ 1305.214302][T15069] exFAT-fs (loop8): error, The cluster chain has a loop
[ 1305.276104][T15069] exFAT-fs (loop8): failed to count the number of clusters in root
[ 1305.284121][T15069] exFAT-fs (loop8): failed to recognize exfat type
[ 1305.660036][T15074] loop7: detected capacity change from 0 to 256
[ 1305.863352][T15074] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[ 1305.905380][T15075] loop8: detected capacity change from 0 to 512
[ 1305.937053][T15075] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1306.097393][T15075] EXT4-fs error (device loop8): ext4_xattr_ibody_find:2244: inode #15: comm syz.8.1963: corrupted in-inode xattr: invalid ea_ino
[ 1306.114006][T15075] EXT4-fs error (device loop8): ext4_orphan_get:1404: comm syz.8.1963: couldn't read orphan inode 15 (err -117)
[ 1306.138635][T15075] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1306.289730][T15075] EXT4-fs error (device loop8): ext4_lookup:1862: inode #2: comm syz.8.1963: deleted inode referenced: 15
[ 1306.825925][  T966] usb 5-1: USB disconnect, device number 9
[ 1308.134781][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1309.174202][T15101] loop8: detected capacity change from 0 to 1024
[ 1309.192715][T15101] EXT4-fs: Ignoring removed nobh option
[ 1309.206022][T15101] EXT4-fs: Ignoring removed bh option
[ 1309.276478][T15101] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1310.927702][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1312.466402][T15156] loop8: detected capacity change from 0 to 128
[ 1312.715516][   T28] audit: type=1804 audit(1758507560.403:212): pid=15156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.1985" name="/newroot/90/file0/bus" dev="loop8" ino=1048684 res=1 errno=0
[ 1312.970795][T15169] loop6: detected capacity change from 0 to 128
[ 1313.996894][T15172] loop8: detected capacity change from 0 to 512
[ 1314.027909][T15172] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1314.071842][T15172] EXT4-fs (loop8): 1 truncate cleaned up
[ 1314.082530][T15172] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1314.183264][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1314.531410][T15187] input: syz1 as /devices/virtual/input/input151
[ 1314.856349][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1315.340372][T15196] loop8: detected capacity change from 0 to 512
[ 1315.483656][T15194] loop4: detected capacity change from 0 to 512
[ 1315.702433][T15196] EXT4-fs error (device loop8): ext4_xattr_ibody_find:2244: inode #15: comm syz.8.1997: corrupted in-inode xattr: invalid ea_ino
[ 1315.858184][T15194] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1315.919811][T15196] EXT4-fs error (device loop8): ext4_orphan_get:1404: comm syz.8.1997: couldn't read orphan inode 15 (err -117)
[ 1316.027248][T15196] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1316.308243][   T28] audit: type=1800 audit(1758507564.003:213): pid=15196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1997" name="file1" dev="loop8" ino=19 res=0 errno=0
[ 1317.158193][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1317.276432][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1317.795007][T15222] overlayfs: overlapping lowerdir path
[ 1318.021805][T14201] Bluetooth: hci1: sending frame failed (-49)
[ 1318.084715][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -49
[ 1318.994721][T15239] loop4: detected capacity change from 0 to 1024
[ 1319.106997][T15239] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1320.090340][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1320.114018][T15246] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2009'.
[ 1320.150871][T15246] netlink: 2 bytes leftover after parsing attributes in process `syz.8.2009'.
[ 1320.917724][T15266] overlayfs: overlapping lowerdir path
[ 1321.761241][T15270] loop8: detected capacity change from 0 to 512
[ 1321.798716][T15270] EXT4-fs: Invalid want_extra_isize 32771
[ 1321.871319][T13738] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1322.123719][T15270] loop8: detected capacity change from 0 to 512
[ 1322.669112][T15270] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1322.854203][T15270] ext4 filesystem being mounted at /98/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1323.122777][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1323.314957][T15289] hub 8-0:1.0: USB hub found
[ 1323.359360][T15289] hub 8-0:1.0: 1 port detected
[ 1323.647027][T15291] loop4: detected capacity change from 0 to 2048
[ 1323.805355][T15291] EXT4-fs: Ignoring removed bh option
[ 1324.296037][T15291] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1324.431204][T15291] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 1324.567547][T15291] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 22 with error 28
[ 1324.669670][T15302] EXT4-fs warning (device loop4): ext4_resize_begin:84: There are errors in the filesystem, so online resizing is not allowed
[ 1324.678395][T15291] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1324.678395][T15291] 
[ 1324.693189][T15291] EXT4-fs (loop4): Total free blocks count 0
[ 1324.699393][T15291] EXT4-fs (loop4): Free/Dirty block details
[ 1325.144228][T15291] EXT4-fs (loop4): free_blocks=2415919104
[ 1325.162279][T15291] EXT4-fs (loop4): dirty_blocks=48
[ 1325.172714][T15305] overlayfs: overlapping lowerdir path
[ 1325.183891][T15291] EXT4-fs (loop4): Block reservation details
[ 1325.213111][T15291] EXT4-fs (loop4): i_reserved_data_blocks=3
[ 1325.369117][T12624] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[ 1328.576096][ T5847] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1329.948093][ T5847] usb 7-1: config 0 has an invalid interface number: 156 but max is 0
[ 1329.967738][ T5847] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1329.992731][ T5847] usb 7-1: config 0 has no interface number 0
[ 1330.002084][ T5847] usb 7-1: config 0 interface 156 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1330.026103][ T5847] usb 7-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice=d6.b9
[ 1330.061810][ T5847] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1330.106791][ T5847] usb 7-1: config 0 descriptor??
[ 1330.139086][ T5847] gspca_main: spca561-2.14.0 probing abcd:cdee
[ 1330.158009][T15350] overlayfs: overlapping lowerdir path
[ 1330.405189][ T5847] spca561: probe of 7-1:0.156 failed with error -22
[ 1330.453641][ T5847] usb 7-1: Quirk or no altest; falling back to MIDI 1.0
[ 1330.491459][ T5847] usb 7-1: MIDIStreaming interface descriptor not found
[ 1330.690550][T15355] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2038'.
[ 1330.818755][T15355] loop7: detected capacity change from 0 to 1024
[ 1330.945186][T15355] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1332.611396][ T5847] usb 7-1: USB disconnect, device number 8
[ 1332.712909][T12583] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1334.452690][T15388] overlayfs: overlapping lowerdir path
[ 1335.088825][T15391] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2046'.
[ 1335.749748][T15398] ip6tnl0: Caught tx_queue_len zero misconfig
[ 1337.129256][T15411] overlayfs: overlapping lowerdir path
[ 1340.060891][T15451] loop8: detected capacity change from 0 to 512
[ 1340.165493][T15451] EXT4-fs: Ignoring removed i_version option
[ 1340.587267][T15451] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002]
[ 1341.022613][T15451] System zones: 0-2, 18-18, 34-35
[ 1341.069572][T15451] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1341.176062][T15451] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1341.420732][T15465] overlayfs: overlapping lowerdir path
[ 1341.681600][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1341.821779][T15469] 9pnet_fd: Insufficient options for proto=fd
[ 1341.948660][T15474] overlayfs: missing 'lowerdir'
[ 1344.243935][T15501] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2077'.
[ 1344.878604][T15509] overlayfs: overlapping lowerdir path
[ 1349.198336][T15546] loop8: detected capacity change from 0 to 512
[ 1349.489229][T15546] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1349.502650][T15546] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1351.559747][T15557] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2090'.
[ 1351.946847][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1352.083142][T15561] overlayfs: overlapping lowerdir path
[ 1352.239316][T15565] loop8: detected capacity change from 0 to 512
[ 1352.504623][T15565] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1353.855281][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1355.111653][T15603] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2102'.
[ 1355.328474][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1355.730051][T15618] overlayfs: conflicting lowerdir path
[ 1357.150160][T15632] loop4: detected capacity change from 0 to 512
[ 1357.169278][T15632] EXT4-fs (loop4): DAX unsupported by block device.
[ 1357.335502][T15630] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2114'.
[ 1357.449567][T15632] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2113'.
[ 1359.726081][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1359.888669][T15654] loop4: detected capacity change from 0 to 512
[ 1359.896249][T15654] EXT4-fs: Ignoring removed i_version option
[ 1359.902701][T15654] EXT4-fs: Ignoring removed bh option
[ 1360.298155][T15654] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1360.313295][T15654] ext4 filesystem being mounted at /326/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1360.983708][T15660] overlayfs: conflicting lowerdir path
[ 1361.430725][T15647] loop6: detected capacity change from 0 to 40427
[ 1361.455210][T15647] F2FS-fs (loop6): Invalid segment count (1)
[ 1361.492262][T15647] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1361.537986][T15647] F2FS-fs (loop6): Unrecognized mount option "whint_mode=off" or missing value
[ 1361.778015][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.791816][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1364.274587][T15669] loop6: detected capacity change from 0 to 40427
[ 1364.552713][T15669] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1364.684214][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1364.695097][T15669] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1365.951751][T15681] loop4: detected capacity change from 0 to 256
[ 1366.110978][T15681] FAT-fs (loop4): Directory bread(block 64) failed
[ 1366.118342][T15681] FAT-fs (loop4): Directory bread(block 65) failed
[ 1366.125630][T15681] FAT-fs (loop4): Directory bread(block 66) failed
[ 1366.132530][T15681] FAT-fs (loop4): Directory bread(block 67) failed
[ 1366.140048][T15681] FAT-fs (loop4): Directory bread(block 68) failed
[ 1366.146973][T15681] FAT-fs (loop4): Directory bread(block 69) failed
[ 1366.154606][T15681] FAT-fs (loop4): Directory bread(block 70) failed
[ 1366.161642][T15681] FAT-fs (loop4): Directory bread(block 71) failed
[ 1366.169041][T15681] FAT-fs (loop4): Directory bread(block 72) failed
[ 1366.175848][T15681] FAT-fs (loop4): Directory bread(block 73) failed
[ 1370.885005][T15688] syz.6.2127[15688] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1370.885309][T15688] syz.6.2127[15688] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1371.479349][T15698] overlayfs: conflicting lowerdir path
[ 1371.776015][ T5771] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1371.848177][T15702] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1371.977945][ T5771] usb 7-1: Using ep0 maxpacket: 16
[ 1372.100880][ T5771] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1372.210832][ T5771] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1372.506305][ T5771] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1372.542036][ T5771] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1372.610455][ T5771] usb 7-1: config 0 descriptor??
[ 1373.068428][T15695] loop6: detected capacity change from 0 to 128
[ 1373.144598][T15695] syz.6.2131: attempt to access beyond end of device
[ 1373.144598][T15695] loop6: rw=2049, sector=145, nr_sectors = 89 limit=128
[ 1373.215954][  T966] usb 9-1: new full-speed USB device number 4 using dummy_hcd
[ 1373.270988][T15695] syz.6.2131: attempt to access beyond end of device
[ 1373.270988][T15695] loop6: rw=2049, sector=241, nr_sectors = 288 limit=128
[ 1373.310396][T15695] syz.6.2131: attempt to access beyond end of device
[ 1373.310396][T15695] loop6: rw=0, sector=241, nr_sectors = 1 limit=128
[ 1373.327132][T15694] syz.6.2131: attempt to access beyond end of device
[ 1373.327132][T15694] loop6: rw=0, sector=241, nr_sectors = 1 limit=128
[ 1373.333692][T14201] Bluetooth: hci1: command 0x1003 tx timeout
[ 1373.350667][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1373.356182][T15694] Buffer I/O error on dev loop6, logical block 241, async page read
[ 1373.386755][T15694] syz.6.2131: attempt to access beyond end of device
[ 1373.386755][T15694] loop6: rw=0, sector=242, nr_sectors = 1 limit=128
[ 1373.441358][  T966] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1373.463849][T15694] Buffer I/O error on dev loop6, logical block 242, async page read
[ 1373.476712][  T966] usb 9-1: not running at top speed; connect to a high speed hub
[ 1373.527257][  T966] usb 9-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1373.536149][T15694] syz.6.2131: attempt to access beyond end of device
[ 1373.536149][T15694] loop6: rw=0, sector=243, nr_sectors = 1 limit=128
[ 1373.545838][  T966] usb 9-1: config 1 interface 0 has no altsetting 0
[ 1373.581365][  T966] usb 9-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.40
[ 1373.591842][  T966] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1373.600602][  T966] usb 9-1: Product: syz
[ 1373.605048][  T966] usb 9-1: Manufacturer: syz
[ 1373.610461][  T966] usb 9-1: SerialNumber: syz
[ 1373.617730][T15694] Buffer I/O error on dev loop6, logical block 243, async page read
[ 1373.633322][T15694] syz.6.2131: attempt to access beyond end of device
[ 1373.633322][T15694] loop6: rw=0, sector=244, nr_sectors = 1 limit=128
[ 1373.659268][T15694] Buffer I/O error on dev loop6, logical block 244, async page read
[ 1373.704549][T15694] syz.6.2131: attempt to access beyond end of device
[ 1373.704549][T15694] loop6: rw=0, sector=245, nr_sectors = 1 limit=128
[ 1373.733337][T15694] Buffer I/O error on dev loop6, logical block 245, async page read
[ 1373.743168][T15694] syz.6.2131: attempt to access beyond end of device
[ 1373.743168][T15694] loop6: rw=0, sector=246, nr_sectors = 1 limit=128
[ 1373.769795][T15694] Buffer I/O error on dev loop6, logical block 246, async page read
[ 1373.795959][T15694] syz.6.2131: attempt to access beyond end of device
[ 1373.795959][T15694] loop6: rw=0, sector=247, nr_sectors = 1 limit=128
[ 1373.819735][T15694] Buffer I/O error on dev loop6, logical block 247, async page read
[ 1373.837352][T15694] Buffer I/O error on dev loop6, logical block 248, async page read
[ 1373.858700][T15694] Buffer I/O error on dev loop6, logical block 241, async page read
[ 1373.886035][  T966] usbhid 9-1:1.0: can't add hid device: -71
[ 1373.896313][  T966] usbhid: probe of 9-1:1.0 failed with error -71
[ 1373.923143][T15694] Buffer I/O error on dev loop6, logical block 242, async page read
[ 1373.936629][  T966] usb 9-1: USB disconnect, device number 4
[ 1374.221429][ T5771] usbhid 7-1:0.0: can't add hid device: -71
[ 1374.236701][ T5771] usbhid: probe of 7-1:0.0 failed with error -71
[ 1374.260309][ T5771] usb 7-1: USB disconnect, device number 9
[ 1374.600837][T15725] tipc: Failed to remove unknown binding: 66,1,1/2130706433:3501413395/3501413397
[ 1374.613589][T15725] tipc: Failed to remove unknown binding: 66,1,1/2130706433:3501413395/3501413397
[ 1374.625934][T15725] tipc: Failed to remove unknown binding: 66,1,1/2130706433:3501413395/3501413397
[ 1374.626862][T15713] loop4: detected capacity change from 0 to 40427
[ 1374.655295][T15713] F2FS-fs (loop4): invalid crc value
[ 1374.668514][T15713] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1374.800107][T15713] F2FS-fs (loop4): Start checkpoint disabled!
[ 1374.846101][T10823] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1375.006676][T15713] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[ 1375.086052][T10823] usb 9-1: Using ep0 maxpacket: 32
[ 1375.454325][T15736] input: syz1 as /devices/virtual/input/input154
[ 1377.903382][T12601] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[ 1378.046212][ T5785] Bluetooth: hci1: command 0x1003 tx timeout
[ 1378.053849][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1379.637308][T10823] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1379.719962][T10823] usb 9-1: unable to read config index 0 descriptor/start: -71
[ 1379.729280][T10823] usb 9-1: can't read configurations, error -71
[ 1379.814516][T15763] loop8: detected capacity change from 0 to 512
[ 1379.929646][T15763] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1379.938098][T15763] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1379.966892][T15763] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.2147: bad orphan inode 131083
[ 1380.129635][T15763] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1380.954024][T15768] tipc: Started in network mode
[ 1380.959057][T15768] tipc: Node identity 7f000001, cluster identity 4711
[ 1380.966977][T15768] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1381.196895][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1381.245498][T15772] wireguard0: entered promiscuous mode
[ 1381.251663][T15772] wireguard0: entered allmulticast mode
[ 1381.348612][T15777] tipc: Failed to remove unknown binding: 66,1,1/0:1927503976/1927503978
[ 1381.359151][T15777] tipc: Failed to remove unknown binding: 66,1,1/0:1927503976/1927503978
[ 1381.368356][T15777] tipc: Failed to remove unknown binding: 66,1,1/0:1927503976/1927503978
[ 1381.553406][T15779] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2152'.
[ 1381.656174][ T5785] Bluetooth: hci1: command 0x1003 tx timeout
[ 1381.664534][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1381.968708][T15787] input: syz1 as /devices/virtual/input/input156
[ 1382.099152][  T966] tipc: Node number set to 2130706433
[ 1382.915713][T15791] syzkaller0: entered promiscuous mode
[ 1383.051006][T15791] syzkaller0: entered allmulticast mode
[ 1383.951013][T15801] loop4: detected capacity change from 0 to 512
[ 1383.986139][T15801] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1384.004714][T15801] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1384.079558][T15801] EXT4-fs error (device loop4): ext4_orphan_get:1425: comm syz.4.2158: bad orphan inode 131083
[ 1384.123567][T15801] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1384.215753][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1390.570147][T15810] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1390.768250][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1391.163364][T15833] overlayfs: failed to resolve './file1': -2
[ 1392.628705][   T28] audit: type=1326 audit(1758507640.273:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1392.741692][   T28] audit: type=1326 audit(1758507640.273:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1392.786031][   T28] audit: type=1326 audit(1758507640.273:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1392.820496][   T28] audit: type=1326 audit(1758507640.273:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1392.907048][   T28] audit: type=1326 audit(1758507640.273:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1393.000525][   T28] audit: type=1326 audit(1758507640.273:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1393.094348][   T28] audit: type=1326 audit(1758507640.283:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1393.178137][   T28] audit: type=1326 audit(1758507640.283:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1393.294213][   T28] audit: type=1326 audit(1758507640.283:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1393.416424][   T28] audit: type=1326 audit(1758507640.283:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15850 comm="syz.8.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1393.678081][T15863] xt_hashlimit: max too large, truncated to 1048576
[ 1396.128829][T15874] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[ 1397.166050][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1397.170947][ T5785] Bluetooth: hci1: command 0x1003 tx timeout
[ 1401.160783][T15905] loop7: detected capacity change from 0 to 256
[ 1401.385244][T15905] exFAT-fs (loop7): Invalid boot checksum (boot checksum : 0x1119ac00, checksum : 0x1119acd0)
[ 1401.406150][T15905] exFAT-fs (loop7): invalid boot region
[ 1401.411782][T15905] exFAT-fs (loop7): failed to recognize exfat type
[ 1401.950030][T15920] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2187'.
[ 1402.148011][T11293] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1402.436235][T11293] usb 7-1: Using ep0 maxpacket: 32
[ 1402.766509][T11293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1402.785862][T11293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1402.806461][T11293] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1402.831879][T11293] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1402.858483][T11293] usb 7-1: config 0 descriptor??
[ 1403.097111][T15927] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2191'.
[ 1403.284690][T11293] savu 0003:1E7D:2D5A.0009: unknown main item tag 0x0
[ 1403.515916][T11293] savu 0003:1E7D:2D5A.0009: unknown main item tag 0x0
[ 1403.535922][T11293] savu 0003:1E7D:2D5A.0009: unknown main item tag 0x0
[ 1403.542802][T11293] savu 0003:1E7D:2D5A.0009: unknown main item tag 0x0
[ 1403.555910][T11293] savu 0003:1E7D:2D5A.0009: unknown main item tag 0x0
[ 1403.562781][T11293] savu 0003:1E7D:2D5A.0009: unbalanced collection at end of report description
[ 1403.644033][T15931] input: syz1 as /devices/virtual/input/input158
[ 1403.783810][T11293] savu 0003:1E7D:2D5A.0009: parse failed
[ 1403.990224][T11293] savu: probe of 0003:1E7D:2D5A.0009 failed with error -22
[ 1404.278503][T11293] usb 7-1: USB disconnect, device number 10
[ 1404.621110][T15938] loop6: detected capacity change from 0 to 128
[ 1404.628646][T15934] loop4: detected capacity change from 0 to 512
[ 1404.657498][T15934] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[ 1404.692271][T15934] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1404.712961][T15938] FAT-fs (loop6): Directory bread(block 32) failed
[ 1404.752172][T15934] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:512: comm syz.4.2193: Block bitmap for bg 0 marked uninitialized
[ 1404.785956][T15938] FAT-fs (loop6): Directory bread(block 33) failed
[ 1404.792693][T15938] FAT-fs (loop6): Directory bread(block 34) failed
[ 1404.843998][T15934] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6637: Corrupt filesystem
[ 1404.875958][T15938] FAT-fs (loop6): Directory bread(block 35) failed
[ 1404.890798][T15938] FAT-fs (loop6): Directory bread(block 36) failed
[ 1404.895397][T15934] EXT4-fs (loop4): 1 orphan inode deleted
[ 1404.898861][T15938] FAT-fs (loop6): Directory bread(block 37) failed
[ 1404.920494][T15938] FAT-fs (loop6): Directory bread(block 38) failed
[ 1404.923788][T15934] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 1404.940639][T15938] FAT-fs (loop6): Directory bread(block 39) failed
[ 1404.948267][T15938] FAT-fs (loop6): Directory bread(block 40) failed
[ 1404.959123][T15938] FAT-fs (loop6): Directory bread(block 41) failed
[ 1405.016072][T15934] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[ 1405.072047][T15934] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[ 1405.153466][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1405.210256][T15938] bio_check_eod: 1930 callbacks suppressed
[ 1405.210275][T15938] syz.6.2194: attempt to access beyond end of device
[ 1405.210275][T15938] loop6: rw=0, sector=4108, nr_sectors = 4 limit=128
[ 1405.238889][T15938] FAT-fs (loop6): Filesystem has been set read-only
[ 1405.246582][T15938] FAT-fs (loop6): error, fat_free_clusters: deleting FAT entry beyond EOF
[ 1405.840934][T15951] loop4: detected capacity change from 0 to 256
[ 1405.883734][T15951] exFAT-fs (loop4): error, The cluster chain has a loop
[ 1405.925124][T15951] exFAT-fs (loop4): failed to count the number of clusters in root
[ 1405.952862][T15951] exFAT-fs (loop4): failed to recognize exfat type
[ 1406.018079][T13738] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1406.158222][T15955] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2199'.
[ 1406.556120][T15951] loop4: detected capacity change from 0 to 512
[ 1407.761313][T15951] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1407.961544][T15951] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2244: inode #15: comm syz.4.2198: corrupted in-inode xattr: invalid ea_ino
[ 1407.982174][T15951] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.2198: couldn't read orphan inode 15 (err -117)
[ 1407.999263][T15951] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1408.027882][T15951] EXT4-fs error (device loop4): ext4_lookup:1862: inode #2: comm syz.4.2198: deleted inode referenced: 15
[ 1409.885293][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1410.155698][T15979] input: syz1 as /devices/virtual/input/input159
[ 1411.086511][ T5793] Bluetooth: hci1: command 0x1003 tx timeout
[ 1411.116349][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1411.160766][T15985] loop6: detected capacity change from 0 to 8192
[ 1411.235213][T15985] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[ 1411.295982][T15985] FAT-fs (loop6): Filesystem has been set read-only
[ 1411.572247][T15989] syzkaller0: entered promiscuous mode
[ 1411.578523][T15989] syzkaller0: entered allmulticast mode
[ 1411.992275][T16005] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2210'.
[ 1412.573304][T16015] input: syz1 as /devices/virtual/input/input160
[ 1413.752093][T11293] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1413.958039][T11293] usb 7-1: Using ep0 maxpacket: 32
[ 1413.980521][T11293] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1414.007171][T11293] usb 7-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1414.016392][T11293] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1414.025097][T11293] usb 7-1: Product: syz
[ 1414.029403][T11293] usb 7-1: Manufacturer: syz
[ 1414.034045][T11293] usb 7-1: SerialNumber: syz
[ 1414.041896][T11293] usb 7-1: config 0 descriptor??
[ 1414.055685][T11293] usb 7-1: bad CDC descriptors
[ 1414.061418][T11293] usb 7-1: unsupported MDLM descriptors
[ 1414.267434][T11293] usb 7-1: USB disconnect, device number 11
[ 1414.773287][ T5793] Bluetooth: hci1: command 0x1003 tx timeout
[ 1414.778715][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1417.719813][T16041] syz.8.2220[16041] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1417.720034][T16041] syz.8.2220[16041] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1417.740119][T16041] loop8: detected capacity change from 0 to 512
[ 1417.859140][T16041] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1417.986521][T16041] EXT4-fs (loop8): 1 truncate cleaned up
[ 1417.999234][T16041] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1418.880050][T16046] loop7: detected capacity change from 0 to 1024
[ 1419.056842][T16046] EXT4-fs (loop7): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[ 1419.127271][T16046] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[ 1419.152951][T16050] loop6: detected capacity change from 0 to 256
[ 1419.289682][T16046] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[ 1419.491855][T16046] EXT4-fs error (device loop7): ext4_get_journal_inode:5807: inode #5: comm syz.7.2221: unexpected bad inode w/o EXT4_IGET_BAD
[ 1420.193587][T16046] EXT4-fs (loop7): no journal found
[ 1420.199334][T16046] EXT4-fs (loop7): can't get journal size
[ 1420.229830][T16046] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1420.307176][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1421.039359][T16064] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2225'.
[ 1421.789977][T16071] xt_hashlimit: max too large, truncated to 1048576
[ 1422.190431][T16074] input: syz1 as /devices/virtual/input/input161
[ 1423.621467][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.628071][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.994226][T16085] overlayfs: invalid redirect ((null))
[ 1424.088254][T16087] loop8: detected capacity change from 0 to 1024
[ 1424.107829][T16087] EXT4-fs: Ignoring removed oldalloc option
[ 1424.126264][T16087] EXT4-fs: Ignoring removed bh option
[ 1424.144097][T16087] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 1424.211706][T16087] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1424.605135][T16092] overlay: ./file1 is not a directory
[ 1425.310904][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1425.369040][T16096] loop6: detected capacity change from 0 to 512
[ 1425.394597][T16096] EXT4-fs (loop6): Test dummy encryption mode enabled
[ 1425.425982][T16096] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[ 1425.486506][T16096] EXT4-fs error (device loop6): ext4_orphan_get:1425: comm syz.6.2234: bad orphan inode 131083
[ 1425.511569][T16096] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1425.647898][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1425.765243][T16096] tipc: Started in network mode
[ 1425.770660][T16096] tipc: Node identity 7f000001, cluster identity 4711
[ 1425.778477][T16096] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1425.967743][T16103] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2236'.
[ 1425.972780][T10722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1425.977452][T16103] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2236'.
[ 1426.496983][T16112] xt_hashlimit: max too large, truncated to 1048576
[ 1426.777709][T11293] tipc: Node number set to 2130706433
[ 1427.514203][T16126] overlayfs: invalid redirect ((null))
[ 1427.603300][T16128] loop4: detected capacity change from 0 to 1024
[ 1427.818586][T16122] can: request_module (can-proto-0) failed.
[ 1427.887352][T16130] syz.6.2242[16130] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1427.887810][T16130] syz.6.2242[16130] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1427.921897][T16130] loop6: detected capacity change from 0 to 128
[ 1427.995357][T16130] EXT4-fs (loop6): Test dummy encryption mode enabled
[ 1428.042089][T16130] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1428.067723][T16130] ext4 filesystem being mounted at /287/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1428.208830][ T5784] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1430.303140][T16133] loop8: detected capacity change from 0 to 512
[ 1430.337976][T16133] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1430.376220][T16133] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1430.410385][T16133] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1430.440745][T16133] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1430.502899][T16133] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4031: comm syz.8.2243: Allocating blocks 41-42 which overlap fs metadata
[ 1430.585341][T16133] __quota_error: 9 callbacks suppressed
[ 1430.585363][T16133] Quota error (device loop8): write_blk: dquota write failed
[ 1430.645486][T16133] Quota error (device loop8): find_free_dqentry: Can't write quota data block 5
[ 1430.689444][T16133] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4031: comm syz.8.2243: Allocating blocks 41-42 which overlap fs metadata
[ 1430.738071][T16133] Quota error (device loop8): write_blk: dquota write failed
[ 1430.758383][T16133] Quota error (device loop8): qtree_write_dquot: Error -117 occurred while creating quota
[ 1430.796263][T16133] EXT4-fs error (device loop8): ext4_acquire_dquot:6940: comm syz.8.2243: Failed to acquire dquot type 1
[ 1430.826695][T10722] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1430.858444][T16133] EXT4-fs error (device loop8): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[ 1430.916199][T16133] EXT4-fs error (device loop8): ext4_do_update_inode:5230: inode #12: comm syz.8.2243: corrupted inode contents
[ 1430.962858][T16133] EXT4-fs error (device loop8): ext4_dirty_inode:6106: inode #12: comm syz.8.2243: mark_inode_dirty error
[ 1430.992629][T16133] EXT4-fs error (device loop8): ext4_do_update_inode:5230: inode #12: comm syz.8.2243: corrupted inode contents
[ 1431.040626][T16133] EXT4-fs error (device loop8): __ext4_ext_dirty:202: inode #12: comm syz.8.2243: mark_inode_dirty error
[ 1431.097691][T16133] EXT4-fs error (device loop8): ext4_do_update_inode:5230: inode #12: comm syz.8.2243: corrupted inode contents
[ 1431.135970][ T5784] usb 5-1: device not accepting address 10, error -71
[ 1431.151477][T16133] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem
[ 1431.167161][T16133] EXT4-fs error (device loop8): ext4_do_update_inode:5230: inode #12: comm syz.8.2243: corrupted inode contents
[ 1431.237963][T16133] EXT4-fs error (device loop8): ext4_truncate:4288: inode #12: comm syz.8.2243: mark_inode_dirty error
[ 1431.272772][T16142] loop4: detected capacity change from 0 to 512
[ 1431.288244][T16133] EXT4-fs error (device loop8) in ext4_process_orphan:347: Corrupt filesystem
[ 1431.303499][T16133] EXT4-fs (loop8): 1 truncate cleaned up
[ 1431.326883][T12583] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1431.337699][T16142] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1431.344711][T16142] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1431.361929][T16133] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1431.438733][T16133] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1431.474564][T16142] EXT4-fs error (device loop4): ext4_orphan_get:1425: comm syz.4.2246: bad orphan inode 131083
[ 1431.520663][T16145] input: syz1 as /devices/virtual/input/input162
[ 1432.117778][T16142] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1432.358991][T16141] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1432.394357][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1432.455168][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1434.243371][T16170] xt_hashlimit: max too large, truncated to 1048576
[ 1434.374682][T16152] loop8: detected capacity change from 0 to 40427
[ 1434.512289][T13738] I/O error, dev loop8, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1437.127257][T16194] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2257'.
[ 1437.354755][T16197] loop6: detected capacity change from 0 to 512
[ 1437.374696][T16197] EXT4-fs (loop6): Test dummy encryption mode enabled
[ 1437.384764][T16197] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[ 1437.467910][T16197] EXT4-fs error (device loop6): ext4_orphan_get:1425: comm syz.6.2258: bad orphan inode 131083
[ 1437.534630][T16197] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1437.586674][T16197] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1437.637738][T10722] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1438.172277][T16223] loop6: detected capacity change from 0 to 16
[ 1438.228036][T16223] erofs: (device loop6): mounted with root inode @ nid 36.
[ 1439.161724][T16235] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2268'.
[ 1439.490272][T16238] xt_hashlimit: max too large, truncated to 1048576
[ 1440.205149][T16245] loop8: detected capacity change from 0 to 512
[ 1440.234288][T16245] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1440.287807][T16245] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1440.366282][T16245] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.2271: bad orphan inode 131083
[ 1440.430451][T16245] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1440.510225][T16245] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1440.551225][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1440.706206][ T5784] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1440.906162][ T5784] usb 7-1: Using ep0 maxpacket: 16
[ 1440.926946][ T5784] usb 7-1: config 0 has an invalid interface number: 105 but max is 0
[ 1440.955889][ T5784] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1440.971177][T16261] loop8: detected capacity change from 0 to 1024
[ 1440.984904][ T5784] usb 7-1: config 0 has no interface number 0
[ 1441.016275][ T5784] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1441.210281][T16261] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1441.260144][T16261] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1441.425634][T16261] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1441.525045][T16261] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28
[ 1441.575468][T16261] EXT4-fs (loop8): This should not happen!! Data will be lost
[ 1441.575468][T16261] 
[ 1441.612281][T16261] EXT4-fs (loop8): Total free blocks count 0
[ 1441.632796][T16261] EXT4-fs (loop8): Free/Dirty block details
[ 1441.663081][T16261] EXT4-fs (loop8): free_blocks=4293918720
[ 1441.683384][T16261] EXT4-fs (loop8): dirty_blocks=32
[ 1441.710858][T16261] EXT4-fs (loop8): Block reservation details
[ 1441.727112][T16261] EXT4-fs (loop8): i_reserved_data_blocks=2
[ 1441.793952][T12632] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 131075 with max blocks 1 with error 28
[ 1442.026062][T16280] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2278'.
[ 1442.155848][ T5784] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1442.163961][ T5784] usb 7-1: Product: syz
[ 1442.769956][T16285] xt_hashlimit: max too large, truncated to 1048576
[ 1443.166092][ T5784] usb 7-1: Manufacturer: syz
[ 1443.581086][ T5784] usb 7-1: SerialNumber: syz
[ 1443.627344][ T5784] usb 7-1: config 0 descriptor??
[ 1443.633916][ T5784] usb 7-1: can't set config #0, error -71
[ 1443.662531][ T5784] usb 7-1: USB disconnect, device number 12
[ 1443.740976][T16287] loop4: detected capacity change from 0 to 256
[ 1443.971032][T16294] loop8: detected capacity change from 0 to 512
[ 1443.978263][T16287] FAT-fs (loop4): Directory bread(block 64) failed
[ 1443.985680][T16287] FAT-fs (loop4): Directory bread(block 65) failed
[ 1444.026276][T16287] FAT-fs (loop4): Directory bread(block 66) failed
[ 1444.037053][T16294] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1444.043890][T16294] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1444.058960][T16287] FAT-fs (loop4): Directory bread(block 67) failed
[ 1444.079614][T16287] FAT-fs (loop4): Directory bread(block 68) failed
[ 1444.105970][T16287] FAT-fs (loop4): Directory bread(block 69) failed
[ 1444.122769][T16287] FAT-fs (loop4): Directory bread(block 70) failed
[ 1444.160945][T16287] FAT-fs (loop4): Directory bread(block 71) failed
[ 1444.190497][T16294] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.2282: bad orphan inode 131083
[ 1444.246389][T16287] FAT-fs (loop4): Directory bread(block 72) failed
[ 1444.286382][T16298] loop6: detected capacity change from 0 to 256
[ 1444.336090][T16287] FAT-fs (loop4): Directory bread(block 73) failed
[ 1444.368257][T16294] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1445.033769][T16303] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1445.596789][T16311] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2287'.
[ 1447.225129][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1447.728588][T16335] xt_hashlimit: max too large, truncated to 1048576
[ 1448.671070][T16345] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2296'.
[ 1449.088834][T16355] loop4: detected capacity change from 0 to 512
[ 1449.111829][T16357] overlayfs: failed to resolve './file1': -2
[ 1449.136046][T16355] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1449.164232][T16355] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1449.216881][T16355] EXT4-fs error (device loop4): ext4_orphan_get:1425: comm syz.4.2300: bad orphan inode 131083
[ 1449.293006][T16355] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1449.431277][T16337] loop6: detected capacity change from 0 to 40427
[ 1449.618713][T16337] F2FS-fs (loop6): invalid crc value
[ 1449.664958][T16337] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1449.840384][T16366] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1449.923674][T16337] F2FS-fs (loop6): Start checkpoint disabled!
[ 1449.950421][T16337] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[ 1450.713900][T16375] xt_hashlimit: max too large, truncated to 1048576
[ 1451.834621][T12638] kworker/u4:48: attempt to access beyond end of device
[ 1451.834621][T12638] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[ 1451.859032][T12638] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1451.872083][T12638] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1452.165924][T16387] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2309'.
[ 1452.335465][ T9331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1455.005993][T16383] loop7: detected capacity change from 0 to 40427
[ 1455.084621][T16408] overlayfs: invalid redirect ((null))
[ 1455.147792][T13738] I/O error, dev loop7, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1455.274029][T16411] xt_hashlimit: max too large, truncated to 1048576
[ 1456.573542][T16423] syz.4.2315[16423] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1456.574198][T16423] syz.4.2315[16423] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1456.641264][T16423] loop4: detected capacity change from 0 to 128
[ 1456.763335][T16423] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1456.813691][T16423] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1456.837268][T16423] ext4 filesystem being mounted at /380/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1458.004078][T16428] loop7: detected capacity change from 0 to 256
[ 1458.046677][T16428] exfat: Unknown parameter '01777777777777777777777'
[ 1458.660989][T16432] loop8: detected capacity change from 0 to 512
[ 1458.727786][T16432] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1458.775310][T16432] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1458.870420][T16432] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.2319: bad orphan inode 131083
[ 1458.934053][T16432] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1459.010017][ T9331] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1459.083689][T16440] loop7: detected capacity change from 0 to 512
[ 1459.091605][T16440] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1459.103460][T16440] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1459.130115][T16440] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1459.213032][T16440] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1459.312640][T16440] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4031: comm syz.7.2321: Allocating blocks 41-42 which overlap fs metadata
[ 1459.397125][T16440] Quota error (device loop7): write_blk: dquota write failed
[ 1459.416005][T16440] Quota error (device loop7): find_free_dqentry: Can't write quota data block 5
[ 1459.425647][T16440] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4031: comm syz.7.2321: Allocating blocks 41-42 which overlap fs metadata
[ 1459.486196][T16440] Quota error (device loop7): write_blk: dquota write failed
[ 1459.500400][T16440] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[ 1459.531243][T16440] EXT4-fs error (device loop7): ext4_acquire_dquot:6940: comm syz.7.2321: Failed to acquire dquot type 1
[ 1459.561949][T16440] EXT4-fs error (device loop7): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[ 1459.645091][T16440] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #12: comm syz.7.2321: corrupted inode contents
[ 1459.668195][T16446] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1459.681216][T16440] EXT4-fs error (device loop7): ext4_dirty_inode:6106: inode #12: comm syz.7.2321: mark_inode_dirty error
[ 1459.986047][T16440] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #12: comm syz.7.2321: corrupted inode contents
[ 1460.185262][T16440] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #12: comm syz.7.2321: mark_inode_dirty error
[ 1460.398301][T16440] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #12: comm syz.7.2321: corrupted inode contents
[ 1460.467138][T16440] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem
[ 1460.504284][T16440] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #12: comm syz.7.2321: corrupted inode contents
[ 1460.533468][T16440] EXT4-fs error (device loop7): ext4_truncate:4288: inode #12: comm syz.7.2321: mark_inode_dirty error
[ 1460.553702][T16440] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem
[ 1460.577818][T16440] EXT4-fs (loop7): 1 truncate cleaned up
[ 1460.587972][T16440] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1460.753208][T16440] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1460.886162][T12583] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1461.232581][T16456] overlayfs: invalid redirect ((null))
[ 1461.784607][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1462.391414][T16476] sch_tbf: burst 19920 is lower than device lo mtu (11337746) !
[ 1462.437642][T16478] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2334'.
[ 1462.467828][ T5847] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1462.531401][T16478] bridge_slave_0: left allmulticast mode
[ 1462.537219][T16478] bridge_slave_0: left promiscuous mode
[ 1462.560763][T16478] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1462.584003][T16478] bridge_slave_1: left allmulticast mode
[ 1462.617382][T16478] bridge_slave_1: left promiscuous mode
[ 1462.623184][T16478] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1462.641740][T16478] bond0: (slave bond_slave_0): Releasing backup interface
[ 1462.663066][T16478] bond0: (slave bond_slave_1): Releasing backup interface
[ 1462.678490][ T5847] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1462.691638][ T5847] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1462.719760][ T5847] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1462.748807][T16481] overlayfs: invalid redirect ((null))
[ 1462.784308][ T5847] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1462.818512][ T5847] usb 9-1: config 0 descriptor??
[ 1462.838867][T16478] team0: Port device team_slave_0 removed
[ 1462.930041][T16478] team0: Port device team_slave_1 removed
[ 1462.958656][T16478] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1462.977891][T16478] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1462.998796][T16478] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1463.016253][T16478] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1463.251941][ T5847] cp2112 0003:10C4:EA90.000A: unknown main item tag 0x0
[ 1463.275209][ T5847] cp2112 0003:10C4:EA90.000A: unknown main item tag 0x0
[ 1463.306328][ T5847] cp2112 0003:10C4:EA90.000A: unknown main item tag 0x0
[ 1463.313377][ T5847] cp2112 0003:10C4:EA90.000A: unknown main item tag 0x0
[ 1463.347492][ T5847] cp2112 0003:10C4:EA90.000A: unknown main item tag 0x0
[ 1463.355238][ T5847] cp2112 0003:10C4:EA90.000A: unknown main item tag 0x0
[ 1463.386045][ T5847] cp2112 0003:10C4:EA90.000A: unknown main item tag 0x0
[ 1463.438526][ T5847] cp2112 0003:10C4:EA90.000A: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0
[ 1463.550938][ T5847] cp2112 0003:10C4:EA90.000A: Part Number: 0x00 Device Version: 0x00
[ 1464.164452][T16474] cp2112 0003:10C4:EA90.000A: Error starting transaction: -38
[ 1464.339486][ T5847] cp2112 0003:10C4:EA90.000A: error reading lock byte: -71
[ 1464.430409][ T5847] usb 9-1: USB disconnect, device number 7
[ 1464.668904][T16502] loop7: detected capacity change from 0 to 1024
[ 1465.021473][T16502] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1466.141278][T16502] EXT4-fs error (device loop7): ext4_validate_block_bitmap:439: comm syz.7.2339: bg 0: block 10: padding at end of block bitmap is not set
[ 1466.163657][T16502] Quota error (device loop7): write_blk: dquota write failed
[ 1466.171333][T16502] Quota error (device loop7): find_free_dqentry: Can't write quota data block 2
[ 1466.181431][T16502] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[ 1466.191751][T16502] EXT4-fs error (device loop7): ext4_acquire_dquot:6940: comm syz.7.2339: Failed to acquire dquot type 0
[ 1466.693016][T16502] Quota error (device loop7): write_blk: dquota write failed
[ 1466.700845][T16502] Quota error (device loop7): find_free_dqentry: Can't write quota data block 2
[ 1466.711911][T16502] Quota error (device loop7): qtree_write_dquot: Error -28 occurred while creating quota
[ 1466.722247][T16502] EXT4-fs error (device loop7): ext4_acquire_dquot:6940: comm syz.7.2339: Failed to acquire dquot type 0
[ 1466.751526][T16502] EXT4-fs error (device loop7): ext4_free_blocks:6676: comm syz.7.2339: Freeing blocks not in datazone - block = 0, count = 4096
[ 1466.776742][T16502] Quota error (device loop7): write_blk: dquota write failed
[ 1466.784489][T16502] Quota error (device loop7): find_free_dqentry: Can't write quota data block 2
[ 1466.794356][T16502] Quota error (device loop7): qtree_write_dquot: Error -28 occurred while creating quota
[ 1466.804618][T16502] EXT4-fs error (device loop7): ext4_acquire_dquot:6940: comm syz.7.2339: Failed to acquire dquot type 0
[ 1466.819080][T16502] EXT4-fs (loop7): 1 orphan inode deleted
[ 1466.831014][T16502] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1467.954390][T12583] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1468.229718][T16514] overlayfs: invalid redirect ((null))
[ 1468.730370][T16529] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2349'.
[ 1468.779063][T16529] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2349'.
[ 1469.306539][T16539] loop4: detected capacity change from 0 to 1024
[ 1471.197445][T16539] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1473.137149][T16539] EXT4-fs: error -4 creating inode table initialization thread
[ 1473.145716][T16539] EXT4-fs (loop4): mount failed
[ 1473.530220][T16551] overlayfs: invalid redirect ((null))
[ 1474.174328][T14201] Bluetooth: hci1: sending frame failed (-49)
[ 1474.184154][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -49
[ 1474.894055][T16566] loop7: detected capacity change from 0 to 512
[ 1474.914363][T16566] EXT4-fs (loop7): Test dummy encryption mode enabled
[ 1474.977235][T16566] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[ 1475.115079][T16566] EXT4-fs error (device loop7): ext4_orphan_get:1425: comm syz.7.2359: bad orphan inode 131083
[ 1475.167494][T16566] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1475.453720][T16574] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1476.002714][T12583] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1476.425669][   T28] audit: type=1326 audit(1758507724.103:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16583 comm="syz.8.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1476.512170][   T28] audit: type=1326 audit(1758507724.103:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16583 comm="syz.8.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1476.658946][   T28] audit: type=1326 audit(1758507724.163:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16583 comm="syz.8.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1476.711550][   T28] audit: type=1326 audit(1758507724.163:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16583 comm="syz.8.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1476.734622][   T28] audit: type=1326 audit(1758507724.163:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16583 comm="syz.8.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8adf18ec29 code=0x7ffc0000
[ 1476.848365][T16593] overlayfs: invalid redirect ((null))
[ 1479.112906][T16622] warning: `syz.7.2377' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 1479.193970][T16627] overlayfs: invalid redirect ((null))
[ 1479.566048][ T5793] Bluetooth: hci1: command 0x1003 tx timeout
[ 1479.574510][T14201] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1480.097251][T16644] bond0: Caught tx_queue_len zero misconfig
[ 1480.114017][T16645] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2387'.
[ 1480.415946][ T5771] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[ 1480.690054][ T5771] usb 8-1: config 0 has no interfaces?
[ 1480.757154][ T5771] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1480.771877][ T5771] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1480.797353][ T5771] usb 8-1: Product: syz
[ 1480.806501][ T5771] usb 8-1: Manufacturer: syz
[ 1480.812973][T16659] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2392'.
[ 1480.821386][ T5771] usb 8-1: SerialNumber: syz
[ 1480.852444][ T5771] usb 8-1: config 0 descriptor??
[ 1480.975121][T16659] bridge_slave_0: left allmulticast mode
[ 1480.999627][T16659] bridge_slave_0: left promiscuous mode
[ 1481.015848][T16659] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1481.074995][T16644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1481.087548][T16659] bridge_slave_1: left allmulticast mode
[ 1481.093278][T16659] bridge_slave_1: left promiscuous mode
[ 1481.107755][T16659] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1481.132254][T16644] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1481.142360][T16659] bond0: (slave bond_slave_0): Releasing backup interface
[ 1481.185344][T16659] bond0: (slave bond_slave_1): Releasing backup interface
[ 1481.311157][T16659] team0: Port device team_slave_0 removed
[ 1481.367194][T16659] team0: Port device team_slave_1 removed
[ 1481.387802][T16659] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1481.411869][T16659] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1481.448648][T16659] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1481.479417][T16668] overlayfs: invalid redirect ((null))
[ 1481.498455][T16659] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1481.707032][T16672] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2397'.
[ 1482.402052][   T28] audit: type=1326 audit(1758507730.093:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb588f8ec29 code=0x7ffc0000
[ 1482.426011][   T28] audit: type=1326 audit(1758507730.093:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb588f8ec29 code=0x7ffc0000
[ 1482.463469][   T28] audit: type=1326 audit(1758507730.153:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb588f8d590 code=0x7ffc0000
[ 1482.497998][   T28] audit: type=1326 audit(1758507730.153:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb588f8e82b code=0x7ffc0000
[ 1482.521089][   T28] audit: type=1326 audit(1758507730.153:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb588f8e82b code=0x7ffc0000
[ 1482.571498][   T28] audit: type=1326 audit(1758507730.153:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb588f8e82b code=0x7ffc0000
[ 1482.619389][   T28] audit: type=1326 audit(1758507730.153:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb588f8e82b code=0x7ffc0000
[ 1482.768852][ T5847] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1482.781048][   T28] audit: type=1326 audit(1758507730.473:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb588f8e82b code=0x7ffc0000
[ 1482.822526][   T28] audit: type=1326 audit(1758507730.503:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb588f8e82b code=0x7ffc0000
[ 1482.986823][ T5847] usb 5-1: Using ep0 maxpacket: 32
[ 1482.997050][ T5847] usb 5-1: config 0 has an invalid interface number: 119 but max is 0
[ 1483.059013][ T5847] usb 5-1: config 0 has no interface number 0
[ 1483.122548][   T28] audit: type=1326 audit(1758507730.683:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16689 comm="syz.4.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb588f8e82b code=0x7ffc0000
[ 1483.148301][ T5771] usb 8-1: USB disconnect, device number 6
[ 1483.168925][ T5847] usb 5-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=d9.19
[ 1483.180302][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1483.210871][ T5847] usb 5-1: Product: syz
[ 1483.221919][ T5847] usb 5-1: Manufacturer: syz
[ 1483.246015][ T5847] usb 5-1: SerialNumber: syz
[ 1483.261302][ T5847] usb 5-1: config 0 descriptor??
[ 1483.289959][ T5847] gspca_main: sn9c2028-2.14.0 probing 0458:7003
[ 1483.491241][ T5847] gspca_sn9c2028: read1 error -71
[ 1483.501155][ T5847] gspca_sn9c2028: read1 error -71
[ 1483.540115][ T5847] gspca_sn9c2028: read1 error -71
[ 1483.575863][ T5847] sn9c2028: probe of 5-1:0.119 failed with error -71
[ 1483.587950][ T5847] usb 5-1: USB disconnect, device number 12
[ 1484.050642][T16698] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1484.086188][T16698] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1484.107308][T16698] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1484.146977][T16698] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1484.213179][T16698] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1484.551038][T16722] fuse: Bad value for 'fd'
[ 1484.614155][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.620746][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1485.806179][T14201] Bluetooth: hci4: command 0x0406 tx timeout
[ 1486.126117][T14201] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1486.126130][ T5793] Bluetooth: hci3: command 0x0406 tx timeout
[ 1486.165846][ T5771] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1486.205999][ T5793] Bluetooth: hci0: command 0x0406 tx timeout
[ 1486.375912][ T5771] usb 7-1: Using ep0 maxpacket: 32
[ 1486.393389][ T5771] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1486.424000][ T5771] usb 7-1: config 0 has no interfaces?
[ 1486.444943][ T5771] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1486.473462][ T5771] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1486.491239][ T5771] usb 7-1: Product: syz
[ 1486.693258][ T5771] usb 7-1: Manufacturer: syz
[ 1486.698937][ T5771] usb 7-1: SerialNumber: syz
[ 1486.707859][ T5771] usb 7-1: config 0 descriptor??
[ 1486.757820][T16746] xt_hashlimit: max too large, truncated to 1048576
[ 1486.921487][T16749] netlink: 'syz.7.2415': attribute type 5 has an invalid length.
[ 1487.552046][T16758] overlayfs: invalid redirect ((null))
[ 1488.273524][T16770] fuse: Bad value for 'fd'
[ 1488.288170][ T5793] Bluetooth: hci0: command 0x0406 tx timeout
[ 1488.406527][T16761] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1488.429947][T16773] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2426'.
[ 1488.436183][T16761] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1488.451385][T16761] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1488.555288][T16761] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1488.976090][  T966] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1489.087350][ T5784] usb 7-1: USB disconnect, device number 13
[ 1489.178789][  T966] usb 9-1: Using ep0 maxpacket: 32
[ 1489.198170][  T966] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1489.236204][  T966] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1489.294523][  T966] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1489.304727][  T966] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1489.336145][  T966] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1489.387108][  T966] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1489.425424][  T966] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1489.475270][  T966] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1489.498539][  T966] usb 9-1: config 0 descriptor??
[ 1489.751962][  T966] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1490.011252][T16796] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2436'.
[ 1490.051444][    C1] usblp0: nonzero read bulk status received: -71
[ 1490.061090][ T5771] usb 9-1: USB disconnect, device number 8
[ 1490.297417][T16800] IPVS: set_ctl: invalid protocol: 94 100.1.1.1:20001
[ 1490.366393][ T5793] Bluetooth: hci4: command 0x0406 tx timeout
[ 1490.387530][T16774] usblp0: removed
[ 1490.446024][ T5793] Bluetooth: hci3: command 0x0406 tx timeout
[ 1490.525951][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1490.605971][ T5793] Bluetooth: hci0: command 0x0406 tx timeout
[ 1490.763212][T16805] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1490.801065][T16805] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1490.822358][T16805] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1490.836207][T16805] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1491.262604][T16816] sctp: [Deprecated]: syz.7.2443 (pid 16816) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1491.262604][T16816] Use struct sctp_sack_info instead
[ 1491.960361][T16827] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2446'.
[ 1492.090680][T16827] bridge_slave_0: left allmulticast mode
[ 1492.166184][T16827] bridge_slave_0: left promiscuous mode
[ 1492.172065][T16827] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1492.224158][T16827] bridge_slave_1: left allmulticast mode
[ 1492.234118][T16827] bridge_slave_1: left promiscuous mode
[ 1492.256163][T16827] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1492.368654][T16827] bond0: (slave bond_slave_0): Releasing backup interface
[ 1492.405413][T16827] bond0: (slave bond_slave_1): Releasing backup interface
[ 1492.539304][T16827] team0: Port device team_slave_0 removed
[ 1492.670066][T16827] team0: Port device team_slave_1 removed
[ 1492.698213][T16827] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1492.765283][T16827] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1492.772934][ T5793] Bluetooth: hci4: command 0x0406 tx timeout
[ 1492.794682][T16827] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1492.810585][T16827] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1492.845976][ T5793] Bluetooth: hci0: command 0x0406 tx timeout
[ 1492.846072][T14201] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1492.852234][ T5793] Bluetooth: hci3: command 0x0406 tx timeout
[ 1493.127105][T16840] program syz.4.2451 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1493.192103][T16842] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[ 1493.841345][T16856] input: syz1 as /devices/virtual/input/input164
[ 1494.692378][T16864] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2460'.
[ 1494.798822][T16864] bridge_slave_0: left allmulticast mode
[ 1494.824631][T16865] mmap: syz.7.2459 (16865) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1494.847301][T16864] bridge_slave_0: left promiscuous mode
[ 1494.853155][T16864] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1494.928151][T16864] bridge_slave_1: left allmulticast mode
[ 1494.946151][T16864] bridge_slave_1: left promiscuous mode
[ 1494.966116][T16864] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1495.043174][T16864] bond0: (slave bond_slave_0): Releasing backup interface
[ 1495.127171][T16864] bond0: (slave bond_slave_1): Releasing backup interface
[ 1495.277498][T16864] team0: Port device team_slave_0 removed
[ 1495.320839][T16864] team0: Port device team_slave_1 removed
[ 1495.342952][T16864] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1495.392551][T16864] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1495.454005][T16864] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1495.533086][T16864] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1495.826923][T16871] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2462'.
[ 1495.966701][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1496.740876][T16882] netlink: set zone limit has 8 unknown bytes
[ 1498.203479][T16902] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2471'.
[ 1500.083738][T16936] netdevsim netdevsim7 netdevsim0: entered promiscuous mode
[ 1500.097790][T16936] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1500.516460][ T5784] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[ 1500.746001][ T5784] usb 8-1: Using ep0 maxpacket: 16
[ 1500.761060][ T5784] usb 8-1: config 0 has an invalid interface descriptor of length 4, skipping
[ 1500.776476][ T5784] usb 8-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[ 1500.811264][ T5784] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1500.832103][ T5784] usb 8-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[ 1500.846313][ T5784] usb 8-1: New USB device strings: Mfr=65, Product=0, SerialNumber=0
[ 1500.876612][ T5784] usb 8-1: Manufacturer: syz
[ 1500.908200][ T5784] usb 8-1: config 0 descriptor??
[ 1501.621745][T16967] overlayfs: invalid redirect ((null))
[ 1501.649460][T16968] xt_hashlimit: max too large, truncated to 1048576
[ 1501.907007][ T5784] usb 8-1: USB disconnect, device number 7
[ 1502.467742][ T5847] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1502.666131][ T5847] usb 5-1: Using ep0 maxpacket: 32
[ 1502.683123][T16983] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2500'.
[ 1502.693056][ T5847] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[ 1502.701726][ T5847] usb 5-1: config 0 has no interface number 0
[ 1502.708705][ T5847] usb 5-1: config 0 interface 12 has no altsetting 0
[ 1502.728453][ T5847] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1502.754860][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1502.778633][ T5847] usb 5-1: Product: syz
[ 1502.790870][ T5847] usb 5-1: Manufacturer: syz
[ 1502.802037][ T5847] usb 5-1: SerialNumber: syz
[ 1502.815256][ T5847] usb 5-1: config 0 descriptor??
[ 1503.095972][T10823] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[ 1503.263028][T16970] netlink: 452 bytes leftover after parsing attributes in process `syz.4.2495'.
[ 1503.308882][T10823] usb 7-1: config 0 has no interfaces?
[ 1503.340825][ T5847] f81534 5-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1503.368017][ T5847] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[ 1503.415222][ T5847] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1503.454226][ T5847] f81534: probe of 5-1:0.12 failed with error -71
[ 1503.477454][ T5847] usb 5-1: USB disconnect, device number 13
[ 1503.547521][T10823] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1503.558394][T10823] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1503.577359][T10823] usb 7-1: Product: syz
[ 1503.581847][T10823] usb 7-1: Manufacturer: syz
[ 1503.602155][T10823] usb 7-1: SerialNumber: syz
[ 1503.641521][T10823] usb 7-1: config 0 descriptor??
[ 1504.408277][T17001] netlink: set zone limit has 8 unknown bytes
[ 1504.486219][T17001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1504.508365][T17001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1504.657450][T17009] netlink: 'syz.7.2504': attribute type 10 has an invalid length.
[ 1504.691740][T17009] netdevsim netdevsim7 netdevsim0: left promiscuous mode
[ 1504.922179][T17009] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 1505.030898][T17015] overlayfs: invalid redirect ((null))
[ 1505.096675][ T5771] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[ 1505.396011][ T5771] usb 8-1: Using ep0 maxpacket: 32
[ 1505.405435][ T5771] usb 8-1: config 0 has an invalid interface number: 217 but max is 0
[ 1505.422868][ T5771] usb 8-1: config 0 has no interface number 0
[ 1505.507988][ T5771] usb 8-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice= 0.02
[ 1505.523378][ T5771] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1505.681563][ T5771] usb 8-1: Product: syz
[ 1505.738567][ T5771] usb 8-1: Manufacturer: syz
[ 1505.750538][ T5771] usb 8-1: SerialNumber: syz
[ 1505.786264][ T5771] usb 8-1: config 0 descriptor??
[ 1505.843997][ T5771] ftdi_sio 8-1:0.217: FTDI USB Serial Device converter detected
[ 1505.865626][ T5771] usb 8-1: Detected SIO
[ 1505.915365][ T5771] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1506.106421][ T5865] usb 7-1: USB disconnect, device number 14
[ 1507.989221][ T5771] usb 8-1: USB disconnect, device number 8
[ 1508.008014][ T5771] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1508.093092][ T5771] ftdi_sio 8-1:0.217: device disconnected
[ 1508.164592][T17050] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1508.174378][T17050] syzkaller0: entered promiscuous mode
[ 1508.185273][T17050] syzkaller0: entered allmulticast mode
[ 1508.292092][T17050] tipc: Resetting bearer <eth:syzkaller0>
[ 1508.375461][T17049] tipc: Resetting bearer <eth:syzkaller0>
[ 1508.494144][T17049] tipc: Disabling bearer <eth:syzkaller0>
[ 1510.012018][T17081] loop8: detected capacity change from 0 to 512
[ 1510.025418][T17081] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1510.033350][T17081] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1510.051352][T17081] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.2528: bad orphan inode 131083
[ 1510.077059][T17081] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1510.305956][T11293] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[ 1510.516070][T11293] usb 8-1: Using ep0 maxpacket: 8
[ 1510.541207][T11293] usb 8-1: config 5 has an invalid interface number: 72 but max is 0
[ 1510.561863][T11293] usb 8-1: config 5 has no interface number 0
[ 1510.573598][T11293] usb 8-1: config 5 interface 72 has no altsetting 0
[ 1510.590575][T11293] usb 8-1: New USB device found, idVendor=1b3d, idProduct=01cd, bcdDevice= 8.00
[ 1510.605111][T11293] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1510.640078][T11293] usb 8-1: Product: syz
[ 1510.648250][T17096] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1510.696653][T11293] usb 8-1: Manufacturer: syz
[ 1510.718829][T11293] usb 8-1: SerialNumber: syz
[ 1510.759858][T17099] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2532'.
[ 1510.805995][T17099] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2532'.
[ 1510.836904][T17099] netlink: 'syz.4.2532': attribute type 18 has an invalid length.
[ 1510.856225][T17099] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2532'.
[ 1510.933941][T17079] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2527'.
[ 1511.023748][T11293] ftdi_sio 8-1:5.72: FTDI USB Serial Device converter detected
[ 1511.061754][T11293] usb 8-1: Detected FT4232H
[ 1511.069410][T11293] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[ 1511.096412][T11293] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1511.117958][T11293] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1511.164719][T11293] usb 8-1: USB disconnect, device number 9
[ 1511.200116][T11293] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1511.256886][T11293] ftdi_sio 8-1:5.72: device disconnected
[ 1512.015669][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1512.038263][T17111] xt_hashlimit: max too large, truncated to 1048576
[ 1512.947265][   T28] kauditd_printk_skb: 19 callbacks suppressed
[ 1512.947280][   T28] audit: type=1326 audit(1758507760.643:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.036080][   T28] audit: type=1326 audit(1758507760.673:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.102608][   T28] audit: type=1326 audit(1758507760.673:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.154041][   T28] audit: type=1326 audit(1758507760.673:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.191911][   T28] audit: type=1326 audit(1758507760.673:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.215152][   T28] audit: type=1326 audit(1758507760.673:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.242838][   T28] audit: type=1326 audit(1758507760.703:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.269598][   T28] audit: type=1326 audit(1758507760.703:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.294873][   T28] audit: type=1326 audit(1758507760.703:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1513.318786][   T28] audit: type=1326 audit(1758507760.703:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.7.2541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b378ec29 code=0x7ffc0000
[ 1514.766023][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1515.010283][T17149] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1515.442435][T17155] input: syz1 as /devices/virtual/input/input165
[ 1516.525093][T17164] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2551'.
[ 1516.738184][T17168] trusted_key: syz.6.2549 sent an empty control message without MSG_MORE.
[ 1518.086000][T10823] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[ 1518.359527][T10823] usb 8-1: config 0 has no interfaces?
[ 1518.376048][T10823] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1518.441897][T17191] input: syz1 as /devices/virtual/input/input166
[ 1519.205860][T10823] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1519.214177][T10823] usb 8-1: Product: syz
[ 1519.224971][T10823] usb 8-1: Manufacturer: syz
[ 1519.229784][T10823] usb 8-1: SerialNumber: syz
[ 1519.246559][T10823] usb 8-1: config 0 descriptor??
[ 1519.409686][ T5785] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1520.009242][T17212] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2563'.
[ 1520.485988][T10823] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 1520.710671][T10823] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1520.744968][T10823] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1520.825914][T10823] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1520.850647][T10823] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1520.886965][T10823] usb 7-1: config 0 descriptor??
[ 1521.333726][T10823] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[ 1521.357661][T11293] usb 8-1: USB disconnect, device number 10
[ 1521.366474][T10823] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[ 1521.415918][T10823] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[ 1521.422960][T10823] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[ 1521.475819][T10823] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[ 1521.483211][T10823] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[ 1521.552272][T10823] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[ 1521.565246][T10823] cp2112 0003:10C4:EA90.000B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.6-1/input0
[ 1521.646990][T10823] cp2112 0003:10C4:EA90.000B: Part Number: 0x00 Device Version: 0x00
[ 1521.716737][T17228] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1521.778565][T17222] syzkaller0: entered promiscuous mode
[ 1521.840024][T17222] syzkaller0: entered allmulticast mode
[ 1521.849772][T10823] cp2112 0003:10C4:EA90.000B: error requesting SMBus config
[ 1522.527368][T10823] cp2112: probe of 0003:10C4:EA90.000B failed with error -32
[ 1522.543730][T10823] usb 7-1: USB disconnect, device number 15
[ 1522.585457][T17232] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1522.757592][T17236] netlink: 452 bytes leftover after parsing attributes in process `syz.8.2568'.
[ 1522.798339][T17222] tipc: Resetting bearer <eth:syzkaller0>
[ 1522.862335][T17220] tipc: Resetting bearer <eth:syzkaller0>
[ 1522.940773][T17220] tipc: Disabling bearer <eth:syzkaller0>
[ 1523.190854][T17251] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2572'.
[ 1523.226713][T17250] TCP: TCP_TX_DELAY enabled
[ 1523.293558][T17251] bond0: (slave netdevsim0): Releasing backup interface
[ 1524.426561][T17273] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1525.575925][T10823] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1525.878123][T10823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1525.918768][T10823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1526.010034][T10823] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1526.058111][T10823] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1526.114037][T10823] usb 5-1: config 0 descriptor??
[ 1526.579725][T10823] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1526.661780][T10823] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1526.719951][T10823] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1526.742817][T10823] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1526.790111][T10823] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1526.804666][T10823] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1526.849460][T10823] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[ 1526.887342][T10823] cp2112 0003:10C4:EA90.000C: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0
[ 1527.056887][T10823] cp2112 0003:10C4:EA90.000C: Part Number: 0x00 Device Version: 0x00
[ 1527.112826][T10823] cp2112 0003:10C4:EA90.000C: error requesting SMBus config
[ 1527.156763][T10823] cp2112: probe of 0003:10C4:EA90.000C failed with error -32
[ 1527.333131][T10823] usb 5-1: USB disconnect, device number 14
[ 1528.595499][T17315] input: syz1 as /devices/virtual/input/input167
[ 1530.805975][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1531.394430][ T5785] Bluetooth: hci1: sending frame failed (-49)
[ 1531.404113][ T5793] Bluetooth: hci1: Opcode 0x1003 failed: -49
[ 1531.829646][T17340] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1531.839820][T17340] syzkaller0: entered promiscuous mode
[ 1531.845344][T17340] syzkaller0: entered allmulticast mode
[ 1531.916928][T17340] tipc: Resetting bearer <eth:syzkaller0>
[ 1531.935085][T17338] tipc: Resetting bearer <eth:syzkaller0>
[ 1531.991264][T17338] tipc: Disabling bearer <eth:syzkaller0>
[ 1532.036344][T11293] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1532.228048][T11293] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1532.264894][T11293] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1532.305698][T11293] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1532.326132][T11293] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1532.345445][T11293] usb 9-1: config 0 descriptor??
[ 1532.765006][T11293] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1532.780153][T11293] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1532.788205][T11293] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1532.795426][T11293] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1532.804268][T11293] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1532.812475][T11293] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1532.821477][T11293] cp2112 0003:10C4:EA90.000D: unknown main item tag 0x0
[ 1532.844883][T11293] cp2112 0003:10C4:EA90.000D: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0
[ 1533.220751][T11293] cp2112 0003:10C4:EA90.000D: Part Number: 0x00 Device Version: 0x00
[ 1533.763421][T11293] cp2112 0003:10C4:EA90.000D: error requesting SMBus config
[ 1533.773145][T11293] cp2112: probe of 0003:10C4:EA90.000D failed with error -32
[ 1533.803514][T11293] usb 9-1: USB disconnect, device number 9
[ 1533.834928][T17363] fido_id[17363]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/9-1/report_descriptor': No such file or directory
[ 1533.992135][T17369] overlayfs: invalid redirect ((null))
[ 1534.301708][T17373] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1534.323786][T17373] syzkaller0: entered promiscuous mode
[ 1534.344660][T17373] syzkaller0: entered allmulticast mode
[ 1534.409112][T17373] tipc: Resetting bearer <eth:syzkaller0>
[ 1534.444846][T17372] tipc: Resetting bearer <eth:syzkaller0>
[ 1534.484579][T17372] tipc: Disabling bearer <eth:syzkaller0>
[ 1536.607424][ T5847] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 1536.812339][ T5847] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1536.867177][ T5847] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1536.912746][ T5847] usb 8-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1536.932300][ T5847] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1536.996998][ T5847] usb 8-1: config 0 descriptor??
[ 1537.461521][ T5847] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1537.481776][ T5847] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1537.489802][ T5847] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1537.497740][ T5847] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1537.504996][ T5847] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1537.513177][ T5847] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1537.521348][T17415] overlayfs: invalid redirect ((null))
[ 1537.521453][ T5847] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[ 1537.544713][ T5847] cp2112 0003:10C4:EA90.000E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.7-1/input0
[ 1537.670745][ T5847] cp2112 0003:10C4:EA90.000E: Part Number: 0x00 Device Version: 0x00
[ 1537.884530][ T5847] cp2112 0003:10C4:EA90.000E: error requesting SMBus config
[ 1537.904172][ T5847] cp2112: probe of 0003:10C4:EA90.000E failed with error -32
[ 1537.922964][ T5847] usb 8-1: USB disconnect, device number 11
[ 1538.007433][T17420] xt_hashlimit: max too large, truncated to 1048576
[ 1539.106732][T17435] netlink: 'syz.4.2624': attribute type 10 has an invalid length.
[ 1539.195424][T17435] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 1539.240867][T10823] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[ 1539.436043][T10823] usb 7-1: Using ep0 maxpacket: 32
[ 1539.443103][T10823] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[ 1539.453657][T10823] usb 7-1: config 0 has no interface number 0
[ 1539.465142][T10823] usb 7-1: config 0 interface 12 has no altsetting 0
[ 1539.494741][T10823] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1539.505426][T10823] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1539.518443][T10823] usb 7-1: Product: syz
[ 1539.525119][T10823] usb 7-1: Manufacturer: syz
[ 1539.531620][T10823] usb 7-1: SerialNumber: syz
[ 1539.541404][T10823] usb 7-1: config 0 descriptor??
[ 1539.835992][ T5784] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[ 1539.958258][T17431] netlink: 452 bytes leftover after parsing attributes in process `syz.6.2626'.
[ 1540.010159][T10823] f81534 7-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1540.141195][T10823] f81534 7-1:0.12: f81534_find_config_idx: read failed: -71
[ 1540.150401][ T5784] usb 8-1: config 0 has an invalid interface number: 217 but max is 0
[ 1540.165226][T10823] f81534 7-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1540.173288][ T5784] usb 8-1: config 0 has no interface number 0
[ 1540.200946][T10823] f81534: probe of 7-1:0.12 failed with error -71
[ 1540.210314][ T5784] usb 8-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[ 1540.225925][ T5784] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1540.248669][T10823] usb 7-1: USB disconnect, device number 16
[ 1540.278751][ T5784] usb 8-1: Product: syz
[ 1540.336776][ T5784] usb 8-1: Manufacturer: syz
[ 1540.341420][ T5784] usb 8-1: SerialNumber: syz
[ 1540.372548][ T5784] usb 8-1: config 0 descriptor??
[ 1540.382900][ T5784] hub 8-1:0.217: bad descriptor, ignoring hub
[ 1540.393126][ T5784] hub: probe of 8-1:0.217 failed with error -5
[ 1540.598359][T17443] loop8: detected capacity change from 0 to 512
[ 1540.604832][ T5784] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[ 1540.656399][T17443] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1540.691767][ T5784] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1540.702616][T17443] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1540.724141][ T5784] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[ 1540.769448][ T5784] usb 8-1: media controller created
[ 1540.790772][T17443] EXT4-fs error (device loop8): ext4_orphan_get:1425: comm syz.8.2630: bad orphan inode 131083
[ 1540.821557][T17443] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1540.890275][ T5784] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1541.164247][T17455] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1541.726781][T13475] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1541.736319][ T5784] DVB: Unable to find symbol dib7000p_attach()
[ 1541.742584][ T5784] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[ 1541.918212][ T5784] rc_core: IR keymap rc-dib0700-rc5 not found
[ 1541.954891][ T5784] Registered IR keymap rc-empty
[ 1542.003479][ T5784] dvb-usb: could not initialize remote control.
[ 1542.032788][ T5784] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[ 1542.106836][T17466] overlayfs: invalid redirect ((null))
[ 1542.501918][T17470] xt_hashlimit: max too large, truncated to 1048576
[ 1543.715942][ T5847] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[ 1543.813611][ T5784] usb 8-1: USB disconnect, device number 12
[ 1543.847770][T17478] netlink: 92 bytes leftover after parsing attributes in process `syz.8.2637'.
[ 1543.967902][ T5847] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1544.003302][ T5784] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[ 1544.017610][ T5847] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1544.065406][ T5847] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1544.092651][ T5847] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1544.145655][ T5847] usb 7-1: config 0 descriptor??
[ 1544.307562][T17482] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1544.337987][T17482] syzkaller0: entered promiscuous mode
[ 1544.343815][T17482] syzkaller0: entered allmulticast mode
[ 1544.406679][T17482] tipc: Resetting bearer <eth:syzkaller0>
[ 1544.416243][T17481] tipc: Resetting bearer <eth:syzkaller0>
[ 1544.441310][T17481] tipc: Disabling bearer <eth:syzkaller0>
[ 1544.599622][ T5847] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1544.622651][ T5847] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1544.640400][ T5847] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1544.681429][ T5847] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1544.710942][ T5847] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1544.735013][ T5847] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1544.748914][ T5847] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[ 1544.776757][ T5847] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.6-1/input0
[ 1544.835969][    C1] hrtimer: interrupt took 65750 ns
[ 1544.913149][ T5847] cp2112 0003:10C4:EA90.000F: Part Number: 0x00 Device Version: 0x00
[ 1545.119225][ T5847] cp2112 0003:10C4:EA90.000F: error requesting SMBus config
[ 1545.170604][ T5847] cp2112: probe of 0003:10C4:EA90.000F failed with error -32
[ 1545.223553][ T5847] usb 7-1: USB disconnect, device number 17
[ 1545.508136][T17491] sctp: [Deprecated]: syz.4.2641 (pid 17491) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1545.508136][T17491] Use struct sctp_sack_info instead
[ 1545.863505][T17499] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1545.883184][T17499] syzkaller0: entered promiscuous mode
[ 1545.903139][T17499] syzkaller0: entered allmulticast mode
[ 1545.994125][T17499] tipc: Resetting bearer <eth:syzkaller0>
[ 1546.012955][T17497] tipc: Resetting bearer <eth:syzkaller0>
[ 1546.052955][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.059731][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.071608][T17497] tipc: Disabling bearer <eth:syzkaller0>
[ 1546.444947][T17511] netlink: 596 bytes leftover after parsing attributes in process `syz.7.2649'.
[ 1546.566178][T11293] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[ 1546.654685][T17515] sctp: [Deprecated]: syz.7.2651 (pid 17515) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1546.654685][T17515] Use struct sctp_sack_info instead
[ 1546.715463][T17517] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1546.788169][T11293] usb 7-1: Using ep0 maxpacket: 32
[ 1546.795182][T11293] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1546.807574][T11293] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1546.847271][T11293] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1546.888848][T11293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1546.938046][T11293] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1546.954228][T11293] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1546.979153][T11293] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1546.996250][T11293] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1547.018526][T11293] usb 7-1: config 0 descriptor??
[ 1547.185986][T10823] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1547.235369][T11293] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1547.265852][  T966] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 1547.445651][T10823] usb 9-1: config 0 has an invalid interface number: 238 but max is 0
[ 1547.467423][T10823] usb 9-1: config 0 has no interface number 0
[ 1547.468133][  T966] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1547.478502][T10823] usb 9-1: config 0 interface 238 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1547.503538][T10823] usb 9-1: config 0 interface 238 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 1547.538017][T10823] usb 9-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=76.6a
[ 1547.571538][T10823] usb 9-1: New USB device strings: Mfr=7, Product=2, SerialNumber=3
[ 1547.572818][    C1] usblp0: nonzero read bulk status received: -71
[ 1547.588749][T11293] usb 7-1: USB disconnect, device number 18
[ 1547.615947][  T966] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1547.616370][T10823] usb 9-1: Product: syz
[ 1547.654128][  T966] usb 8-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1547.678228][  T966] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1547.714492][  T966] usb 8-1: config 0 descriptor??
[ 1547.796006][T10823] usb 9-1: Manufacturer: syz
[ 1547.796225][T17509] usblp0: removed
[ 1547.800714][T10823] usb 9-1: SerialNumber: syz
[ 1547.816726][T10823] usb 9-1: config 0 descriptor??
[ 1547.886469][T10823] ni6501 9-1:0.238: driver 'ni6501' failed to auto-configure device.
[ 1548.134370][  T966] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[ 1548.145530][  T966] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[ 1548.153308][  T966] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[ 1548.162003][  T966] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[ 1548.169919][  T966] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[ 1548.192741][  T966] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[ 1548.213811][  T966] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[ 1548.274374][  T966] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.7-1/input0
[ 1548.368988][  T966] cp2112 0003:10C4:EA90.0010: Part Number: 0x00 Device Version: 0x00
[ 1548.580043][  T966] cp2112 0003:10C4:EA90.0010: error requesting SMBus config
[ 1548.653027][  T966] cp2112: probe of 0003:10C4:EA90.0010 failed with error -32
[ 1548.726447][  T966] usb 8-1: USB disconnect, device number 13
[ 1549.857927][ T5847] usb 9-1: USB disconnect, device number 10
[ 1549.900436][T17550] xt_hashlimit: max too large, truncated to 1048576
[ 1550.431027][T17554] loop4: detected capacity change from 0 to 512
[ 1550.450806][T17554] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1550.458981][T17554] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1550.491235][T17554] EXT4-fs error (device loop4): ext4_orphan_get:1425: comm syz.4.2663: bad orphan inode 131083
[ 1550.503451][T17554] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1550.691071][ T5847] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[ 1550.896137][ T5847] usb 9-1: Using ep0 maxpacket: 32
[ 1550.918081][ T5847] usb 9-1: config 0 has an invalid interface number: 12 but max is 0
[ 1550.937001][ T5847] usb 9-1: config 0 has no interface number 0
[ 1550.950339][ T5847] usb 9-1: config 0 interface 12 has no altsetting 0
[ 1550.968974][ T5847] usb 9-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1550.985941][ T5847] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1551.008338][ T5847] usb 9-1: Product: syz
[ 1551.024813][ T5847] usb 9-1: Manufacturer: syz
[ 1551.039556][ T5847] usb 9-1: SerialNumber: syz
[ 1551.057586][ T5847] usb 9-1: config 0 descriptor??
[ 1551.238440][T17562] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1551.466056][ T5784] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[ 1551.491079][T17556] ==================================================================
[ 1551.499293][T17556] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x598/0x11f0
[ 1551.507076][T17556] Read of size 4 at addr ffff88806a10a8a0 by task syz.8.2664/17556
[ 1551.515001][T17556] 
[ 1551.517368][T17556] CPU: 1 PID: 17556 Comm: syz.8.2664 Not tainted syzkaller #0
[ 1551.524845][T17556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1551.534924][T17556] Call Trace:
[ 1551.538316][T17556]  <TASK>
[ 1551.541357][T17556]  dump_stack_lvl+0x16c/0x230
[ 1551.546204][T17556]  ? __lock_acquire+0x7c80/0x7c80
[ 1551.551243][T17556]  ? show_regs_print_info+0x20/0x20
[ 1551.556811][T17556]  ? load_image+0x3b0/0x3b0
[ 1551.561515][T17556]  ? __virt_addr_valid+0x469/0x540
[ 1551.566660][T17556]  print_report+0xac/0x220
[ 1551.571116][T17556]  ? xfrm_alloc_spi+0x598/0x11f0
[ 1551.576115][T17556]  kasan_report+0x117/0x150
[ 1551.580630][T17556]  ? xfrm_alloc_spi+0x598/0x11f0
[ 1551.585586][T17556]  xfrm_alloc_spi+0x598/0x11f0
[ 1551.590374][T17556]  ? xfrm_alloc_spi+0x2a1/0x11f0
[ 1551.595416][T17556]  ? verify_spi_info+0x120/0x120
[ 1551.600540][T17556]  ? xfrm_find_acq+0x79/0x90
[ 1551.605146][T17556]  xfrm_alloc_userspi+0x5d1/0xa90
[ 1551.610190][T17556]  ? end_current_label_crit_section+0x170/0x170
[ 1551.616804][T17556]  ? apparmor_capable+0x137/0x1a0
[ 1551.621850][T17556]  ? xfrm_dump_policy_done+0x90/0x90
[ 1551.627153][T17556]  ? __nla_parse+0x40/0x50
[ 1551.631587][T17556]  xfrm_user_rcv_msg+0x596/0x870
[ 1551.636534][T17556]  ? lockdep_hardirqs_on+0x98/0x150
[ 1551.641748][T17556]  ? xfrm_netlink_rcv+0x90/0x90
[ 1551.646620][T17556]  ? __local_bh_enable_ip+0x12e/0x1c0
[ 1551.652027][T17556]  ? __dev_queue_xmit+0x245/0x35a0
[ 1551.657157][T17556]  ? __mutex_trylock_common+0x153/0x250
[ 1551.662728][T17556]  netlink_rcv_skb+0x216/0x480
[ 1551.667509][T17556]  ? xfrm_netlink_rcv+0x90/0x90
[ 1551.672381][T17556]  ? netlink_ack+0x1110/0x1110
[ 1551.677254][T17556]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1551.682762][T17556]  ? __lock_acquire+0x7c80/0x7c80
[ 1551.687905][T17556]  xfrm_netlink_rcv+0x79/0x90
[ 1551.692615][T17556]  netlink_unicast+0x751/0x8d0
[ 1551.697411][T17556]  netlink_sendmsg+0x8c1/0xbe0
[ 1551.702221][T17556]  ? netlink_getsockopt+0x580/0x580
[ 1551.707646][T17556]  ? aa_sock_msg_perm+0x94/0x150
[ 1551.712703][T17556]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1551.718184][T17556]  ? security_socket_sendmsg+0x80/0xa0
[ 1551.723836][T17556]  ? netlink_getsockopt+0x580/0x580
[ 1551.729050][T17556]  ____sys_sendmsg+0x5bf/0x950
[ 1551.733832][T17556]  ? __asan_memset+0x22/0x40
[ 1551.738432][T17556]  ? __sys_sendmsg_sock+0x30/0x30
[ 1551.743670][T17556]  ? __import_iovec+0x5f2/0x860
[ 1551.748645][T17556]  ? import_iovec+0x73/0xa0
[ 1551.753165][T17556]  ___sys_sendmsg+0x220/0x290
[ 1551.757866][T17556]  ? __sys_sendmsg+0x270/0x270
[ 1551.762670][T17556]  __se_sys_sendmsg+0x1a5/0x270
[ 1551.767569][T17556]  ? __x64_sys_sendmsg+0x80/0x80
[ 1551.772523][T17556]  ? lockdep_hardirqs_on+0x98/0x150
[ 1551.777739][T17556]  do_syscall_64+0x55/0xb0
[ 1551.782182][T17556]  ? clear_bhb_loop+0x40/0x90
[ 1551.786905][T17556]  ? clear_bhb_loop+0x40/0x90
[ 1551.791761][T17556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1551.797766][T17556] RIP: 0033:0x7f8adf18ec29
[ 1551.802198][T17556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1551.822000][T17556] RSP: 002b:00007f8ae00d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1551.830436][T17556] RAX: ffffffffffffffda RBX: 00007f8adf3d5fa0 RCX: 00007f8adf18ec29
[ 1551.838504][T17556] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004
[ 1551.846573][T17556] RBP: 00007f8adf211e41 R08: 0000000000000000 R09: 0000000000000000
[ 1551.854555][T17556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1551.862545][T17556] R13: 00007f8adf3d6038 R14: 00007f8adf3d5fa0 R15: 00007fff54f62a78
[ 1551.870793][T17556]  </TASK>
[ 1551.873996][T17556] 
[ 1551.876338][T17556] Allocated by task 15622:
[ 1551.880759][T17556]  kasan_set_track+0x4e/0x70
[ 1551.885542][T17556]  __kasan_slab_alloc+0x6c/0x80
[ 1551.890420][T17556]  slab_post_alloc_hook+0x6e/0x4d0
[ 1551.895553][T17556]  kmem_cache_alloc+0x11e/0x2e0
[ 1551.900418][T17556]  xfrm_state_alloc+0x22/0x2a0
[ 1551.905210][T17556]  __find_acq_core+0x7d8/0x19d0
[ 1551.910184][T17556]  xfrm_find_acq+0x6a/0x90
[ 1551.914618][T17556]  xfrm_alloc_userspi+0x57a/0xa90
[ 1551.919648][T17556]  xfrm_user_rcv_msg+0x596/0x870
[ 1551.924598][T17556]  netlink_rcv_skb+0x216/0x480
[ 1551.929471][T17556]  xfrm_netlink_rcv+0x79/0x90
[ 1551.934165][T17556]  netlink_unicast+0x751/0x8d0
[ 1551.939112][T17556]  netlink_sendmsg+0x8c1/0xbe0
[ 1551.944069][T17556]  ____sys_sendmsg+0x5bf/0x950
[ 1551.948934][T17556]  ___sys_sendmsg+0x220/0x290
[ 1551.953618][T17556]  __se_sys_sendmsg+0x1a5/0x270
[ 1551.958479][T17556]  do_syscall_64+0x55/0xb0
[ 1551.962900][T17556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1551.968803][T17556] 
[ 1551.971132][T17556] The buggy address belongs to the object at ffff88806a10a800
[ 1551.971132][T17556]  which belongs to the cache xfrm_state of size 848
[ 1551.985188][T17556] The buggy address is located 160 bytes inside of
[ 1551.985188][T17556]  freed 848-byte region [ffff88806a10a800, ffff88806a10ab50)
[ 1551.999087][T17556] 
[ 1552.001416][T17556] The buggy address belongs to the physical page:
[ 1552.007918][T17556] page:ffffea0001a84200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a108
[ 1552.018195][T17556] head:ffffea0001a84200 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1552.027153][T17556] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1552.035136][T17556] page_type: 0xffffffff()
[ 1552.039471][T17556] raw: 00fff00000000840 ffff8880186c3dc0 dead000000000122 0000000000000000
[ 1552.048062][T17556] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 1552.056654][T17556] page dumped because: kasan: bad access detected
[ 1552.063159][T17556] page_owner tracks the page as allocated
[ 1552.068889][T17556] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 14529, tgid 14526 (syz.7.1827), ts 1252512741564, free_ts 1252444543464
[ 1552.090002][T17556]  post_alloc_hook+0x1cd/0x210
[ 1552.094879][T17556]  get_page_from_freelist+0x195c/0x19f0
[ 1552.100704][T17556]  __alloc_pages+0x1e3/0x460
[ 1552.105323][T17556]  alloc_slab_page+0x5d/0x170
[ 1552.110010][T17556]  new_slab+0x87/0x2e0
[ 1552.114275][T17556]  ___slab_alloc+0xc6d/0x1300
[ 1552.119135][T17556]  kmem_cache_alloc+0x1b7/0x2e0
[ 1552.124019][T17556]  xfrm_state_alloc+0x22/0x2a0
[ 1552.128813][T17556]  xfrm_state_find+0x2944/0x4510
[ 1552.133857][T17556]  xfrm_resolve_and_create_bundle+0x727/0x2c20
[ 1552.140123][T17556]  xfrm_lookup_with_ifid+0x261/0x19c0
[ 1552.145695][T17556]  xfrm_lookup_route+0x3c/0x1b0
[ 1552.150557][T17556]  udp_sendmsg+0x15cf/0x2380
[ 1552.155170][T17556]  ____sys_sendmsg+0x5bf/0x950
[ 1552.159947][T17556]  ___sys_sendmsg+0x220/0x290
[ 1552.164727][T17556]  __sys_sendmmsg+0x275/0x4a0
[ 1552.169413][T17556] page last free stack trace:
[ 1552.174176][T17556]  free_unref_page_prepare+0x7ce/0x8e0
[ 1552.179651][T17556]  free_unref_page+0x32/0x2e0
[ 1552.184595][T17556]  free_large_kmalloc+0x101/0x1a0
[ 1552.189722][T17556]  bpf_check+0x62c6/0xe970
[ 1552.194154][T17556]  bpf_prog_load+0x11cb/0x16d0
[ 1552.199013][T17556]  __sys_bpf+0x55a/0x800
[ 1552.203258][T17556]  __x64_sys_bpf+0x7c/0x90
[ 1552.207676][T17556]  do_syscall_64+0x55/0xb0
[ 1552.212186][T17556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1552.218101][T17556] 
[ 1552.220522][T17556] Memory state around the buggy address:
[ 1552.226164][T17556]  ffff88806a10a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1552.234238][T17556]  ffff88806a10a800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1552.242392][T17556] >ffff88806a10a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1552.250459][T17556]                                ^
[ 1552.255568][T17556]  ffff88806a10a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1552.263624][T17556]  ffff88806a10a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1552.271778][T17556] ==================================================================
[ 1552.280270][T17556] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1552.287492][T17556] CPU: 1 PID: 17556 Comm: syz.8.2664 Not tainted syzkaller #0
[ 1552.295129][T17556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1552.305479][T17556] Call Trace:
[ 1552.308885][T17556]  <TASK>
[ 1552.312103][T17556]  dump_stack_lvl+0x16c/0x230
[ 1552.316794][T17556]  ? show_regs_print_info+0x20/0x20
[ 1552.322030][T17556]  ? load_image+0x3b0/0x3b0
[ 1552.326555][T17556]  panic+0x2c0/0x710
[ 1552.330612][T17556]  ? bpf_jit_dump+0xd0/0xd0
[ 1552.335613][T17556]  ? _raw_spin_unlock_irqrestore+0xa9/0x110
[ 1552.341523][T17556]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 1552.347440][T17556]  ? _raw_spin_unlock+0x40/0x40
[ 1552.352324][T17556]  ? print_memory_metadata+0x314/0x400
[ 1552.357888][T17556]  ? xfrm_alloc_spi+0x598/0x11f0
[ 1552.362860][T17556]  check_panic_on_warn+0x84/0xa0
[ 1552.367839][T17556]  ? xfrm_alloc_spi+0x598/0x11f0
[ 1552.372889][T17556]  end_report+0x6f/0x140
[ 1552.377160][T17556]  kasan_report+0x128/0x150
[ 1552.381679][T17556]  ? xfrm_alloc_spi+0x598/0x11f0
[ 1552.386822][T17556]  xfrm_alloc_spi+0x598/0x11f0
[ 1552.391626][T17556]  ? xfrm_alloc_spi+0x2a1/0x11f0
[ 1552.396670][T17556]  ? verify_spi_info+0x120/0x120
[ 1552.401720][T17556]  ? xfrm_find_acq+0x79/0x90
[ 1552.406331][T17556]  xfrm_alloc_userspi+0x5d1/0xa90
[ 1552.411375][T17556]  ? end_current_label_crit_section+0x170/0x170
[ 1552.417739][T17556]  ? apparmor_capable+0x137/0x1a0
[ 1552.422776][T17556]  ? xfrm_dump_policy_done+0x90/0x90
[ 1552.428125][T17556]  ? __nla_parse+0x40/0x50
[ 1552.432702][T17556]  xfrm_user_rcv_msg+0x596/0x870
[ 1552.437760][T17556]  ? lockdep_hardirqs_on+0x98/0x150
[ 1552.442982][T17556]  ? xfrm_netlink_rcv+0x90/0x90
[ 1552.447935][T17556]  ? __local_bh_enable_ip+0x12e/0x1c0
[ 1552.453346][T17556]  ? __dev_queue_xmit+0x245/0x35a0
[ 1552.458568][T17556]  ? __mutex_trylock_common+0x153/0x250
[ 1552.464115][T17556]  netlink_rcv_skb+0x216/0x480
[ 1552.468894][T17556]  ? xfrm_netlink_rcv+0x90/0x90
[ 1552.473762][T17556]  ? netlink_ack+0x1110/0x1110
[ 1552.478613][T17556]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1552.483811][T17556]  ? __lock_acquire+0x7c80/0x7c80
[ 1552.488847][T17556]  xfrm_netlink_rcv+0x79/0x90
[ 1552.493711][T17556]  netlink_unicast+0x751/0x8d0
[ 1552.498497][T17556]  netlink_sendmsg+0x8c1/0xbe0
[ 1552.503303][T17556]  ? netlink_getsockopt+0x580/0x580
[ 1552.508525][T17556]  ? aa_sock_msg_perm+0x94/0x150
[ 1552.513482][T17556]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1552.519057][T17556]  ? security_socket_sendmsg+0x80/0xa0
[ 1552.524668][T17556]  ? netlink_getsockopt+0x580/0x580
[ 1552.530070][T17556]  ____sys_sendmsg+0x5bf/0x950
[ 1552.534910][T17556]  ? __asan_memset+0x22/0x40
[ 1552.539630][T17556]  ? __sys_sendmsg_sock+0x30/0x30
[ 1552.544899][T17556]  ? __import_iovec+0x5f2/0x860
[ 1552.549889][T17556]  ? import_iovec+0x73/0xa0
[ 1552.554467][T17556]  ___sys_sendmsg+0x220/0x290
[ 1552.559279][T17556]  ? __sys_sendmsg+0x270/0x270
[ 1552.564195][T17556]  __se_sys_sendmsg+0x1a5/0x270
[ 1552.569067][T17556]  ? __x64_sys_sendmsg+0x80/0x80
[ 1552.574105][T17556]  ? lockdep_hardirqs_on+0x98/0x150
[ 1552.579952][T17556]  do_syscall_64+0x55/0xb0
[ 1552.584401][T17556]  ? clear_bhb_loop+0x40/0x90
[ 1552.589100][T17556]  ? clear_bhb_loop+0x40/0x90
[ 1552.593776][T17556]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1552.599800][T17556] RIP: 0033:0x7f8adf18ec29
[ 1552.604253][T17556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1552.624328][T17556] RSP: 002b:00007f8ae00d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1552.632906][T17556] RAX: ffffffffffffffda RBX: 00007f8adf3d5fa0 RCX: 00007f8adf18ec29
[ 1552.640998][T17556] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004
[ 1552.649139][T17556] RBP: 00007f8adf211e41 R08: 0000000000000000 R09: 0000000000000000
[ 1552.657302][T17556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1552.665286][T17556] R13: 00007f8adf3d6038 R14: 00007f8adf3d5fa0 R15: 00007fff54f62a78
[ 1552.673291][T17556]  </TASK>
[ 1552.676701][T17556] Kernel Offset: disabled
[ 1552.681295][T17556] Rebooting in 86400 seconds..