last executing test programs:

10.556720198s ago: executing program 1 (id=1490):
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5}, {0x7, 0x0, 0x2}, {}, {}, {0x85, 0x0, 0x0, 0x2}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xba)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x50, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @dev}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x50}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x9, 0x10, 0x7ff, 0x42d0d, 0xffffffffffffffff, 0x8, '\x00', r5, r0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x18, 0x0, &(0x7f0000000300)=[@acquire, @request_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@clear_death={0x400c630e}], 0x0, 0x0, 0x0})
syz_usb_ep_write(r1, 0x82, 0x5, &(0x7f0000002340)='hello')
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='pagemap\x00')
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x0, 0x22, 0x85, {0x85, 0xd, "dba87b764ce4314d3aed6ebc3ca84addd87844d9de93d447389e7df2d34c27812cd3a30ffdbfae840eedceee1cf64df5f34028f543202c457c232cf856ac0ffe7238e97bd84ba6b4198dca9408643f77fe344f017727c29798d7c7edbebaa6b74c18da94b042a02a25775a5aa6185fb64ecb46b73a487d267319aade93738eddc7bb0b"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x85851acce13246f5, 0x9, 0x10, "020e301efb2a31d133105794773c2c83"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f00000003c0)={0x20, 0x80, 0x1c, {0x2, 0x4, 0x6, 0x7, 0x3, 0x7, 0xb, 0xfffffffe, 0xd9, 0x1, 0xc, 0x8}}, &(0x7f0000000400)={0x20, 0x85, 0x4, 0x6}, &(0x7f0000000440)={0x20, 0x83, 0x2}, &(0x7f0000000500)={0x20, 0x87, 0x2, 0xc3a1}, &(0x7f0000000540)={0x20, 0x89, 0x2, 0x1}})

9.770071345s ago: executing program 2 (id=1497):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='cachefiles_ondemand_cread\x00', 0xffffffffffffffff, 0x0, 0xcf9}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000009ed60aaf557aac16d4932190dd9625259b48281400e1d2067ae8c6", @ANYRES32], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0}, 0x18)
mmap(&(0x7f000000b000/0x4000)=nil, 0x4000, 0x1000005, 0x8012, 0xffffffffffffffff, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5}, &(0x7f0000000280), &(0x7f0000000080)}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)}], 0x1}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000040000000800"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

8.809774613s ago: executing program 2 (id=1500):
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5}, {0x7, 0x0, 0x2}, {}, {}, {0x85, 0x0, 0x0, 0x2}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xba)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x50, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @dev}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x50}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x9, 0x10, 0x7ff, 0x42d0d, 0xffffffffffffffff, 0x8, '\x00', r6, r0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000100))
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000003c0)={0x18, 0x0, &(0x7f0000000300)=[@acquire, @request_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@clear_death={0x400c630e}], 0x0, 0x0, 0x0})
syz_usb_ep_write(r2, 0x82, 0x5, &(0x7f0000002340)='hello')
write(r1, &(0x7f0000000340), 0x11000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='pagemap\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='fd/3\x00')
syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x0, 0x22, 0x85, {0x85, 0xd, "dba87b764ce4314d3aed6ebc3ca84addd87844d9de93d447389e7df2d34c27812cd3a30ffdbfae840eedceee1cf64df5f34028f543202c457c232cf856ac0ffe7238e97bd84ba6b4198dca9408643f77fe344f017727c29798d7c7edbebaa6b74c18da94b042a02a25775a5aa6185fb64ecb46b73a487d267319aade93738eddc7bb0b"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x85851acce13246f5, 0x9, 0x10, "020e301efb2a31d133105794773c2c83"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f00000003c0)={0x20, 0x80, 0x1c, {0x2, 0x4, 0x6, 0x7, 0x3, 0x7, 0xb, 0xfffffffe, 0xd9, 0x1, 0xc, 0x8}}, &(0x7f0000000400)={0x20, 0x85, 0x4, 0x6}, &(0x7f0000000440)={0x20, 0x83, 0x2}, &(0x7f0000000500)={0x20, 0x87, 0x2, 0xc3a1}, &(0x7f0000000540)={0x20, 0x89, 0x2, 0x1}})
poll(&(0x7f0000000100)=[{r1}], 0x1, 0x3f6)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

6.534580207s ago: executing program 1 (id=1511):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x2002})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0])
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r8}, {}, {}, {0x7, 0x0, 0xb, 0x9}}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x76}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
add_key(&(0x7f0000000100)='asymmetric\x00', 0x0, &(0x7f00000002c0), 0x0, r4)
syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x3000010, &(0x7f00000000c0), 0xfe, 0x44e, &(0x7f00000004c0)="$eJzs3MtvG8UfAPDv+tH0kf6SXymPlhYCRaLikTTpgx64gEDiABISlyJOIUmrULdBTZBoVYHhUI6oEnfEkX+BE1wQ4oTEFe6oUoV6gMLJaO3d1HXsEMdOXeLPR9p4xjvWzNe7Y8/OeBPA0JpI/yQRoxHxS0SMNbJ3F5hoPNy+dXXur1tX55Ko1d76PamX+/PW1bm8aP66PY1MrZblR9rUe+2diNlKZeFSlp9aufD+1PLlK88vXpg9t3Bu4eLM6dMnjh/ecWrmZO9BZg2rHvxo6dCB196+/sbcmevvlu4q0hxHv0w03t01Sv2u6D6wtymdbMcAt6lidj6W6/1/LIqxa3XfWLz66UAbB2ypWq1Wa/f9nKnWgG0siUG3ABiM/Is+vf7Nt3s09Lgv3HypcQGUxn072xp7SlHIypRbrm/7aSIizlT//jLdYovmIQAAmn07EhHPtRv/FeKhpnL/y9aGxiPi/xGxLyIeiIj9EfFgRL3swxHxSJf1t66QrB3/FG5sKrANSsd/L2ZrW3eP//LRX4wXs9zeevzl5OxiZeFY9p4cjfJImp9ep47vXvn58077msd/6ZbWn48Fs3bcKLVM0M3Prsz2EnOzm59EHCy1iz9ZXadKIuJARBzcZB2Lz3x9qNO+f49/HX1YZ6p9FfF04/hXoyX+XNJxfXL6hVMzJ6d2RmXh2FR+VkT80VLHjz9de7NT/T3F3wfp8d/d9vxPRkcbifFkZ8Ty5Svn6+u1y93Xce3Xzzpe02zu/F9cPTg7sscPZ1dWLk1H7EheX/v8zJ3X5vm8fBr/0SPt+/++7DVpZY9GRHoSH46IxyLi8aztT0TEkxFxZJ34f3j5qfe6j3+dWfk+SuOfb3/88yLjaerO8e8+UTz//Tfdx58r3EiSE/XU0eyZjXz+bbSBvbx3AAAA8F9RiIjRSAqTq+lCYXKy8Rv+/bG7GkvLK8+eXfrg4nzjHoHxKBfyma6xpvnQ6WxuOM/PtOSPZ/PGXxR31fOTc0uV+UEHD0NuT4f+n/qtOOjWAVvO/VowvPR/GF76Pwwv/R+Gl/4Pw6td//94AO0A7j3f/zC89H8YXvo/DK9O/d/v/2Bb63hvfKGnW/57TSSDqFSim0QUKpXqQE+SIUmUsn9mUd6qKkba7hr0JxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB//BMAAP//zJnhXA==")

6.366687747s ago: executing program 2 (id=1512):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='pagemap\x00')
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x0, 0x22, 0x85, {0x85, 0xd, "dba87b764ce4314d3aed6ebc3ca84addd87844d9de93d447389e7df2d34c27812cd3a30ffdbfae840eedceee1cf64df5f34028f543202c457c232cf856ac0ffe7238e97bd84ba6b4198dca9408643f77fe344f017727c29798d7c7edbebaa6b74c18da94b042a02a25775a5aa6185fb64ecb46b73a487d267319aade93738eddc7bb0b"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x85851acce13246f5, 0x9, 0x10, "020e301efb2a31d133105794773c2c83"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f00000003c0)={0x20, 0x80, 0x1c, {0x2, 0x4, 0x6, 0x7, 0x3, 0x7, 0xb, 0xfffffffe, 0xd9, 0x1, 0xc, 0x8}}, &(0x7f0000000400)={0x20, 0x85, 0x4, 0x6}, &(0x7f0000000440)={0x20, 0x83, 0x2}, &(0x7f0000000500)={0x20, 0x87, 0x2, 0xc3a1}, &(0x7f0000000540)={0x20, 0x89, 0x2, 0x1}})

6.241937386s ago: executing program 1 (id=1513):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0)
writev(r0, &(0x7f0000006280)=[{&(0x7f0000000240)="04008400000203", 0x7}, {&(0x7f0000000400)="4ecb052979b4d1", 0x7}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=@base={0x19, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r5 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000940)='batadv_slave_1\x00', 0x10)
sendmsg$inet(r5, &(0x7f00000004c0)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000140)="08001ebbb07d586e", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x8040)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00000000c0)=0x560, 0x4)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x28)
recvmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffdf4, 0x0}, 0x40002000)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xb8}}, 0x4040080)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
setresuid(0x0, r8, 0xee01)

5.769004365s ago: executing program 0 (id=1515):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000280)={[{@acl}, {@resuid={'resuid', 0x3d, 0xee01}}, {}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x453, &(0x7f0000000800)="$eJzs289vFFUcAPDvTLtFftmK+IMfahWNjT9aWlA5eNFo4kETEz3gsbSFIAs1tCZCiKIxeDQk3o0HDyb+BZ70YtSTiVe9GxJiuADGw5rZnWl3l+3Clm23sJ9PMvDezJu89+28t/tm3k4AfWs0+yeJ2BYRf0bEcC3bWGC09t+1K+dmrl85N5NEpfLOP0m13NUr52aKosV5W/PMWBqRfp7Enhb1Lpw5e2K6XJ47necnFk9+MLFw5uzzx09OH5s7Nndq6tChgwcmX3px6oWuxJm16eruj+f37nrjvYtvzRy+eOTX75Mi/qY4umS03cGnKpUuV9db2+vSyWAPG0JHBiIiu1yl6vgfjoFYvnjD8fpnPW0csKYqlUpl68qHz1eAu1gSvW4B0BvFF312/1ts6zT12BAuv1K7AcrivpZvtSODkeZlSk33t900GhGHz//7dbbF2jyHAABo8GM2/3mu1fwvjQfryt2brw2NRMR9EbEjIu6PiJ0R8UBEtexDEfFwh/U3L5LcOP9JL0XEf2u1WpLN/17O17Ya53/F7C9GBvLc9mr8peTo8fLc/vxvMhalTVl+sk0dP732x5crHauf/2VbVn8xF8zbcWlwU+M5s9OL07cTc73Ln0bsHmwVf7K0EpBExK6I2L3KOo4/893ePHkkaTp28/jb6MI6U+WbiKdr1/98NMVfSNqvT07cE+W5/RNFr7jRb79feLtxz/Wl7nxb8XdBdv23tOz/S/GPJPXrtQud13Hhry9WvKdZbf8fSt6tpofyfR9NLy6enowYSt6sNbp+/9TyuUW+KJ/FP7av9fjfEct/iT0RkXXiRyLi0Yh4LG/74xHxRETsaxP/L68++f7q42+h1PZoR7L4Zzu6/suJoWje0zoxcOLnHxoqHekk/uz6H6ymxvI9t/L5dyvtWl1vBgAAgDtPGhHbIknHl9JpOj5e+738ztiSlucXFp89Ov/hqdnaOwIjUUqLJ13Ddc9DJ/Pb+iI/1ZQ/kD83/mpgczU/PjNfnu118NDntq4w/jN/D7Q5sf7HQ8Cdy/ta0L+Mf+hfxj/0rzbj/9v1bAew/lqM/829aAew/lp9/3/Sg3YA669p/Ldb9gPuMp7/Qf8y/qF/tRn/XXzVGNhgFjbHzV+Sl5C4IRHphmiGxBolev3JBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0B3/BwAA//+b2u/O")
creat(&(0x7f00000001c0)='./bus\x00', 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)={0x73}, 0x8)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

5.670141595s ago: executing program 3 (id=1516):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = signalfd(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r6 = open(0x0, 0x400169042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r6, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xa, &(0x7f0000000340)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r7, 0x81fd)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000280)={0xb}, 0xb)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000000), 0x1670e68)
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020)
socket$inet_udplite(0x2, 0x2, 0x88)

5.514063455s ago: executing program 0 (id=1517):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='cachefiles_ondemand_cread\x00', 0xffffffffffffffff, 0x0, 0xcf9}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000009ed60aaf557aac16d4932190dd9625259b48281400e1d2067ae8c6", @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0}, 0x18)
mmap(&(0x7f000000b000/0x4000)=nil, 0x4000, 0x1000005, 0x8012, 0xffffffffffffffff, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5}, &(0x7f0000000280), &(0x7f0000000080)}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)}], 0x1}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000040000000800"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

4.931183763s ago: executing program 1 (id=1518):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0)
writev(r0, &(0x7f0000006280)=[{&(0x7f0000000240)="04008400000203", 0x7}, {0x0}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=@base={0x19, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r5 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000940)='batadv_slave_1\x00', 0x10)
sendmsg$inet(r5, &(0x7f00000004c0)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000140)="08001ebbb07d586e", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x8040)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f00000000c0)=0x560, 0x4)
write$binfmt_aout(r7, &(0x7f0000000000)=ANY=[], 0x28)
recvmsg(r7, &(0x7f0000000080)={0x0, 0xfffffdf4, 0x0}, 0x40002000)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xb8}}, 0x4040080)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, 0x0, <r9=>0x0}, 0x2020)
setresuid(0x0, r9, 0xee01)

4.818683413s ago: executing program 3 (id=1520):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000080)=0x45d0f620, 0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x5, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000021000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r7 = socket$inet6(0xa, 0x80002, 0x204)
sendmmsg$inet6(r7, &(0x7f00000029c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="140029"], 0x18}}], 0x2, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000010001fff00"/20, @ANYRES32=r6, @ANYBLOB="000000000000000014001280090001724cce5571833f215d5c4ccd8f29c0440af773c479a5812edacace5cf84b7264caa103b5a3ab967bc8a3a9dbd3acbf02e17f9ec0ead3d54d9094c0fd1ceff8344246c31720516962f65a90642a924f5f9f94e0580df28d23339ced7263962d83f4a07a95daffe4dc5b2c86f1e015b6f39b8abb4c822d7dc7ad3c8d342e9345887c320c6c28aaa88d96f2dcadba8470"], 0x34}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004000)={&(0x7f0000000600)=@newtaction={0x18, 0x30, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1100}, [{0x4}]}, 0x18}}, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
syz_emit_ethernet(0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd602000f300200600fc000000000000000000000000000001fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="80020000907800011e0c1f000180000007000000"], 0x0)

4.506183512s ago: executing program 0 (id=1522):
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5}, {0x7, 0x0, 0x2}, {}, {}, {0x85, 0x0, 0x0, 0x2}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xba)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x50, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @dev}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x50}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x9, 0x10, 0x7ff, 0x42d0d, 0xffffffffffffffff, 0x8, '\x00', r6, r0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000100))
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000003c0)={0x18, 0x0, &(0x7f0000000300)=[@acquire, @request_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@clear_death={0x400c630e}], 0x0, 0x0, 0x0})
syz_usb_ep_write(r2, 0x82, 0x5, &(0x7f0000002340)='hello')
write(r1, &(0x7f0000000340), 0x11000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='pagemap\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='fd/3\x00')
syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x0, 0x22, 0x85, {0x85, 0xd, "dba87b764ce4314d3aed6ebc3ca84addd87844d9de93d447389e7df2d34c27812cd3a30ffdbfae840eedceee1cf64df5f34028f543202c457c232cf856ac0ffe7238e97bd84ba6b4198dca9408643f77fe344f017727c29798d7c7edbebaa6b74c18da94b042a02a25775a5aa6185fb64ecb46b73a487d267319aade93738eddc7bb0b"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x85851acce13246f5, 0x9, 0x10, "020e301efb2a31d133105794773c2c83"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f00000003c0)={0x20, 0x80, 0x1c, {0x2, 0x4, 0x6, 0x7, 0x3, 0x7, 0xb, 0xfffffffe, 0xd9, 0x1, 0xc, 0x8}}, &(0x7f0000000400)={0x20, 0x85, 0x4, 0x6}, &(0x7f0000000440)={0x20, 0x83, 0x2}, &(0x7f0000000500)={0x20, 0x87, 0x2, 0xc3a1}, &(0x7f0000000540)={0x20, 0x89, 0x2, 0x1}})
poll(&(0x7f0000000100)=[{r1}], 0x1, 0x3f6)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

4.035575591s ago: executing program 1 (id=1523):
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5}, {0x7, 0x0, 0x2}, {}, {}, {0x85, 0x0, 0x0, 0x2}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xba)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x50, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @dev}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x50}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x9, 0x10, 0x7ff, 0x42d0d, 0xffffffffffffffff, 0x8, '\x00', r5, r0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x18, 0x0, &(0x7f0000000300)=[@acquire, @request_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@clear_death={0x400c630e}], 0x0, 0x0, 0x0})
syz_usb_ep_write(r1, 0x82, 0x5, &(0x7f0000002340)='hello')
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='pagemap\x00')
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x0, 0x22, 0x85, {0x85, 0xd, "dba87b764ce4314d3aed6ebc3ca84addd87844d9de93d447389e7df2d34c27812cd3a30ffdbfae840eedceee1cf64df5f34028f543202c457c232cf856ac0ffe7238e97bd84ba6b4198dca9408643f77fe344f017727c29798d7c7edbebaa6b74c18da94b042a02a25775a5aa6185fb64ecb46b73a487d267319aade93738eddc7bb0b"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x85851acce13246f5, 0x9, 0x10, "020e301efb2a31d133105794773c2c83"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f00000003c0)={0x20, 0x80, 0x1c, {0x2, 0x4, 0x6, 0x7, 0x3, 0x7, 0xb, 0xfffffffe, 0xd9, 0x1, 0xc, 0x8}}, &(0x7f0000000400)={0x20, 0x85, 0x4, 0x6}, &(0x7f0000000440)={0x20, 0x83, 0x2}, &(0x7f0000000500)={0x20, 0x87, 0x2, 0xc3a1}, &(0x7f0000000540)={0x20, 0x89, 0x2, 0x1}})

3.962712821s ago: executing program 4 (id=1524):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f00000003c0)={0x0, 0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000440))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x19, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="000032a52087bde616ce59eb5d584d5740365517ad21f058e82ec7478f431382cb488ac5ddd77a67786019a0f629777582fc430000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0x0, 0x0, "8723c102f47b6be1"})
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007ed, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, 0x6c)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000120009090000000000000000070000030000000000000000000000002e00e800000000000000b77b9d954bc6f5035e720000000020001000000000000000cf6603"], 0x50}}, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r6, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x4}}, 0x10, 0x0}, 0x0)
sendmsg$tipc(r6, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(r5, 0x0, 0x0, 0x0)

3.087960368s ago: executing program 4 (id=1525):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000100)=0x40, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f00000018c0)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000260608000fff52004507000002000000240600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ff2d350100000000009500000000000000050000000000000095000000f7ffffff1e1bd1fe4b3af9c97925711095cc1a3a25b9418ffdc4a1da470a14e4391c3fb6915cbff2a4911fe82664d775cdb9dfc83fa32db39b636c1866b526185f4ab35172a74e9afe751664f580a6c5bccf1ef6583e0c1cd1f7fe416be4278613dae5fbcd1714f63b545d08c2963a5a7231a91d595db8ef17d1af77506ab68c1df70237cc61b8b001f5dc9a200bc6328ea3277387562eefdeae09ab8d05ee86edc8f0cce9c7bcc809c5db956dbfa9fff683317a8f7855872008d59426e609"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$nl_route(0x10, 0x3, 0x0)
accept(r2, &(0x7f0000000d00)=@caif=@dgm, &(0x7f0000000d80)=0x80)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl0\x00', <r5=>r4, 0x2f, 0x3, 0x10, 0x3, 0x1, @ipv4={'\x00', '\xff\xff', @broadcast}, @loopback, 0x80, 0x8000, 0x7, 0x2}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@gettclass={0x24, 0x2a, 0x100, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xa, 0xfff2}, {0xfff1, 0x4}, {0xfff1}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000005}, 0x801)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r4, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036887fbd52a5e1fcea0727799ee9e5e9baae5f8277a40aff68ba9e83af16f27eb4bf9c5082104f742d5b1b64aaae3685243d377c8eac4bd12912ae07000000739e86a9c93e873fce4a279cfe772d8cd772f5b9b46344ddfe6524b151263239f46057b7bef5dcd488b1251ccfc9f859f1fedbc4de4f0d9f89b5c8a9341af2ef7b77660001000000000000426d4210461f3346f738c73fdfefa14cedcc9f5caa9c587555248b8a4b2f1672", @ANYRES32], 0x38}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f00000003c0)="240000001e005f0414fffffffffffff807000000b800000000000000080005000d000000", 0x24)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r7, &(0x7f0000000cc0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000700)={&(0x7f00000007c0)={0x4e0, r8, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x40}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x401}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}]}, @TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x43, 0x4, {'gcm(aes)\x00', 0x1b, "d0088d1591ce81346a0b991c3385920aa7b682c1c6ab3452240cc4"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NODE={0x11c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}, @TIPC_NLA_NODE_ID={0xb5, 0x3, "75e4bcac08acee49d6f003b4ce00bd0004188d3adeb8bdc87c98701c9941f08413e82336ba230fbc0d47c7c7d12be011e247b8bb43e8875ebec472e152a638cb13fc3b471f36ccf30d0cf2ef538c25fdee4c18dbf069ee788cdac5b3b48245cbad161ee7e14a717cb6295306dd8a158d2961ea1d495ff669ca1a5fdb616f8820cf85504152e2373d61097ddb9fb4e539af89ba416de077c01020118f860dd7e5e6f56ca3cef14a233cdea4b5fbd737de80"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x893}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "493d829e24354cee7ec8715363483aca45ae1a2061b8467e6cbb1f04441fda"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffffffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}]}, @TIPC_NLA_NODE={0x164, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ID={0xf9, 0x3, "bb6f9aade65c9f3db104d7d042dcfe753bc8f10f1887614e4f5fe66e2ff8a138afe42d83ea275c471e8f16f3adb5d7ffc33b2f49ed7fd9169d2d583ce2b9338957c22dc4e8381acf07d814ba9cbdadefc4f83bc493d82221fe1df6174c3b687769e3021a75b92c3d092782f6ea5c95d09a0f249a94829adbb685e7d0e09e3039dc7efa4aa2b86fa929735389e7780ab1664b13f2ae023e6ffe9c3e9b2761c4865cdd00648d0fb8a97095db789a97db80e29532fd39d0ac616d91cf408fb63e711b96b1c1cee370ee11b2f864465c8119be08b7d3b8f708efbae4a672cd9ea8436811baad6508453b4437aaa70ececaafc17db388b4"}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "178671f6e21cc27e86d91c3cfbb9e591256405e884411b0185d60428b252034c"}}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}]}, @TIPC_NLA_NODE={0x178, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xd9, 0x3, "71397193c239d3e77c4c9fc67b511e9359a5fa1a6287c21cfc41fa7b7262a64be1fd5eec1f5d463c2ce34049756a58378f3f73a87955e518ece562e86f964ec4a7e05f2fb1f99e6632415c55598ce25b855f2fe1d09347bdb2805143251142ac827aced1c4bf3fef21d365c3ce03377cb54ac6be4263b203bcef5ba7fc91711c3fd41fb6a2ce105fc18bb3f21c16d09188f9ad63f826c785e48f7f1af529845fb3864d862d2b75f534c8257d7e0bb24f3c4b893d912ac3001cfb71160479072bcda8168a021c6a671eacf73660328f2010e55529c8"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ID={0x83, 0x3, "99520f92a974030d09dac9e518ed02d87930a38e4256be3eaa96b367b7462cd30ce6acc637c10aef99f9940d9c80f0ae469482eaebcc7ab64437cc675f925ed94070b73b53b564695fad3b7e44b46c248579f85998db22b69bbac6086cd8c5a1bc62acabc597b127b976ccde52db48eb75e6ac1bbaa744be7afee9a9a7015a"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x4e0}, 0x1, 0x0, 0x0, 0x48c1}, 0x20000000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x80, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, r6, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x60, 0x12, 0x0, 0x1, @sit={{0x8}, {0x54, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r4}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x80}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e22}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2d}}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x7000}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xffffffff}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x16}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xee}, @IFLA_IPTUN_ENCAP_SPORT={0x2, 0x11, 0x4e21}]}}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000540)={'ip6tnl0\x00', r6, 0x2f, 0x2, 0x4c, 0x2, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}, @local, 0x1, 0x7, 0x7, 0xffff}})
r9 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000040)={@remote, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r10, &(0x7f0000000500)={&(0x7f0000000000)={0xa, 0x4e20, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000080)="1d8c5ef1cfbbc085db557e8983561b844d77f81b14195f28dfc4d0c6110745dd503616d36b22140af5d4e05bbe4690cd6c0d6a3cd798a11a70126a2399a17f5e1a5574b2b1f5343bcefc602a7bd71629c15fcc780ab7a01e900ad46a22c5e59d2fad848c1fdd1c3fc7cbac06615df5e0d5744e1787da87d7bbcc9799dbbbfd8187ce2ba3a81697271f63bf8f1ab944040be54a0ad05e8e786bc2db30c45490897aed4d95f902aa82f07ae46e8417", 0xae}, {&(0x7f0000000140)="4552ac2a8320ab7706b6fd18315c12e5779d5e4b1408d1d1ff5ca0246ab966e1150684ffdebef80bd023672c09faf7bd00f2dd53c43b1a35c5c93fd3d6304b226f439e7add268769bffc0b4557b53276dc590778683fb2a735455b65e43bfbd88baa1721ce15dfec7dbe08629d6cb35a1cacffa2ca6b26fa11908c5b364b8d68644b0c382784ed88a01095a9e28e0efea0d5a1a3e965349a53336e5b24cc312c7f06e34231735748aa9a685ca0b484441c66a505a133f874f7775c5a8ec5b9674ffd0ee9e23afbed5971205a896d98fb4c866dc45d08e4159f2ac623c076519052cc", 0xe2}, {&(0x7f0000000240)="d34269f7fc9b0332940c14b27f7a483c617612432c79cd24165ad1fee045fa3d09603786fcb8dba324d2bcbc883a6e8d4ef094b6af11093571d8229c3742ae06d5e0ef02308120fb908deec700a3593e2dc993cb6ea3733a222343f2475f45bfa435d60d16040231305679f301d8518a9d46c8effb35372674bad3d9f25641f4b0b892813e9ee2ab21a6dfe20d19aa024adfc84e444ecbcdfd194ae47f4819d17a12bbada4f0425e3035b2854ed3d78d80a4215965f1e3bb07d5df5b8f3e39ab8708d4e9ec77af24d3eabd8b71d59e02b74fadc6331ebe772501fb3d387bbe65ca13bd", 0xe3}], 0x3, &(0x7f0000000380)=[@rthdr={{0x28, 0x29, 0x39, {0x2b, 0x2, 0x1, 0x5, 0x0, [@mcast1]}}}, @rthdr={{0x48, 0x29, 0x39, {0x5e, 0x6, 0x2, 0x7f, 0x0, [@local, @mcast1, @private2]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x6}}, @rthdr_2292={{0xb8, 0x29, 0x39, {0x33, 0x14, 0x0, 0xc0, 0x0, [@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, @loopback, @remote, @private2={0xfc, 0x2, '\x00', 0x1}]}}}, @dstopts_2292={{0x38, 0x29, 0x4, {0x1, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x6}, @ra={0x5, 0x2, 0x3ff}, @jumbo={0xc2, 0x4, 0xfffffff9}, @enc_lim={0x4, 0x1, 0x3f}, @enc_lim={0x4, 0x1, 0x9b}, @pad1, @enc_lim={0x4, 0x1, 0x4}, @jumbo={0xc2, 0x4, 0x3}]}}}], 0x178}, 0x0)

3.059702858s ago: executing program 4 (id=1526):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0)
writev(r0, &(0x7f0000006280)=[{&(0x7f0000000240)="04008400000203", 0x7}, {0x0}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=@base={0x19, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r5 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0)
sendmsg$inet(r5, &(0x7f00000004c0)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000140)="08001ebbb07d586e", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x8040)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f00000000c0)=0x560, 0x4)
write$binfmt_aout(r7, &(0x7f0000000000)=ANY=[], 0x28)
recvmsg(r7, &(0x7f0000000080)={0x0, 0xfffffdf4, 0x0}, 0x40002000)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xb8}}, 0x4040080)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, 0x0, <r9=>0x0}, 0x2020)
setresuid(0x0, r9, 0xee01)

2.304044037s ago: executing program 2 (id=1527):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0x401}, 0x20}}, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000003380))
r2 = eventfd2(0x0, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty, 0x4}}}, 0x108)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r6, 0x4008af14, &(0x7f0000000400)={0x3, 0x5})
r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
unshare(0x22020600)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000dc0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r7, 0x85f3a000)

2.273759036s ago: executing program 3 (id=1528):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = signalfd(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r6 = open(&(0x7f0000000080)='./bus\x00', 0x400169042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r6, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xa, &(0x7f0000000340)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r7, 0x81fd)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000280)={0xb}, 0xb)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000000), 0x1670e68)
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020)
socket$inet_udplite(0x2, 0x2, 0x88)

2.169240886s ago: executing program 4 (id=1529):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0)
writev(r0, &(0x7f0000006280)=[{&(0x7f0000000240)="04008400000203", 0x7}, {&(0x7f0000000400)="4ecb052979b4d1", 0x7}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=@base={0x19, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r5 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000940)='batadv_slave_1\x00', 0x10)
sendmsg$inet(r5, &(0x7f00000004c0)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000140)="08001ebbb07d586e", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x8040)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00000000c0)=0x560, 0x4)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x28)
recvmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffdf4, 0x0}, 0x40002000)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xb8}}, 0x4040080)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
setresuid(0x0, r8, 0xee01)

1.855122045s ago: executing program 3 (id=1530):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = signalfd(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r6 = open(0x0, 0x400169042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r6, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xa, &(0x7f0000000340)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r7, 0x81fd)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000280)={0xb}, 0xb)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000000), 0x1670e68)
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020)
socket$inet_udplite(0x2, 0x2, 0x88)

1.446420624s ago: executing program 0 (id=1531):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000100)=0x40, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
sendmsg$inet6(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0xf}, 0x6b87bd76ddbcbbe)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f00000018c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
accept(r2, &(0x7f0000000d00)=@caif=@dgm, &(0x7f0000000d80)=0x80)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl0\x00', <r5=>r4, 0x2f, 0x3, 0x10, 0x3, 0x1, @ipv4={'\x00', '\xff\xff', @broadcast}, @loopback, 0x80, 0x8000, 0x7, 0x2}})
sendmsg$nl_route_sched(r3, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@gettclass={0x24, 0x2a, 0x100, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xa, 0xfff2}, {0xfff1, 0x4}, {0xfff1}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000005}, 0x801)
getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r4, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036887fbd52a5e1fcea0727799ee9e5e9baae5f8277a40aff68ba9e83af16f27eb4bf9c5082104f742d5b1b64aaae3685243d377c8eac4bd12912ae07000000739e86a9c93e873fce4a279cfe772d8cd772f5b9b46344ddfe6524b151263239f46057b7bef5dcd488b1251ccfc9f859f1fedbc4de4f0d9f89b5c8a9341af2ef7b77660001000000000000426d4210461f3346f738c73fdfefa14cedcc9f5caa9c587555248b8a4b2f1672", @ANYRES32], 0x38}}, 0x0)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), r3)
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000700)={&(0x7f00000007c0)={0x4e0, r7, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x40}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x401}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}]}, @TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x43, 0x4, {'gcm(aes)\x00', 0x1b, "d0088d1591ce81346a0b991c3385920aa7b682c1c6ab3452240cc4"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NODE={0x11c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}, @TIPC_NLA_NODE_ID={0xb5, 0x3, "75e4bcac08acee49d6f003b4ce00bd0004188d3adeb8bdc87c98701c9941f08413e82336ba230fbc0d47c7c7d12be011e247b8bb43e8875ebec472e152a638cb13fc3b471f36ccf30d0cf2ef538c25fdee4c18dbf069ee788cdac5b3b48245cbad161ee7e14a717cb6295306dd8a158d2961ea1d495ff669ca1a5fdb616f8820cf85504152e2373d61097ddb9fb4e539af89ba416de077c01020118f860dd7e5e6f56ca3cef14a233cdea4b5fbd737de80"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x893}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "493d829e24354cee7ec8715363483aca45ae1a2061b8467e6cbb1f04441fda"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffffffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}]}, @TIPC_NLA_NODE={0x164, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ID={0xf9, 0x3, "bb6f9aade65c9f3db104d7d042dcfe753bc8f10f1887614e4f5fe66e2ff8a138afe42d83ea275c471e8f16f3adb5d7ffc33b2f49ed7fd9169d2d583ce2b9338957c22dc4e8381acf07d814ba9cbdadefc4f83bc493d82221fe1df6174c3b687769e3021a75b92c3d092782f6ea5c95d09a0f249a94829adbb685e7d0e09e3039dc7efa4aa2b86fa929735389e7780ab1664b13f2ae023e6ffe9c3e9b2761c4865cdd00648d0fb8a97095db789a97db80e29532fd39d0ac616d91cf408fb63e711b96b1c1cee370ee11b2f864465c8119be08b7d3b8f708efbae4a672cd9ea8436811baad6508453b4437aaa70ececaafc17db388b4"}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "178671f6e21cc27e86d91c3cfbb9e591256405e884411b0185d60428b252034c"}}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}]}, @TIPC_NLA_NODE={0x178, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xd9, 0x3, "71397193c239d3e77c4c9fc67b511e9359a5fa1a6287c21cfc41fa7b7262a64be1fd5eec1f5d463c2ce34049756a58378f3f73a87955e518ece562e86f964ec4a7e05f2fb1f99e6632415c55598ce25b855f2fe1d09347bdb2805143251142ac827aced1c4bf3fef21d365c3ce03377cb54ac6be4263b203bcef5ba7fc91711c3fd41fb6a2ce105fc18bb3f21c16d09188f9ad63f826c785e48f7f1af529845fb3864d862d2b75f534c8257d7e0bb24f3c4b893d912ac3001cfb71160479072bcda8168a021c6a671eacf73660328f2010e55529c8"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ID={0x83, 0x3, "99520f92a974030d09dac9e518ed02d87930a38e4256be3eaa96b367b7462cd30ce6acc637c10aef99f9940d9c80f0ae469482eaebcc7ab64437cc675f925ed94070b73b53b564695fad3b7e44b46c248579f85998db22b69bbac6086cd8c5a1bc62acabc597b127b976ccde52db48eb75e6ac1bbaa744be7afee9a9a7015a"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x4e0}, 0x1, 0x0, 0x0, 0x48c1}, 0x20000000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x80, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, r6, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x60, 0x12, 0x0, 0x1, @sit={{0x8}, {0x54, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r4}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x80}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e22}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2d}}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x7000}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xffffffff}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x16}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xee}, @IFLA_IPTUN_ENCAP_SPORT={0x2, 0x11, 0x4e21}]}}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000540)={'ip6tnl0\x00', r6, 0x2f, 0x2, 0x4c, 0x2, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}, @local, 0x1, 0x7, 0x7, 0xffff}})
r8 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000040)={@remote, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r9, &(0x7f0000000500)={&(0x7f0000000000)={0xa, 0x4e20, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000080)="1d8c5ef1cfbbc085db557e8983561b844d77f81b14195f28dfc4d0c6110745dd503616d36b22140af5d4e05bbe4690cd6c0d6a3cd798a11a70126a2399a17f5e1a5574b2b1f5343bcefc602a7bd71629c15fcc780ab7a01e900ad46a22c5e59d2fad848c1fdd1c3fc7cbac06615df5e0d5744e1787da87d7bbcc9799dbbbfd8187ce2ba3a81697271f63bf8f1ab944040be54a0ad05e8e786bc2db30c45490897aed4d95f902aa82f07ae46e8417", 0xae}, {&(0x7f0000000140)="4552ac2a8320ab7706b6fd18315c12e5779d5e4b1408d1d1ff5ca0246ab966e1150684ffdebef80bd023672c09faf7bd00f2dd53c43b1a35c5c93fd3d6304b226f439e7add268769bffc0b4557b53276dc590778683fb2a735455b65e43bfbd88baa1721ce15dfec7dbe08629d6cb35a1cacffa2ca6b26fa11908c5b364b8d68644b0c382784ed88a01095a9e28e0efea0d5a1a3e965349a53336e5b24cc312c7f06e34231735748aa9a685ca0b484441c66a505a133f874f7775c5a8ec5b9674ffd0ee9e23afbed5971205a896d98fb4c866dc45d08e4159f2ac623c076519052cc", 0xe2}, {&(0x7f0000000240)="d34269f7fc9b0332940c14b27f7a483c617612432c79cd24165ad1fee045fa3d09603786fcb8dba324d2bcbc883a6e8d4ef094b6af11093571d8229c3742ae06d5e0ef02308120fb908deec700a3593e2dc993cb6ea3733a222343f2475f45bfa435d60d16040231305679f301d8518a9d46c8effb35372674bad3d9f25641f4b0b892813e9ee2ab21a6dfe20d19aa024adfc84e444ecbcdfd194ae47f4819d17a12bbada4f0425e3035b2854ed3d78d80a4215965f1e3bb07d5df5b8f3e39ab8708d4e9ec77af24d3eabd8b71d59e02b74fadc6331ebe772501fb3d387bbe65ca13bd", 0xe3}], 0x3, &(0x7f0000000380)=[@rthdr={{0x28, 0x29, 0x39, {0x2b, 0x2, 0x1, 0x5, 0x0, [@mcast1]}}}, @rthdr={{0x48, 0x29, 0x39, {0x5e, 0x6, 0x2, 0x7f, 0x0, [@local, @mcast1, @private2]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x6}}, @rthdr_2292={{0xb8, 0x29, 0x39, {0x33, 0x14, 0x0, 0xc0, 0x0, [@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, @loopback, @remote, @private2={0xfc, 0x2, '\x00', 0x1}]}}}, @dstopts_2292={{0x38, 0x29, 0x4, {0x1, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x6}, @ra={0x5, 0x2, 0x3ff}, @jumbo={0xc2, 0x4, 0xfffffff9}, @enc_lim={0x4, 0x1, 0x3f}, @enc_lim={0x4, 0x1, 0x9b}, @pad1, @enc_lim={0x4, 0x1, 0x4}, @jumbo={0xc2, 0x4, 0x3}]}}}], 0x178}, 0x0)

1.445466084s ago: executing program 0 (id=1532):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='cachefiles_ondemand_cread\x00', 0xffffffffffffffff, 0x0, 0xcf9}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000009ed60aaf557aac16d4932190dd9625259b48281400e1d2067ae8c6", @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0}, 0x18)
mmap(&(0x7f000000b000/0x4000)=nil, 0x4000, 0x1000005, 0x8012, 0xffffffffffffffff, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5}, &(0x7f0000000280), &(0x7f0000000080)}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)}], 0x1}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000040000000800"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

1.416896014s ago: executing program 2 (id=1533):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet(0x2, 0x3, 0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e3, &(0x7f0000000340)="5952c7a52b6fadf25b469c74fcd9a5f41745e0818d2c0d6bf479e75acc7e9e15a3293840644caf351b7c879e16cfa878de8ed367a5af8f836a15be018c863d13e5f5cc5cbfb570fe91bc0516e315847fb5404ba99fde08f48e1cdfcd22668201a4b855b043b1af1725b3017376")
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x420000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000580)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000240)={@in={{0x2, 0x4e22, @private=0xa010102}}, 0x0, 0x2, 0x4b, 0x0, "00000000000000000000000000000000000000f3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000008000"}, 0xd8)
sendto$inet(r3, 0x0, 0x0, 0x487bb, &(0x7f0000000000)={0x2, 0x4e26, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@gettfilter={0x24, 0x2e, 0x1}, 0x24}}, 0x0)
gettid()
chmod(&(0x7f00000000c0)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@nfs_export_off, 0x0}], [], 0x2c})
creat(0x0, 0x0)
open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0)

865.533692ms ago: executing program 4 (id=1534):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f00000003c0)={0x1, &(0x7f0000000040)=[{0x8000, 0x5, 0x20, 0x101}]})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x19, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="000032a52087bde616ce59eb5d584d5740365517ad21f058e82ec7478f431382cb488ac5ddd77a67786019a0f629777582fc4300"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0x0, 0x0, "8723c102f47b6be1"})
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007ed, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, 0x6c)
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000120009090000000000000000070000030000000000000000000000002e00e800000000000000b77b9d954bc6f5035e720000000020001000000000000000cf6603"], 0x50}}, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
listen(r6, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
accept4(r6, 0x0, 0x0, 0x0)

861.313662ms ago: executing program 3 (id=1535):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000100)=0x40, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f00000018c0)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000260608000fff52004507000002000000240600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ff2d350100000000009500000000000000050000000000000095000000f7ffffff1e1bd1fe4b3af9c97925711095cc1a3a25b9418ffdc4a1da470a14e4391c3fb6915cbff2a4911fe82664d775cdb9dfc83fa32db39b636c1866b526185f4ab35172a74e9afe751664f580a6c5bccf1ef6583e0c1cd1f7fe416be4278613dae5fbcd"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
accept(r2, &(0x7f0000000d00)=@caif=@dgm, &(0x7f0000000d80)=0x80)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl0\x00', <r5=>r4, 0x2f, 0x3, 0x10, 0x3, 0x1, @ipv4={'\x00', '\xff\xff', @broadcast}, @loopback, 0x80, 0x8000, 0x7, 0x2}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@gettclass={0x24, 0x2a, 0x100, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xa, 0xfff2}, {0xfff1, 0x4}, {0xfff1}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000005}, 0x801)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r4, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036887fbd52a5e1fcea0727799ee9e5e9baae5f8277a40aff68ba9e83af16f27eb4bf9c5082104f742d5b1b64aaae3685243d377c8eac4bd12912ae07000000739e86a9c93e873fce4a279cfe772d8cd772f5b9b46344ddfe6524b151263239f46057b7bef5dcd488b1251ccfc9f859f1fedbc4de4f0d9f89b5c8a9341af2ef7b77660001000000000000426d4210461f3346f738c73fdfefa14cedcc9f5caa9c587555248b8a4b2f1672", @ANYRES32], 0x38}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f00000003c0)="240000001e005f0414fffffffffffff807000000b800000000000000080005000d000000", 0x24)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r7, &(0x7f0000000cc0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000700)={&(0x7f00000007c0)={0x4e0, r8, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x40}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x401}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}]}, @TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x43, 0x4, {'gcm(aes)\x00', 0x1b, "d0088d1591ce81346a0b991c3385920aa7b682c1c6ab3452240cc4"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NODE={0x11c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}, @TIPC_NLA_NODE_ID={0xb5, 0x3, "75e4bcac08acee49d6f003b4ce00bd0004188d3adeb8bdc87c98701c9941f08413e82336ba230fbc0d47c7c7d12be011e247b8bb43e8875ebec472e152a638cb13fc3b471f36ccf30d0cf2ef538c25fdee4c18dbf069ee788cdac5b3b48245cbad161ee7e14a717cb6295306dd8a158d2961ea1d495ff669ca1a5fdb616f8820cf85504152e2373d61097ddb9fb4e539af89ba416de077c01020118f860dd7e5e6f56ca3cef14a233cdea4b5fbd737de80"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x893}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "493d829e24354cee7ec8715363483aca45ae1a2061b8467e6cbb1f04441fda"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffffffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}]}, @TIPC_NLA_NODE={0x164, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ID={0xf9, 0x3, "bb6f9aade65c9f3db104d7d042dcfe753bc8f10f1887614e4f5fe66e2ff8a138afe42d83ea275c471e8f16f3adb5d7ffc33b2f49ed7fd9169d2d583ce2b9338957c22dc4e8381acf07d814ba9cbdadefc4f83bc493d82221fe1df6174c3b687769e3021a75b92c3d092782f6ea5c95d09a0f249a94829adbb685e7d0e09e3039dc7efa4aa2b86fa929735389e7780ab1664b13f2ae023e6ffe9c3e9b2761c4865cdd00648d0fb8a97095db789a97db80e29532fd39d0ac616d91cf408fb63e711b96b1c1cee370ee11b2f864465c8119be08b7d3b8f708efbae4a672cd9ea8436811baad6508453b4437aaa70ececaafc17db388b4"}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "178671f6e21cc27e86d91c3cfbb9e591256405e884411b0185d60428b252034c"}}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}]}, @TIPC_NLA_NODE={0x178, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xd9, 0x3, "71397193c239d3e77c4c9fc67b511e9359a5fa1a6287c21cfc41fa7b7262a64be1fd5eec1f5d463c2ce34049756a58378f3f73a87955e518ece562e86f964ec4a7e05f2fb1f99e6632415c55598ce25b855f2fe1d09347bdb2805143251142ac827aced1c4bf3fef21d365c3ce03377cb54ac6be4263b203bcef5ba7fc91711c3fd41fb6a2ce105fc18bb3f21c16d09188f9ad63f826c785e48f7f1af529845fb3864d862d2b75f534c8257d7e0bb24f3c4b893d912ac3001cfb71160479072bcda8168a021c6a671eacf73660328f2010e55529c8"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ID={0x83, 0x3, "99520f92a974030d09dac9e518ed02d87930a38e4256be3eaa96b367b7462cd30ce6acc637c10aef99f9940d9c80f0ae469482eaebcc7ab64437cc675f925ed94070b73b53b564695fad3b7e44b46c248579f85998db22b69bbac6086cd8c5a1bc62acabc597b127b976ccde52db48eb75e6ac1bbaa744be7afee9a9a7015a"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x4e0}, 0x1, 0x0, 0x0, 0x48c1}, 0x20000000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x80, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, r6, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x60, 0x12, 0x0, 0x1, @sit={{0x8}, {0x54, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r4}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x80}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e22}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2d}}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x7000}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xffffffff}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x16}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0xee}, @IFLA_IPTUN_ENCAP_SPORT={0x2, 0x11, 0x4e21}]}}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000540)={'ip6tnl0\x00', r6, 0x2f, 0x2, 0x4c, 0x2, 0x20, @private0={0xfc, 0x0, '\x00', 0x1}, @local, 0x1, 0x7, 0x7, 0xffff}})
r9 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000040)={@remote, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r10, &(0x7f0000000500)={&(0x7f0000000000)={0xa, 0x4e20, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000080)="1d8c5ef1cfbbc085db557e8983561b844d77f81b14195f28dfc4d0c6110745dd503616d36b22140af5d4e05bbe4690cd6c0d6a3cd798a11a70126a2399a17f5e1a5574b2b1f5343bcefc602a7bd71629c15fcc780ab7a01e900ad46a22c5e59d2fad848c1fdd1c3fc7cbac06615df5e0d5744e1787da87d7bbcc9799dbbbfd8187ce2ba3a81697271f63bf8f1ab944040be54a0ad05e8e786bc2db30c45490897aed4d95f902aa82f07ae46e8417", 0xae}, {&(0x7f0000000140)="4552ac2a8320ab7706b6fd18315c12e5779d5e4b1408d1d1ff5ca0246ab966e1150684ffdebef80bd023672c09faf7bd00f2dd53c43b1a35c5c93fd3d6304b226f439e7add268769bffc0b4557b53276dc590778683fb2a735455b65e43bfbd88baa1721ce15dfec7dbe08629d6cb35a1cacffa2ca6b26fa11908c5b364b8d68644b0c382784ed88a01095a9e28e0efea0d5a1a3e965349a53336e5b24cc312c7f06e34231735748aa9a685ca0b484441c66a505a133f874f7775c5a8ec5b9674ffd0ee9e23afbed5971205a896d98fb4c866dc45d08e4159f2ac623c076519052cc", 0xe2}, {&(0x7f0000000240)="d34269f7fc9b0332940c14b27f7a483c617612432c79cd24165ad1fee045fa3d09603786fcb8dba324d2bcbc883a6e8d4ef094b6af11093571d8229c3742ae06d5e0ef02308120fb908deec700a3593e2dc993cb6ea3733a222343f2475f45bfa435d60d16040231305679f301d8518a9d46c8effb35372674bad3d9f25641f4b0b892813e9ee2ab21a6dfe20d19aa024adfc84e444ecbcdfd194ae47f4819d17a12bbada4f0425e3035b2854ed3d78d80a4215965f1e3bb07d5df5b8f3e39ab8708d4e9ec77af24d3eabd8b71d59e02b74fadc6331ebe772501fb3d387bbe65ca13bd", 0xe3}], 0x3, &(0x7f0000000380)=[@rthdr={{0x28, 0x29, 0x39, {0x2b, 0x2, 0x1, 0x5, 0x0, [@mcast1]}}}, @rthdr={{0x48, 0x29, 0x39, {0x5e, 0x6, 0x2, 0x7f, 0x0, [@local, @mcast1, @private2]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x6}}, @rthdr_2292={{0xb8, 0x29, 0x39, {0x33, 0x14, 0x0, 0xc0, 0x0, [@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, @loopback, @remote, @private2={0xfc, 0x2, '\x00', 0x1}]}}}, @dstopts_2292={{0x38, 0x29, 0x4, {0x1, 0x3, '\x00', [@enc_lim={0x4, 0x1, 0x6}, @ra={0x5, 0x2, 0x3ff}, @jumbo={0xc2, 0x4, 0xfffffff9}, @enc_lim={0x4, 0x1, 0x3f}, @enc_lim={0x4, 0x1, 0x9b}, @pad1, @enc_lim={0x4, 0x1, 0x4}, @jumbo={0xc2, 0x4, 0x3}]}}}], 0x178}, 0x0)

537.613102ms ago: executing program 0 (id=1536):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f00000003c0)={0x0, 0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000440))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x19, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="000032a52087bde616ce59eb5d584d5740365517ad21f058e82ec7478f431382cb488ac5ddd77a67786019a0f629777582fc430000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0x0, 0x0, "8723c102f47b6be1"})
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007ed, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, 0x6c)
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000120009090000000000000000070000030000000000000000000000002e00e800000000000000b77b9d954bc6f5035e720000000020001000000000000000cf6603"], 0x50}}, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r6, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r7, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x4}}, 0x10, 0x0}, 0x0)
sendmsg$tipc(r7, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(r6, 0x0, 0x0, 0x0)

164.21413ms ago: executing program 2 (id=1537):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000240)='./bus\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c646174615f666c7573682c66617374626f6f742c6a71666d743d76667376312c6e6f696e6c696e655f64656e7472792c7573726a71756f74613d66326673002c00ff371013587045d0d273e856ce75c2b11120ece6d6a76856a2cdd8c835ef14aa3aea583b7f3affd12ff9abc9b21098874a75607f009920ad1a283ce7b8b528e239692ab156e30dd8365f708e6c98cfcd0b30d5304dd70f87da026e2d4e4df1ad07ba72683f43d76541d455d1fa118f0900000009fe28bfded255e7c5806f05b80ec0e186b4f72759eb096a1fe6793e734fe61555f01ff9f23bc11370aa247215e8f1410ea4728bb2a2c2d20bc5e61b0a4c7ddb25da21c75f35f711581d1f5b8db3be07c80000000000000000"], 0x1, 0x54f4, &(0x7f0000005600)="$eJzs3M1rI2UYAPBn2u1+uxbx4G0HFqGFTdj0Y9Fb1V38wC7Fj4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJmZ6tYvhKaNtb8fTJ6ZN2+eed5QCs9MmADOrfn0px+SuBFXImI2Iq5H5PtJueXWivBMRNyMiJnHtqQc/23gYkRcjYgb4+RFzqR865Pbo1ur37/245dfX7pw7dMvvpneqoFpezYietvF/l6viFm7iA/L8fqok8feyqiMxRu9R+VxVsS91maeYa9+OK+ex+V2MT/b3h2MY5LUG+PY7mzl49v94oSDUfswT/6Bh/Wd/LjZ2sxjZ5DlsX1Q1LV/UPxvOxgMizzNMt/7efoYDg9jMd7abxXr2X6Ux0Z/WI4XebNma38cR2UsTxeNrNvM69g8zjf93/Z6p7+7n45aO4NO1k9Xq7XnqrW7ldpO1mwNWyuVeq95dyVdaHfH0yrDVr231s6ydrdVbWS9xXSh3WhUarV04V5rs1Pvp7Vadbl6p7K6WO7dTl9+8HbabaYL4/hip7877HQH6Va2kxafWEyXqsvPL6a3aumb6xvpxhv3769vvPXuvXcevLD+6kvlpD+VlS4s3VlaqtTuVJZqi+do/R+WRU9w/XAsybQLADh79P/ANEyj/9/qTq7/D/3/RJyp/ve89/8nsH44Fv0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC59e3cZ6/kO/PF8bVy/ImIm+Ohp8rjJCJmIuKXvzAbF4/knC3zzP3N/Lk/1PBVEnmG8TkuldvViFgrt5+fPOlvAQAAAP6/Pv/g5sdFt168zE+7IE5TcdFm5vp7E8qXRMTc/HcTyjYzfnl6Qsnyv+8LsT+hbPkFrMsTSlZccrswqWz/yuyRcPmxkBRh5lTLAQAATsXRTuB0uxAAAABO00fTLoDpSOLwVubhveD8l/e/3xC8cuQIAAAAOIOSaRcAAAAAnLi8//+H5/+F5/8BAADA2Vc8/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiVnfvJSR2K4gB8Wuh7vD9GYpy7FWewDJfg0KFhAW6CJeAW3ABrwJlLMGBoS7QGE5PetpF8X9JebkN+nBIm515SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJzsZo/3l89tM3Z7tpJczcAAADAMZtiNS9fTKv5v/r6WX3pop5nEZFHxLHefRS/GpmjOqf44v3FpxqeIsqE/Wf8ro+/EXFdH6/nXX8LAAAAcLrWi+Ws6tar03ToguhTtWiT/79JlJdFRDF9SZSW70+XicLK3/c47hKllQtYk0Rh1ZLbOFXat4waw+TDkFVD3ms5AABAL5qdQL9dCAAAAH26HboAhpHFYSvzsBdc/vP+fUPwT2MGAAAA/EDZ0AUAAAAAnSv7f8//AwAAgNNWPf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALm2K1Xy9WM7a5mx37aS5GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjf15R4EQCIMw2Lu+M5n7H1YaNDU1qQLh428MBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu7nNY4qDgD4d2Z2trYqxig5RETBg17sdlNbe/WgBA/+CUJItzW69Ueagy1FyMWb5NyL6FFEUOKt/0PPLfRSbz3soYJnZWZnmmkacLV0Zpt8PvD2fWcY5n3fJIR8570EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2eW8vzoqPhWmcVudu3b+2XvS39/WFGzt3lotWxEmbST8dXm0eJEvdJQIAAMDRkdX1fUTczXdXiz5dKOv/vL6mqPl/eH4a1/X8/rq/7uvav2i//3bv5QcDLUzHKW56YWM8OvVoKr0nN8v59sK/XtErn3z57iUrvyDph9svTfLyeSbf3bz5fr8Mj7WRLQDwf5ys+yqofx8q+mGXiQFwZPQahXdd/2cL3eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IbJdjxbx0lELPf24sLt+9fWD+pv7NxZrtvZ69d3mvcsbpFHxIWN8ehUi3OZd5evXP1sbTwebbYfvBYR3Y1eBR/PcE1ElxkKHjdIq+/1ecnn6Qg6/sEEAMChk1etqOvv5rurxblkMeLvHx+u/99sxDFj/X/vk7O3mmM16/9hazOcf4OtS18OLl+5+vbGpbWLo4ujz99ZGb47PH3uzJlzg/JdycAbEwAAAB5PP4no76v/08VH1/9PNOKYsf7/6vvhN82xMvX/gfYW/brOBAAA4Gh78fW//kwOOJ/0+/H12tbW5nD6WR3H5kp5vNJBqv/Zsao16/9sseusAAAAgDZMtpOH1v/PN+KYcf3/uZ9e+aV5zywijlfr/yfXvxifb286c62NPyfueo4AAAB063jVmuv/ebn/P32w5SGNiLfemMbVvwGcqf7PPvj25+ZYzf3/p9ub4lxKl6bPo+yXInpLXWcEAADAYfZM1Ypi/498d/XTX0981Lf/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBt/wQAAP//K8ZAQg==")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x181001)
mkdir(0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlinkat(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r0, &(0x7f0000000340)='./file0\x00')

99.0007ms ago: executing program 1 (id=1538):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='pagemap\x00')
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x0, 0x22, 0x85, {0x85, 0xd, "dba87b764ce4314d3aed6ebc3ca84addd87844d9de93d447389e7df2d34c27812cd3a30ffdbfae840eedceee1cf64df5f34028f543202c457c232cf856ac0ffe7238e97bd84ba6b4198dca9408643f77fe344f017727c29798d7c7edbebaa6b74c18da94b042a02a25775a5aa6185fb64ecb46b73a487d267319aade93738eddc7bb0b"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x85851acce13246f5, 0x9, 0x10, "020e301efb2a31d133105794773c2c83"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1}, &(0x7f00000003c0)={0x20, 0x80, 0x1c, {0x2, 0x4, 0x6, 0x7, 0x3, 0x7, 0xb, 0xfffffffe, 0xd9, 0x1, 0xc, 0x8}}, &(0x7f0000000400)={0x20, 0x85, 0x4, 0x6}, &(0x7f0000000440)={0x20, 0x83, 0x2}, &(0x7f0000000500)={0x20, 0x87, 0x2, 0xc3a1}, &(0x7f0000000540)={0x20, 0x89, 0x2, 0x1}})

83.642501ms ago: executing program 3 (id=1539):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
rename(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
syz_open_dev$evdev(&(0x7f0000000240), 0x6, 0x400002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
io_setup(0x1, &(0x7f0000000740))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = syz_open_procfs(0x0, &(0x7f0000002040)='net/dev_mcast\x00')
read$FUSE(r3, &(0x7f00000020c0)={0x2020}, 0x2020)

0s ago: executing program 4 (id=1540):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f00000003c0)={0x2, &(0x7f0000000040)=[{0x8000, 0x5, 0x20, 0x101}, {0x40, 0x4f, 0x20, 0x5}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000440))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x19, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="000032a52087bde616ce59eb5d584d5740365517ad21f058e82ec7478f431382cb488ac5ddd77a67786019a0f629777582fc430000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0x0, 0x0, "8723c102f47b6be1"})
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007ed, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, 0x6c)
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000120009090000000000000000070000030000000000000000000000002e00e800000000000000b77b9d954bc6f5035e720000000020001000000000000000cf6603"], 0x50}}, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r6, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r7, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x4}}, 0x10, 0x0}, 0x0)
sendmsg$tipc(r7, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(r6, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

attributes in process `syz.2.1023'.
[  583.225727][  T700] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  583.232981][  T700] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  583.240810][  T700] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  583.257004][ T5733] F2FS-fs (loop4): invalid crc value
[  583.327126][ T5733] F2FS-fs (loop4): Found nat_bits in checkpoint
[  583.370486][ T5733] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  583.378244][ T5733] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  583.422740][ T5733] attempt to access beyond end of device
[  583.422740][ T5733] loop4: rw=2049, want=45104, limit=40427
[  584.020022][  T700] cdc_ncm 2-1:1.0: setting tx_max = 88
[  584.028863][  T700] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  584.161758][ T5756] F2FS-fs (loop3): invalid crc value
[  584.183118][ T5756] F2FS-fs (loop3): Found nat_bits in checkpoint
[  584.231008][ T5756] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  584.283230][ T5756] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  584.318722][ T3676] usb 2-1: USB disconnect, device number 16
[  584.322094][ T5782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1029'.
[  584.324596][ T3676] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  584.347427][ T5756] attempt to access beyond end of device
[  584.347427][ T5756] loop3: rw=2049, want=45104, limit=40427
[  585.107524][ T5815] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,
[  585.141060][ T5815] fuse: Bad value for 'fd'
[  585.166935][  T678] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  585.181955][  T678] EXT4-fs (loop4): Remounting filesystem read-only
[  585.385548][ T5830] netlink: 'syz.4.1035': attribute type 5 has an invalid length.
[  585.394131][ T5830] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1035'.
[  585.859348][ T5842] netlink: 'syz.0.1040': attribute type 4 has an invalid length.
[  586.031631][ T5846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1041'.
[  586.325658][ T3676] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  586.535723][  T700] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  586.805746][ T3676] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.915743][  T700] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.949722][ T5857] F2FS-fs (loop1): invalid crc value
[  586.965725][ T5859] F2FS-fs (loop0): invalid crc value
[  586.972321][ T5857] F2FS-fs (loop1): Found nat_bits in checkpoint
[  586.975082][ T5859] F2FS-fs (loop0): Found nat_bits in checkpoint
[  586.984615][ T3676] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  586.994256][ T3676] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.009290][ T3676] usb 4-1: Product: syz
[  587.010013][ T5857] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  587.017471][ T3676] usb 4-1: Manufacturer: syz
[  587.024009][ T3676] usb 4-1: SerialNumber: syz
[  587.030228][ T5857] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  587.039302][ T5859] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  587.055727][ T5859] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  587.072472][ T5857] attempt to access beyond end of device
[  587.072472][ T5857] loop1: rw=2049, want=45104, limit=40427
[  587.085902][  T700] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  587.095992][ T5859] attempt to access beyond end of device
[  587.095992][ T5859] loop0: rw=2049, want=45104, limit=40427
[  587.107059][  T700] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.114826][  T700] usb 3-1: Product: syz
[  587.209590][  T700] usb 3-1: Manufacturer: syz
[  587.213996][  T700] usb 3-1: SerialNumber: syz
[  587.944947][ T5880] netlink: 'syz.0.1049': attribute type 5 has an invalid length.
[  587.953137][ T5880] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1049'.
[  588.105677][  T706] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  588.267119][ T5848] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1042'.
[  588.295719][ T3676] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  588.301969][ T3676] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  588.309333][ T3676] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  588.467123][ T5850] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1043'.
[  588.475772][  T706] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  588.528188][  T700] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  588.538531][  T700] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  588.545819][  T700] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  588.555776][ T3676] cdc_ncm 4-1:1.0: setting tx_max = 88
[  588.562683][ T3676] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[  588.733789][  T706] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  588.777344][  T706] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.785176][  T706] usb 2-1: Product: syz
[  588.789190][  T706] usb 2-1: Manufacturer: syz
[  588.793588][  T706] usb 2-1: SerialNumber: syz
[  588.954404][   T23] kauditd_printk_skb: 29 callbacks suppressed
[  588.954412][   T23] audit: type=1326 audit(1738794396.480:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5849 comm="syz.2.1043" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f820956dde9 code=0x0
[  589.005714][  T700] cdc_ncm 3-1:1.0: setting tx_max = 88
[  589.012618][  T700] cdc_ncm 3-1:1.0 eth2: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  589.272116][  T700] usb 3-1: USB disconnect, device number 14
[  589.279464][  T700] cdc_ncm 3-1:1.0 eth2: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  589.797824][ T1234] usb 4-1: USB disconnect, device number 18
[  589.806451][ T1234] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[  590.034313][ T5878] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1048'.
[  590.841996][ T5962] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  590.851780][  T706] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  590.935832][  T706] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  590.938190][ T5962] EXT4-fs (loop3): Unsupported blocksize for fs encryption
[  590.969122][  T706] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  592.505851][  T706] cdc_ncm 2-1:1.0: setting tx_max = 88
[  592.540298][ T5988] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm syz.4.1059: Invalid block bitmap block 0 in block_group 0
[  592.554873][ T5988] Quota error (device loop4): write_blk: dquota write failed
[  592.562133][ T5988] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  592.573594][ T5988] EXT4-fs error (device loop4): ext4_free_blocks:4795: comm syz.4.1059: Freeing blocks not in datazone - block = 0, count = 4096
[  592.589970][ T5988] EXT4-fs error (device loop4): ext4_read_inode_bitmap:134: comm syz.4.1059: Invalid inode bitmap blk 0 in block_group 0
[  592.604431][ T5988] EXT4-fs error (device loop4) in ext4_free_inode:352: Corrupt filesystem
[  592.613822][ T5988] EXT4-fs (loop4): 1 orphan inode deleted
[  592.619388][ T5988] EXT4-fs (loop4): mounted filesystem without journal. Opts: ��; ,errors=continue
[  592.649348][  T706] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  593.125530][  T706] usb 2-1: USB disconnect, device number 17
[  593.134170][  T706] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  593.142824][  T180] Quota error (device loop4): remove_tree: Getting block too big (0 >= 9)
[  593.885130][ T6023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1066'.
[  594.119939][ T6025] fuse: Bad value for 'fd'
[  594.291246][ T6036] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  594.307472][ T6036] EXT4-fs (loop4): Unsupported blocksize for fs encryption
[  595.143223][ T6054] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1077'.
[  595.538825][ T6062] netlink: 'syz.0.1079': attribute type 5 has an invalid length.
[  595.615787][ T6062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1079'.
[  595.646822][  T706] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  595.779736][ T6069] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  595.789322][ T6069] ext4 filesystem being mounted at /207/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  595.825349][ T6075] fuse: Bad value for 'fd'
[  596.043873][ T6081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1083'.
[  596.315664][  T706] usb 3-1: Using ep0 maxpacket: 32
[  596.435722][  T706] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  596.443638][  T706] usb 3-1: config 0 has no interface number 0
[  596.605735][  T706] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  596.614615][  T706] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.623588][  T706] usb 3-1: Product: syz
[  596.627861][  T706] usb 3-1: Manufacturer: syz
[  596.632290][  T706] usb 3-1: SerialNumber: syz
[  596.637739][  T706] usb 3-1: config 0 descriptor??
[  596.676111][  T706] smsc95xx v1.0.6
[  596.938072][ T6094] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  596.947933][ T6094] EXT4-fs (loop3): Unsupported blocksize for fs encryption
[  597.027634][ T6097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1089'.
[  597.105793][  T706] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  597.116367][  T706] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  597.314848][ T6102] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm syz.4.1090: Invalid block bitmap block 0 in block_group 0
[  597.329779][ T6102] Quota error (device loop4): write_blk: dquota write failed
[  597.337092][ T6102] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  597.347167][ T6102] EXT4-fs error (device loop4): ext4_free_blocks:4795: comm syz.4.1090: Freeing blocks not in datazone - block = 0, count = 4096
[  597.361152][ T6102] EXT4-fs error (device loop4): ext4_read_inode_bitmap:134: comm syz.4.1090: Invalid inode bitmap blk 0 in block_group 0
[  597.374108][  T180] Quota error (device loop4): remove_tree: Getting block too big (0 >= 9)
[  597.382652][ T6102] EXT4-fs error (device loop4) in ext4_free_inode:352: Corrupt filesystem
[  597.391551][ T6102] EXT4-fs (loop4): 1 orphan inode deleted
[  597.397120][ T6102] EXT4-fs (loop4): mounted filesystem without journal. Opts: ��; ,errors=continue
[  597.485936][  T706] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  597.521280][  T706] smsc95xx: probe of 3-1:0.67 failed with error -71
[  597.575252][  T706] usb 3-1: USB disconnect, device number 15
[  597.753511][ T6108] netlink: 'syz.1.1091': attribute type 5 has an invalid length.
[  597.840640][ T6108] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1091'.
[  598.228417][ T6118] fuse: Invalid rootmode
[  598.825552][ T6118] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  598.835952][ T6118] EXT4-fs (loop1): external journal has bad superblock
[  599.435906][ T6144] netlink: 'syz.2.1102': attribute type 5 has an invalid length.
[  599.444187][ T6144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1102'.
[  599.864119][ T6152] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1104'.
[  600.073699][ T6154] F2FS-fs (loop1): invalid crc value
[  600.086635][ T6154] F2FS-fs (loop1): Found nat_bits in checkpoint
[  600.125283][ T6154] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  600.131960][ T6154] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  600.172688][ T6154] attempt to access beyond end of device
[  600.172688][ T6154] loop1: rw=2049, want=45104, limit=40427
[  600.570435][ T6170] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm syz.4.1108: Invalid block bitmap block 0 in block_group 0
[  600.584538][ T6170] Quota error (device loop4): write_blk: dquota write failed
[  600.591822][ T6170] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  600.601850][ T6170] EXT4-fs error (device loop4): ext4_free_blocks:4795: comm syz.4.1108: Freeing blocks not in datazone - block = 0, count = 4096
[  600.615955][ T6170] EXT4-fs error (device loop4): ext4_read_inode_bitmap:134: comm syz.4.1108: Invalid inode bitmap blk 0 in block_group 0
[  600.628833][  T695] Quota error (device loop4): remove_tree: Getting block too big (0 >= 9)
[  600.637621][ T6170] EXT4-fs error (device loop4) in ext4_free_inode:352: Corrupt filesystem
[  600.646355][ T6170] EXT4-fs (loop4): 1 orphan inode deleted
[  600.651939][ T6170] EXT4-fs (loop4): mounted filesystem without journal. Opts: ��; ,errors=continue
[  601.540705][  T700] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  601.935675][ T3676] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  601.951903][  T700] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  602.216292][  T700] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  602.238800][  T700] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.284116][  T700] usb 4-1: Product: syz
[  602.339754][  T700] usb 4-1: Manufacturer: syz
[  602.344206][  T700] usb 4-1: SerialNumber: syz
[  602.402739][ T6194] netlink: 'syz.0.1114': attribute type 5 has an invalid length.
[  602.418199][ T6194] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'.
[  602.475792][ T3676] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  602.665777][ T3676] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  602.677733][ T3676] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.685830][ T3676] usb 3-1: Product: syz
[  602.689959][ T3676] usb 3-1: Manufacturer: syz
[  602.694509][ T3676] usb 3-1: SerialNumber: syz
[  602.779120][ T6199] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1116'.
[  603.105667][  T706] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  603.465784][  T706] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  603.478432][ T6207] F2FS-fs (loop0): invalid crc value
[  603.485924][ T6207] F2FS-fs (loop0): Found nat_bits in checkpoint
[  603.506744][ T6164] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1107'.
[  603.511548][ T6207] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  603.522248][ T6207] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  603.529678][  T700] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  603.535983][  T700] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  603.543952][ T6207] attempt to access beyond end of device
[  603.543952][ T6207] loop0: rw=2049, want=45104, limit=40427
[  603.549204][  T700] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  603.635765][  T706] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  603.647677][  T706] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.711874][  T706] usb 2-1: Product: syz
[  603.715871][  T706] usb 2-1: Manufacturer: syz
[  603.720260][  T706] usb 2-1: SerialNumber: syz
[  603.807154][ T6179] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1111'.
[  603.825753][ T3676] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  603.832046][ T3676] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  603.839296][ T3676] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  603.935712][  T940] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  603.945746][  T700] cdc_ncm 4-1:1.0: setting tx_max = 88
[  603.952659][  T700] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[  604.085742][ T3676] cdc_ncm 3-1:1.0: setting tx_max = 88
[  604.092680][ T3676] cdc_ncm 3-1:1.0 eth2: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  604.151033][  T700] usb 4-1: USB disconnect, device number 19
[  604.166479][  T700] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[  604.175660][  T940] usb 5-1: Using ep0 maxpacket: 32
[  604.295715][  T940] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  604.303606][  T940] usb 5-1: config 0 has no interface number 0
[  604.418163][ T6262] fuse: Bad value for 'fd'
[  604.465764][  T940] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  604.474585][  T940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.484712][  T940] usb 5-1: Product: syz
[  604.489220][  T940] usb 5-1: Manufacturer: syz
[  604.493640][  T940] usb 5-1: SerialNumber: syz
[  604.498965][  T940] usb 5-1: config 0 descriptor??
[  604.536150][  T940] smsc95xx v1.0.6
[  604.687114][ T6269] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  604.697579][ T6269] EXT4-fs (loop3): Unsupported blocksize for fs encryption
[  604.875826][  T706] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  604.885663][  T706] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  604.894432][  T706] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  605.030053][  T940] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  605.041572][  T940] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  605.287719][ T6215] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1120'.
[  605.305796][  T940] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  605.316697][  T940] smsc95xx: probe of 5-1:0.67 failed with error -71
[  605.321487][ T3676] usb 3-1: USB disconnect, device number 16
[  605.324693][  T940] usb 5-1: USB disconnect, device number 8
[  605.335319][   T23] audit: type=1326 audit(1738794412.860:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6202 comm="syz.1.1118" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c1607ede9 code=0x0
[  605.359961][ T3676] cdc_ncm 3-1:1.0 eth2: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  605.405728][  T706] cdc_ncm 2-1:1.0: setting tx_max = 88
[  605.418473][  T706] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  605.676869][  T940] usb 2-1: USB disconnect, device number 18
[  605.695979][  T940] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  605.863665][ T6347] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1128'.
[  606.306518][ T6367]  loop2: p1 < > p2 p3 < p5 p6 > p4
[  606.311624][ T6367] loop2: partition table partially beyond EOD, truncated
[  606.318888][ T6367] loop2: p1 start 277760 is beyond EOD, truncated
[  606.325189][ T6367] loop2: p2 start 6684676 is beyond EOD, truncated
[  606.332743][ T6367] loop2: p5 start 6684676 is beyond EOD, truncated
[  606.417795][ T2947] print_req_error: 8 callbacks suppressed
[  606.417809][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  606.417967][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  606.423486][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  606.435894][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  606.445891][ T2947] buffer_io_error: 3 callbacks suppressed
[  606.445898][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  606.456216][ T6367] __loop_clr_fd: partition scan of loop2 failed (rc=-16)
[  606.469750][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  606.475931][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  606.480908][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  606.495766][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  606.516072][   T23] audit: type=1400 audit(1738794414.030:863): avc:  denied  { mounton } for  pid=6366 comm="syz.2.1131" path="/dev/loop2p3" dev="devtmpfs" ino=44344 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  606.600040][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  606.613666][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  606.626697][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  606.632803][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  606.638832][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  606.650656][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  606.656839][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  606.672230][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  606.680008][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  606.688112][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  606.701656][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  606.954950][  T940] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  607.508155][ T6373] F2FS-fs (loop1): invalid crc value
[  607.515879][ T6373] F2FS-fs (loop1): Found nat_bits in checkpoint
[  607.540083][ T6373] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  607.546759][ T6373] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  607.566324][ T6373] attempt to access beyond end of device
[  607.566324][ T6373] loop1: rw=2049, want=45104, limit=40427
[  607.655772][  T940] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  607.845731][  T940] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  607.875744][  T940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.883547][  T940] usb 3-1: Product: syz
[  607.887867][  T940] usb 3-1: Manufacturer: syz
[  607.892257][  T940] usb 3-1: SerialNumber: syz
[  608.368268][ T6406] netlink: 'syz.0.1141': attribute type 4 has an invalid length.
[  608.636362][  T940] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[  608.659307][  T940] cdc_ncm 3-1:1.0: bind() failure
[  608.743455][  T940] cdc_ncm 3-1:1.1: bind() failure
[  609.186289][  T940] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  609.545902][  T940] usb 5-1: Using ep0 maxpacket: 32
[  609.665755][  T940] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  609.673803][  T940] usb 5-1: config 0 has no interface number 0
[  609.835733][  T940] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  609.844597][  T940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.852651][  T940] usb 5-1: Product: syz
[  609.856697][  T940] usb 5-1: Manufacturer: syz
[  609.861053][  T940] usb 5-1: SerialNumber: syz
[  609.866728][  T940] usb 5-1: config 0 descriptor??
[  609.906198][  T940] smsc95xx v1.0.6
[  610.248662][ T6434] F2FS-fs (loop3): invalid crc value
[  610.285365][ T6434] F2FS-fs (loop3): Found nat_bits in checkpoint
[  610.316307][ T6434] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  610.322947][ T6434] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  610.336966][ T6445] fuse: Bad value for 'fd'
[  610.338479][ T6434] attempt to access beyond end of device
[  610.338479][ T6434] loop3: rw=2049, want=45104, limit=40427
[  610.356082][  T940] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  610.434247][  T940] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  610.478234][ T1266] usb 3-1: USB disconnect, device number 17
[  610.736890][  T940] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  610.768956][  T940] smsc95xx: probe of 5-1:0.67 failed with error -71
[  610.783658][  T940] usb 5-1: USB disconnect, device number 9
[  611.991079][  T733] print_req_error: 46 callbacks suppressed
[  611.998754][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  611.998800][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  612.013054][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  612.139872][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  612.405732][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  613.315815][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  613.340473][ T2950] buffer_io_error: 28 callbacks suppressed
[  613.340480][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  613.355456][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  613.364812][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  613.374734][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  613.386067][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  613.395052][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  613.407612][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  613.415481][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  613.435960][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  613.443852][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  613.465610][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  613.480258][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  613.480673][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  613.490265][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  613.775664][  T940] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  614.015647][  T940] usb 2-1: Using ep0 maxpacket: 32
[  614.135712][  T940] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  614.143606][  T940] usb 2-1: config 0 has no interface number 0
[  614.325830][  T940] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  614.340505][  T940] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.372944][  T940] usb 2-1: Product: syz
[  614.385671][  T940] usb 2-1: Manufacturer: syz
[  614.400265][  T940] usb 2-1: SerialNumber: syz
[  614.422376][  T940] usb 2-1: config 0 descriptor??
[  614.486348][  T940] smsc95xx v1.0.6
[  614.639751][ T6518] FAT-fs (loop3): Directory bread(block 64) failed
[  614.666349][ T6518] FAT-fs (loop3): Directory bread(block 65) failed
[  614.675950][ T6518] FAT-fs (loop3): Directory bread(block 66) failed
[  614.692464][ T6518] FAT-fs (loop3): Directory bread(block 67) failed
[  614.705741][ T6518] FAT-fs (loop3): Directory bread(block 68) failed
[  614.712064][ T6518] FAT-fs (loop3): Directory bread(block 69) failed
[  614.715704][  T700] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  614.718669][ T6518] FAT-fs (loop3): Directory bread(block 70) failed
[  614.732155][ T6518] FAT-fs (loop3): Directory bread(block 71) failed
[  614.738895][ T6518] FAT-fs (loop3): Directory bread(block 72) failed
[  614.745251][ T6518] FAT-fs (loop3): Directory bread(block 73) failed
[  615.045635][ T6521] F2FS-fs (loop4): invalid crc value
[  615.087699][  T940] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  615.099905][  T940] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  615.112318][ T6521] F2FS-fs (loop4): Found nat_bits in checkpoint
[  615.135373][ T6521] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  615.142164][ T6521] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  615.167198][ T6521] attempt to access beyond end of device
[  615.167198][ T6521] loop4: rw=2049, want=45104, limit=40427
[  615.251505][ T6529] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1165'.
[  615.285701][  T700] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  615.435780][  T940] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  615.446460][  T940] smsc95xx: probe of 2-1:0.67 failed with error -71
[  615.453936][  T940] usb 2-1: USB disconnect, device number 19
[  615.805864][  T700] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  615.824856][  T700] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.843195][  T700] usb 3-1: Product: syz
[  615.853015][  T700] usb 3-1: Manufacturer: syz
[  615.863107][  T700] usb 3-1: SerialNumber: syz
[  616.023035][ T6538] F2FS-fs (loop3): invalid crc value
[  616.039989][ T6538] F2FS-fs (loop3): Found nat_bits in checkpoint
[  616.063569][ T6538] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  616.070199][ T6538] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  616.085011][ T6538] attempt to access beyond end of device
[  616.085011][ T6538] loop3: rw=2049, want=45104, limit=40427
[  616.950424][ T6558] fuse: Bad value for 'fd'
[  617.008786][ T6562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1178'.
[  617.325681][  T706] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  617.346901][ T6514] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1168'.
[  617.365794][  T700] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  617.372155][  T700] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  617.379499][  T700] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  617.685736][  T706] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  617.785741][  T700] cdc_ncm 3-1:1.0: setting tx_max = 88
[  617.792748][  T700] cdc_ncm 3-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  617.866340][  T706] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  617.875342][  T706] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.883428][  T706] usb 2-1: Product: syz
[  617.887984][  T706] usb 2-1: Manufacturer: syz
[  617.892423][  T706] usb 2-1: SerialNumber: syz
[  618.178521][  T700] usb 3-1: USB disconnect, device number 18
[  618.190905][  T700] cdc_ncm 3-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  618.875889][ T6608] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm syz.4.1185: Invalid block bitmap block 0 in block_group 0
[  618.889935][ T6608] Quota error (device loop4): write_blk: dquota write failed
[  618.897193][ T6608] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  618.907210][ T6608] EXT4-fs error (device loop4): ext4_free_blocks:4795: comm syz.4.1185: Freeing blocks not in datazone - block = 0, count = 4096
[  618.921528][ T6608] EXT4-fs error (device loop4): ext4_read_inode_bitmap:134: comm syz.4.1185: Invalid inode bitmap blk 0 in block_group 0
[  618.934477][ T6109] Quota error (device loop4): remove_tree: Getting block too big (0 >= 9)
[  618.943045][ T6608] EXT4-fs error (device loop4) in ext4_free_inode:352: Corrupt filesystem
[  618.952056][ T6608] EXT4-fs (loop4): 1 orphan inode deleted
[  618.957626][ T6608] EXT4-fs (loop4): mounted filesystem without journal. Opts: ��; ,errors=continue
[  619.487890][ T2947] print_req_error: 40 callbacks suppressed
[  619.487902][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  619.507416][ T2948] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  619.583461][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  619.585755][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.609557][ T2948] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.625733][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.639170][ T2947] buffer_io_error: 25 callbacks suppressed
[  619.639178][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  619.645658][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  619.660536][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  619.661800][ T6564] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1179'.
[  619.693672][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.705807][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  619.713840][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.731662][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  619.739736][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.761869][ T6602] F2FS-fs (loop3): invalid crc value
[  619.769115][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  619.775762][  T706] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  619.783222][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.783491][  T706] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  619.798144][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  619.811561][ T6602] F2FS-fs (loop3): Found nat_bits in checkpoint
[  619.838196][  T706] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  619.856615][ T6634] netlink: 'syz.4.1187': attribute type 5 has an invalid length.
[  619.864825][ T6634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1187'.
[  619.919255][ T6602] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  619.921506][ T6637] netlink: 'syz.4.1189': attribute type 4 has an invalid length.
[  619.943484][ T6602] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  620.026699][ T6602] attempt to access beyond end of device
[  620.026699][ T6602] loop3: rw=2049, want=45104, limit=40427
[  620.069036][ T6643] fuse: Bad value for 'fd'
[  620.166587][ T6646] netlink: 'syz.4.1191': attribute type 5 has an invalid length.
[  620.177325][ T2950] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  620.186121][ T6633] F2FS-fs (loop0): invalid crc value
[  620.210286][ T6646] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1191'.
[  620.276721][ T2948] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  620.325377][  T748] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  620.412924][ T6633] F2FS-fs (loop0): Found nat_bits in checkpoint
[  620.447430][   T23] audit: type=1326 audit(1738794427.980:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6563 comm="syz.1.1179" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c1607ede9 code=0x0
[  620.474367][ T6633] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  620.492525][ T6633] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  620.509061][ T6633] attempt to access beyond end of device
[  620.509061][ T6633] loop0: rw=2049, want=45104, limit=40427
[  620.806915][  T706] cdc_ncm 2-1:1.0: setting tx_max = 88
[  620.814696][  T706] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  621.088368][  T700] usb 2-1: USB disconnect, device number 20
[  621.106360][  T700] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  622.045476][ T6708] netlink: 'syz.1.1200': attribute type 5 has an invalid length.
[  622.062408][ T6708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1200'.
[  622.239579][ T6676] F2FS-fs (loop2): invalid crc value
[  622.247727][ T6683] F2FS-fs (loop4): invalid crc value
[  622.602076][ T6683] F2FS-fs (loop4): Found nat_bits in checkpoint
[  622.702884][ T6676] F2FS-fs (loop2): Found nat_bits in checkpoint
[  622.764321][ T6676] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  622.771870][ T6676] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  622.781372][ T6683] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  622.791920][ T6683] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  622.850052][ T6676] attempt to access beyond end of device
[  622.850052][ T6676] loop2: rw=2049, want=45104, limit=40427
[  623.141679][ T6734] attempt to access beyond end of device
[  623.141679][ T6734] loop4: rw=2049, want=45104, limit=40427
[  623.286349][ T6738] fuse: Bad value for 'fd'
[  623.351263][ T6740] netlink: 'syz.3.1202': attribute type 4 has an invalid length.
[  623.904099][ T6746] F2FS-fs (loop4): invalid crc value
[  623.917808][ T6746] F2FS-fs (loop4): Found nat_bits in checkpoint
[  623.942018][ T6746] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  623.948671][ T6746] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  623.975178][ T6746] attempt to access beyond end of device
[  623.975178][ T6746] loop4: rw=2049, want=45104, limit=40427
[  624.832756][  T733] print_req_error: 40 callbacks suppressed
[  624.832769][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  624.851784][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  624.865664][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  624.883932][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  624.893714][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  624.913472][ T2947] buffer_io_error: 25 callbacks suppressed
[  624.913480][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  624.944939][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  624.955664][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  624.977072][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  624.993146][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  625.016824][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  625.024856][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  625.042470][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  625.053070][ T6767] F2FS-fs (loop2): invalid crc value
[  625.060155][ T6767] F2FS-fs (loop2): Found nat_bits in checkpoint
[  625.121719][ T6767] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  625.140162][ T6767] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  625.181383][ T6767] attempt to access beyond end of device
[  625.181383][ T6767] loop2: rw=2049, want=45104, limit=40427
[  625.265980][ T6769] F2FS-fs (loop1): invalid crc value
[  625.274498][ T6769] F2FS-fs (loop1): Found nat_bits in checkpoint
[  625.310932][ T6769] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  625.321406][ T6769] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  625.676626][ T6769] attempt to access beyond end of device
[  625.676626][ T6769] loop1: rw=2049, want=45104, limit=40427
[  626.747187][ T6804] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1216'.
[  626.922909][ T6803] F2FS-fs (loop3): invalid crc value
[  626.933446][ T6803] F2FS-fs (loop3): Found nat_bits in checkpoint
[  626.988873][ T6803] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  627.006175][ T6803] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  627.039435][ T6803] attempt to access beyond end of device
[  627.039435][ T6803] loop3: rw=2049, want=45104, limit=40427
[  627.063494][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  627.079846][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  627.090609][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  627.098452][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  627.106403][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  627.114268][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  627.122153][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  627.433528][ T6807] F2FS-fs (loop1): invalid crc value
[  627.473335][ T6807] F2FS-fs (loop1): Found nat_bits in checkpoint
[  627.566999][ T6807] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  627.575740][ T6827] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1229'.
[  627.593559][ T6807] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  627.613412][ T6818] F2FS-fs (loop4): invalid crc value
[  627.637699][ T6807] attempt to access beyond end of device
[  627.637699][ T6807] loop1: rw=2049, want=45104, limit=40427
[  627.657015][ T6818] F2FS-fs (loop4): Found nat_bits in checkpoint
[  627.694291][ T6818] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  627.737806][ T6818] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  627.777611][ T6818] attempt to access beyond end of device
[  627.777611][ T6818] loop4: rw=2049, want=45104, limit=40427
[  628.393398][ T6843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1224'.
[  629.785709][ T1234] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  630.233715][  T733] print_req_error: 48 callbacks suppressed
[  630.233729][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  630.252438][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  630.264071][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.275061][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.319500][ T1234] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  630.331442][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  630.342595][ T2947] buffer_io_error: 30 callbacks suppressed
[  630.342603][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  630.356627][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.367583][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  630.392762][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  630.467621][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.479907][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  630.489020][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.500913][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  630.560639][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.575348][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  630.583513][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.594961][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  630.655756][ T1234] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  630.673965][ T1234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.689048][ T1234] usb 4-1: Product: syz
[  630.697167][ T1234] usb 4-1: Manufacturer: syz
[  630.701591][ T1234] usb 4-1: SerialNumber: syz
[  630.728458][ T6885] netlink: 'syz.4.1234': attribute type 4 has an invalid length.
[  630.828807][ T6883] F2FS-fs (loop0): invalid crc value
[  630.848339][ T6883] F2FS-fs (loop0): Found nat_bits in checkpoint
[  630.886771][ T6883] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  630.893354][ T6883] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  630.908658][ T6883] attempt to access beyond end of device
[  630.908658][ T6883] loop0: rw=2049, want=45104, limit=40427
[  630.987144][ T6896] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1235'.
[  631.193573][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  631.204292][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  631.204670][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  631.249850][ T6900] fuse: Invalid rootmode
[  631.294542][ T6900] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  631.310777][ T6900] EXT4-fs (loop2): external journal has bad superblock
[  631.467416][ T6903] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  631.476993][ T6903] ext4 filesystem being mounted at /241/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  632.081507][ T6917] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1240'.
[  632.194918][ T6859] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1226'.
[  632.205780][ T1234] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  632.213149][ T1234] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  632.222626][ T1234] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  632.924080][   T23] audit: type=1326 audit(1738794440.450:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6857 comm="syz.3.1226" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f760da69de9 code=0x0
[  633.055257][ T1234] cdc_ncm 4-1:1.0: setting tx_max = 88
[  633.128215][ T1234] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[  633.311947][ T6948] fuse: Bad value for 'fd'
[  633.350519][  T700] usb 4-1: USB disconnect, device number 20
[  633.356622][  T700] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[  633.929157][ T6941] F2FS-fs (loop4): invalid crc value
[  633.968004][ T6941] F2FS-fs (loop4): Found nat_bits in checkpoint
[  634.013079][ T6984] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1251'.
[  634.094111][ T6941] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  634.109671][ T6941] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  634.134398][ T6964] F2FS-fs (loop2): invalid crc value
[  634.164652][ T6941] attempt to access beyond end of device
[  634.164652][ T6941] loop4: rw=2049, want=45104, limit=40427
[  634.196438][ T6964] F2FS-fs (loop2): Found nat_bits in checkpoint
[  634.410312][ T6964] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  634.672808][ T6964] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  634.764869][ T6964] attempt to access beyond end of device
[  634.764869][ T6964] loop2: rw=2049, want=45104, limit=40427
[  635.296813][ T7004] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  635.305576][ T7004] ext4 filesystem being mounted at /256/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  635.975245][ T7022] fuse: Bad value for 'fd'
[  636.286102][ T2948] print_req_error: 50 callbacks suppressed
[  636.286116][ T2948] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  636.304369][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  636.336740][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  636.357715][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.366003][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.379121][ T1266] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  636.380443][ T2950] buffer_io_error: 32 callbacks suppressed
[  636.380451][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  636.386512][ T2948] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.561610][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  636.688286][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.856719][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  636.920876][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  636.986692][ T1266] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  637.132181][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  637.149576][ T7040] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:455: comm syz.1.1262: Invalid block bitmap block 0 in block_group 0
[  637.380749][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  638.386551][ T7040] Quota error (device loop1): write_blk: dquota write failed
[  638.393815][ T7040] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  638.401095][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  638.403724][ T7040] EXT4-fs error (device loop1): ext4_free_blocks:4795: comm syz.1.1262: Freeing blocks not in datazone - block = 0, count = 4096
[  638.427343][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  638.427668][ T7040] EXT4-fs error (device loop1): ext4_read_inode_bitmap:134: comm syz.1.1262: Invalid inode bitmap blk 0 in block_group 0
[  638.444372][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  638.454645][ T7040] EXT4-fs error (device loop1) in ext4_free_inode:352: Corrupt filesystem
[  638.464086][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  638.467478][ T7040] EXT4-fs (loop1): 1 orphan inode deleted
[  638.480219][ T7040] EXT4-fs (loop1): mounted filesystem without journal. Opts: ��; ,errors=continue
[  638.526850][  T695] Quota error (device loop1): remove_tree: Getting block too big (0 >= 9)
[  638.568569][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  638.578639][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  638.584370][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  638.627552][ T1266] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  639.178327][ T1266] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.205957][ T1266] usb 4-1: Product: syz
[  639.212010][ T1266] usb 4-1: Manufacturer: syz
[  639.231679][ T1266] usb 4-1: SerialNumber: syz
[  639.265770][ T1266] usb 4-1: can't set config #1, error -71
[  639.273396][ T1266] usb 4-1: USB disconnect, device number 21
[  639.668802][ T7069] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  639.685799][ T7069] ext4 filesystem being mounted at /287/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  640.454293][ T7062] F2FS-fs (loop3): invalid crc value
[  640.461146][ T7062] F2FS-fs (loop3): Found nat_bits in checkpoint
[  640.500963][ T7062] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  640.513947][ T7062] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  640.579843][ T7053] F2FS-fs (loop2): invalid crc value
[  640.603564][ T7062] attempt to access beyond end of device
[  640.603564][ T7062] loop3: rw=2049, want=45104, limit=40427
[  640.617865][ T7089] netlink: 'syz.1.1272': attribute type 5 has an invalid length.
[  640.629902][ T7053] F2FS-fs (loop2): Found nat_bits in checkpoint
[  640.748910][ T7053] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  640.762201][ T7053] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  640.783878][ T7089] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1272'.
[  640.983407][ T7096] fuse: Invalid rootmode
[  641.014850][ T7096] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  641.015273][ T7053] attempt to access beyond end of device
[  641.015273][ T7053] loop2: rw=2049, want=45104, limit=40427
[  641.023377][ T7096] EXT4-fs (loop0): external journal has bad superblock
[  642.282515][ T7119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1281'.
[  642.355705][ T1266] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  642.436799][  T733] print_req_error: 18 callbacks suppressed
[  642.436812][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  642.455548][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  642.455583][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.455594][ T2947] buffer_io_error: 10 callbacks suppressed
[  642.455599][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  642.480987][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.504730][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.515549][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  642.523394][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  642.531728][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.544777][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  642.552962][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.563705][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  642.571568][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.582514][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  642.597602][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.614488][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  642.629583][ T1234] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  642.766053][ T1266] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  643.095746][ T1266] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  643.110441][ T1266] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.134407][ T1266] usb 5-1: Product: syz
[  643.147052][ T1266] usb 5-1: Manufacturer: syz
[  643.159685][ T1266] usb 5-1: SerialNumber: syz
[  643.309117][ T7137] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  643.319047][ T7137] EXT4-fs (loop1): Unsupported blocksize for fs encryption
[  643.443996][ T7140] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  643.453215][ T7140] ext4 filesystem being mounted at /249/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  643.905725][ T1234] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  643.995611][ T7151] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1287'.
[  644.096001][ T1234] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  644.104930][ T1234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.112672][ T1234] usb 4-1: Product: syz
[  644.116712][ T1234] usb 4-1: Manufacturer: syz
[  644.121063][ T1234] usb 4-1: SerialNumber: syz
[  644.286383][ T7111] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1278'.
[  644.305824][ T1266] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  644.312058][ T1266] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  644.319500][ T1266] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  644.722927][   T23] audit: type=1326 audit(1738794452.250:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.746214][   T23] audit: type=1326 audit(1738794452.260:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.769736][   T23] audit: type=1326 audit(1738794452.260:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.775968][ T7157] fuse: Invalid rootmode
[  644.803203][   T23] audit: type=1326 audit(1738794452.260:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.828634][   T23] audit: type=1326 audit(1738794452.260:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.851871][ T1266] cdc_ncm 5-1:1.0: setting tx_max = 88
[  644.857191][   T23] audit: type=1326 audit(1738794452.260:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.859451][ T1266] cdc_ncm 5-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM, 42:42:42:42:42:42
[  644.881244][   T23] audit: type=1326 audit(1738794452.260:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.913331][   T23] audit: type=1326 audit(1738794452.260:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.936508][   T23] audit: type=1326 audit(1738794452.260:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.959566][   T23] audit: type=1326 audit(1738794452.260:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7152 comm="syz.2.1289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f820956dde9 code=0x7ffc0000
[  644.967433][ T7158] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,
[  644.993133][ T7157] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  645.013212][ T7157] EXT4-fs (loop1): external journal has bad superblock
[  645.050305][ T7158] fuse: Bad value for 'fd'
[  645.145196][  T700] usb 5-1: USB disconnect, device number 10
[  645.165091][  T700] cdc_ncm 5-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM
[  645.181015][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  645.299053][ T7182] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1292'.
[  645.324185][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  645.349475][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  645.388897][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  645.397056][ T1234] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  645.403777][ T1234] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  645.423163][ T1234] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  645.450312][ T7190] netlink: 'syz.4.1293': attribute type 5 has an invalid length.
[  645.459791][ T7190] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1293'.
[  645.529792][ T7181] F2FS-fs (loop1): invalid crc value
[  645.544320][ T7181] F2FS-fs (loop1): Found nat_bits in checkpoint
[  645.589496][ T7181] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  645.596246][ T7181] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  645.615519][ T7181] attempt to access beyond end of device
[  645.615519][ T7181] loop1: rw=2049, want=45104, limit=40427
[  645.626757][ T1234] cdc_ncm 4-1:1.0: setting tx_max = 88
[  645.991874][ T1234] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[  646.004092][ T1234] usb 4-1: USB disconnect, device number 22
[  646.009994][ T1234] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[  647.154041][ T7232] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  647.166995][ T7232] EXT4-fs (loop1): Unsupported blocksize for fs encryption
[  647.235099][ T7240] netlink: 'syz.0.1302': attribute type 4 has an invalid length.
[  647.345659][ T7246] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1301'.
[  647.666292][ T7249] netlink: 'syz.1.1304': attribute type 5 has an invalid length.
[  647.676447][ T7249] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1304'.
[  647.749441][ T7253] fuse: Bad value for 'fd'
[  648.430638][  T733] print_req_error: 29 callbacks suppressed
[  648.430650][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  648.449171][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  648.462109][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  648.484871][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  648.491627][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  648.505742][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  648.517076][ T2947] buffer_io_error: 18 callbacks suppressed
[  648.517084][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  648.535374][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  648.543595][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  648.550066][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  648.560697][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  648.572069][ T7268] fuse: Bad value for 'fd'
[  648.589531][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  648.611833][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  648.631371][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  648.653535][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  648.671548][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  648.685471][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  648.712635][ T7262] F2FS-fs (loop0): invalid crc value
[  648.776560][ T7262] F2FS-fs (loop0): Found nat_bits in checkpoint
[  648.802965][ T7262] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  648.809613][ T7262] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  648.830447][ T7264] F2FS-fs (loop4): invalid crc value
[  648.837070][ T7264] F2FS-fs (loop4): Found nat_bits in checkpoint
[  648.968051][ T7268] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  649.015959][ T7264] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  649.019537][ T7268] EXT4-fs (loop2): external journal has bad superblock
[  649.035728][ T7264] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  649.096920][ T7264] attempt to access beyond end of device
[  649.096920][ T7264] loop4: rw=2049, want=45104, limit=40427
[  649.309172][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  649.318710][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  649.331753][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  649.375661][  T940] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  649.717635][  T677] attempt to access beyond end of device
[  649.717635][  T677] loop0: rw=2049, want=45104, limit=40427
[  649.753724][ T7293] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  649.772507][ T7293] EXT4-fs (loop1): Unsupported blocksize for fs encryption
[  649.885770][  T940] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  650.135805][  T940] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  650.158236][  T940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.162894][ T7301] netlink: 'syz.1.1316': attribute type 5 has an invalid length.
[  650.166316][  T940] usb 4-1: Product: syz
[  650.175518][ T7301] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1316'.
[  650.185667][  T940] usb 4-1: Manufacturer: syz
[  650.334437][  T940] usb 4-1: SerialNumber: syz
[  650.480403][ T7309] netlink: 'syz.1.1318': attribute type 4 has an invalid length.
[  651.546112][  T940] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  651.553545][  T940] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  651.638104][  T940] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  651.765743][  T940] cdc_ncm 4-1:1.0: setting tx_max = 88
[  651.774578][  T940] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[  651.798654][  T940] usb 4-1: USB disconnect, device number 23
[  651.855169][  T940] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[  652.786798][ T7337] F2FS-fs (loop4): invalid crc value
[  653.139767][ T7337] F2FS-fs (loop4): Found nat_bits in checkpoint
[  653.269527][ T7337] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  653.292242][ T7337] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  653.332931][ T7337] attempt to access beyond end of device
[  653.332931][ T7337] loop4: rw=2049, want=45104, limit=40427
[  653.405658][ T3676] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  653.718761][ T2950] print_req_error: 57 callbacks suppressed
[  653.718774][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  653.735666][ T3676] usb 2-1: Using ep0 maxpacket: 32
[  653.779108][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  653.791244][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  653.832643][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  653.843756][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  653.855869][ T3676] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  653.870246][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  653.880999][ T2950] buffer_io_error: 38 callbacks suppressed
[  653.881008][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  653.906421][ T3676] usb 2-1: config 0 has no interface number 0
[  653.949446][ T7385] F2FS-fs (loop0): invalid crc value
[  653.956469][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  653.964658][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  653.981647][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  653.990826][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  654.053251][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  654.066330][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  654.076386][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  654.087244][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  654.095124][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  654.106010][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  654.116709][ T7385] F2FS-fs (loop0): Found nat_bits in checkpoint
[  654.152948][ T7385] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  654.160289][ T7385] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  654.185831][ T3676] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  654.208899][ T3676] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.216977][ T3676] usb 2-1: Product: syz
[  654.220961][ T3676] usb 2-1: Manufacturer: syz
[  654.225388][ T3676] usb 2-1: SerialNumber: syz
[  654.238021][ T3676] usb 2-1: config 0 descriptor??
[  654.268022][ T7385] attempt to access beyond end of device
[  654.268022][ T7385] loop0: rw=2049, want=45104, limit=40427
[  654.286245][ T3676] smsc95xx v1.0.6
[  654.602426][ T1234] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  654.615451][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  654.625717][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  654.631838][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  654.745734][ T3676] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  654.762428][ T3676] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  655.015725][ T1234] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  655.040953][ T7355] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1326'.
[  655.105776][ T3676] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  655.125724][ T3676] smsc95xx: probe of 2-1:0.67 failed with error -71
[  655.139271][ T3676] usb 2-1: USB disconnect, device number 21
[  655.215344][ T1234] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  655.225326][ T1234] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.233368][ T1234] usb 5-1: Product: syz
[  655.237484][ T1234] usb 5-1: Manufacturer: syz
[  655.241869][ T1234] usb 5-1: SerialNumber: syz
[  655.486920][  T700] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  655.896131][  T700] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  656.039221][ T7434] netlink: 'syz.3.1340': attribute type 5 has an invalid length.
[  656.047436][ T7434] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1340'.
[  656.119954][  T700] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  656.128878][  T700] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.136667][  T700] usb 3-1: Product: syz
[  656.140626][  T700] usb 3-1: Manufacturer: syz
[  656.145051][  T700] usb 3-1: SerialNumber: syz
[  656.177501][ T7405] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1333'.
[  657.265675][   T23] kauditd_printk_skb: 43 callbacks suppressed
[  657.265684][   T23] audit: type=1326 audit(1738794464.790:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7404 comm="syz.4.1333" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0e85576de9 code=0x0
[  657.325760][ T1234] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  657.335683][ T1234] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  657.345831][ T1234] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  657.645735][ T1234] cdc_ncm 5-1:1.0: setting tx_max = 88
[  657.654578][ T1234] cdc_ncm 5-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM, 42:42:42:42:42:42
[  657.675085][ T1234] usb 5-1: USB disconnect, device number 11
[  657.684096][ T1234] cdc_ncm 5-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM
[  657.758261][ T7465] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  657.768792][   T23] audit: type=1326 audit(1738794465.300:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.769048][ T7465] EXT4-fs (loop4): Unsupported blocksize for fs encryption
[  657.803372][   T23] audit: type=1326 audit(1738794465.300:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.826949][   T23] audit: type=1326 audit(1738794465.330:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.850353][   T23] audit: type=1326 audit(1738794465.330:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.874038][   T23] audit: type=1326 audit(1738794465.330:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.898235][   T23] audit: type=1326 audit(1738794465.330:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.921644][   T23] audit: type=1326 audit(1738794465.330:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.945119][   T23] audit: type=1326 audit(1738794465.330:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.969980][   T23] audit: type=1326 audit(1738794465.330:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7467 comm="syz.1.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c1607ede9 code=0x7ffc0000
[  657.995685][ T7468] fuse: Bad value for 'fd'
[  658.042403][ T7459] F2FS-fs (loop3): invalid crc value
[  658.052524][  T700] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  658.111575][ T7473] netlink: 'syz.0.1352': attribute type 5 has an invalid length.
[  658.120660][  T700] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  658.129539][  T700] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  658.142393][ T7473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1352'.
[  658.151724][ T7475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1351'.
[  658.158818][ T7459] F2FS-fs (loop3): Found nat_bits in checkpoint
[  658.224005][ T7482] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  658.242939][ T7482] ext4 filesystem being mounted at /269/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  658.275743][  T700] cdc_ncm 3-1:1.0: setting tx_max = 88
[  658.283779][  T700] cdc_ncm 3-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  658.325037][  T700] usb 3-1: USB disconnect, device number 19
[  658.479479][  T700] cdc_ncm 3-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  658.534935][ T7459] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  658.547689][ T7459] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  658.562964][ T7459] attempt to access beyond end of device
[  658.562964][ T7459] loop3: rw=2049, want=45104, limit=40427
[  658.911671][  T733] print_req_error: 20 callbacks suppressed
[  658.911687][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  658.931297][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  658.938729][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  658.946603][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  658.953013][  T733] buffer_io_error: 11 callbacks suppressed
[  658.953021][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  658.969724][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  658.978216][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  658.995582][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  658.999207][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  659.081981][ T7497] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  659.094888][ T7497] ext4 filesystem being mounted at /262/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  659.141902][ T7505] fuse: Bad value for 'fd'
[  659.235715][ T1266] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  659.715669][ T1266] usb 5-1: Using ep0 maxpacket: 32
[  659.835732][ T1266] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  659.843663][ T1266] usb 5-1: config 0 has no interface number 0
[  660.025740][ T1266] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  660.034612][ T1266] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.042571][ T1266] usb 5-1: Product: syz
[  660.046800][ T1266] usb 5-1: Manufacturer: syz
[  660.051411][ T1266] usb 5-1: SerialNumber: syz
[  660.060223][ T1266] usb 5-1: config 0 descriptor??
[  660.196106][ T1266] smsc95xx v1.0.6
[  660.374573][ T7526] fuse: Bad value for 'fd'
[  660.416964][ T7529] netlink: 'syz.1.1364': attribute type 5 has an invalid length.
[  660.425152][ T7529] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1364'.
[  660.665733][ T1266] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  660.676306][ T1266] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  660.752282][ T7534] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1365'.
[  660.872016][ T2947] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  660.885922][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  660.898715][ T2948] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  660.910017][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  660.920781][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  660.928600][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  660.941921][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  660.960987][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  660.969009][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  660.977353][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  660.979451][ T7498] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1355'.
[  660.985215][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  661.097480][ T1266] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  661.125806][ T1266] smsc95xx: probe of 5-1:0.67 failed with error -71
[  661.242576][ T1266] usb 5-1: USB disconnect, device number 12
[  661.528168][ T7544] F2FS-fs (loop2): invalid crc value
[  661.545973][  T700] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  661.653913][ T7544] F2FS-fs (loop2): Found nat_bits in checkpoint
[  661.685130][ T7544] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  661.691788][ T7544] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  661.708006][ T7544] attempt to access beyond end of device
[  661.708006][ T7544] loop2: rw=2049, want=45104, limit=40427
[  661.735806][ T7556] fuse: Bad value for 'fd'
[  662.065776][  T700] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  662.287078][  T700] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  662.297264][  T700] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.309373][  T700] usb 4-1: Product: syz
[  662.313346][  T700] usb 4-1: Manufacturer: syz
[  662.318505][  T700] usb 4-1: SerialNumber: syz
[  662.436244][ T7572] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1373'.
[  662.656073][ T3676] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  662.950280][ T7574] F2FS-fs (loop4): invalid crc value
[  662.958474][ T7574] F2FS-fs (loop4): Found nat_bits in checkpoint
[  662.982008][ T7574] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  662.988763][ T7574] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  663.013996][ T7574] attempt to access beyond end of device
[  663.013996][ T7574] loop4: rw=2049, want=45104, limit=40427
[  663.025898][ T3676] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  663.128048][ T7582] netlink: 'syz.0.1376': attribute type 5 has an invalid length.
[  663.136523][ T7582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1376'.
[  663.355781][ T3676] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  663.364677][ T3676] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.372775][ T3676] usb 3-1: Product: syz
[  663.380638][ T3676] usb 3-1: Manufacturer: syz
[  663.385152][ T3676] usb 3-1: SerialNumber: syz
[  663.665784][  T700] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  663.672119][  T700] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  663.679798][  T700] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  663.885724][  T700] cdc_ncm 4-1:1.0: setting tx_max = 88
[  663.899174][  T700] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[  663.947945][  T700] usb 4-1: USB disconnect, device number 24
[  663.953961][  T700] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[  664.064071][ T7599] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1379'.
[  664.433906][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1383'.
[  664.558362][ T7570] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1372'.
[  664.820639][   T23] kauditd_printk_skb: 50 callbacks suppressed
[  664.820648][   T23] audit: type=1326 audit(1738794472.350:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7569 comm="syz.2.1372" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f820956dde9 code=0x0
[  664.885755][ T3676] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  664.887934][ T7605] F2FS-fs (loop1): invalid crc value
[  664.899809][ T3676] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  664.919773][ T7605] F2FS-fs (loop1): Found nat_bits in checkpoint
[  664.958130][ T3676] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  664.994152][ T7605] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  665.015982][ T7605] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  665.058864][ T7605] attempt to access beyond end of device
[  665.058864][ T7605] loop1: rw=2049, want=45104, limit=40427
[  665.598894][  T733] print_req_error: 26 callbacks suppressed
[  665.598906][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  665.643658][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  665.654826][ T3676] cdc_ncm 3-1:1.0: setting tx_max = 88
[  665.658120][ T2948] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  665.669286][ T3676] cdc_ncm 3-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  665.675403][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  665.684261][ T7634] netlink: 'syz.2.1388': attribute type 5 has an invalid length.
[  665.692484][ T2948] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  665.710166][ T3676] usb 3-1: USB disconnect, device number 20
[  665.717069][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  665.730467][ T3676] cdc_ncm 3-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  665.740739][  T733] buffer_io_error: 14 callbacks suppressed
[  665.740747][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  665.761879][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  665.778691][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  665.789347][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  665.800189][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  665.808128][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  665.818990][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  665.827110][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  665.893607][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  665.902336][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  665.913186][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  665.924621][ T7634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1388'.
[  666.858111][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  666.868663][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  666.876341][  T733] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  667.106239][ T7662] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1395'.
[  667.323968][ T7652] F2FS-fs (loop4): invalid crc value
[  667.372027][ T7665] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:455: comm syz.0.1397: Invalid block bitmap block 0 in block_group 0
[  667.386817][ T7665] Quota error (device loop0): write_blk: dquota write failed
[  667.394052][ T7665] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  667.404187][ T7665] EXT4-fs error (device loop0): ext4_free_blocks:4795: comm syz.0.1397: Freeing blocks not in datazone - block = 0, count = 4096
[  667.419783][ T7665] EXT4-fs error (device loop0): ext4_read_inode_bitmap:134: comm syz.0.1397: Invalid inode bitmap blk 0 in block_group 0
[  667.433209][ T7665] EXT4-fs error (device loop0) in ext4_free_inode:352: Corrupt filesystem
[  667.441901][  T708] Quota error (device loop0): remove_tree: Getting block too big (0 >= 9)
[  667.451399][ T7665] EXT4-fs (loop0): 1 orphan inode deleted
[  667.457077][ T7665] EXT4-fs (loop0): mounted filesystem without journal. Opts: ��; ,errors=continue
[  667.720482][ T7652] F2FS-fs (loop4): Found nat_bits in checkpoint
[  668.188383][ T7652] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  668.195175][ T7652] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  668.255994][ T7676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1389'.
[  668.300126][ T7652] attempt to access beyond end of device
[  668.300126][ T7652] loop4: rw=2049, want=45104, limit=40427
[  668.814154][ T1266] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  668.996149][ T7682] F2FS-fs (loop1): invalid crc value
[  669.010891][ T7682] F2FS-fs (loop1): Found nat_bits in checkpoint
[  669.039797][ T7682] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  669.046439][ T7682] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  669.067304][ T7682] attempt to access beyond end of device
[  669.067304][ T7682] loop1: rw=2049, want=45104, limit=40427
[  669.363233][ T7701] netlink: 'syz.0.1403': attribute type 5 has an invalid length.
[  669.371614][ T7701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1403'.
[  669.466366][ T1266] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  669.730119][ T1266] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  669.786072][ T1266] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.826292][ T1266] usb 3-1: Product: syz
[  669.857358][ T1266] usb 3-1: Manufacturer: syz
[  669.882735][ T1266] usb 3-1: SerialNumber: syz
[  670.775066][ T7706] F2FS-fs (loop4): invalid crc value
[  670.813376][ T7706] F2FS-fs (loop4): Found nat_bits in checkpoint
[  670.935980][   T23] audit: type=1326 audit(1738794478.470:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  670.961547][   T23] audit: type=1326 audit(1738794478.470:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  670.972611][ T7706] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  670.985040][   T23] audit: type=1326 audit(1738794478.490:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  670.991459][ T7706] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  671.014338][   T23] audit: type=1326 audit(1738794478.490:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  671.036247][ T7706] attempt to access beyond end of device
[  671.036247][ T7706] loop4: rw=2049, want=45104, limit=40427
[  671.044513][   T23] audit: type=1326 audit(1738794478.490:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  671.061006][ T7731] fuse: Bad value for 'fd'
[  671.116581][   T23] audit: type=1326 audit(1738794478.490:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  671.144911][   T23] audit: type=1326 audit(1738794478.490:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  671.174930][   T23] audit: type=1326 audit(1738794478.490:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  671.199022][   T23] audit: type=1326 audit(1738794478.490:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  671.662897][   T23] audit: type=1326 audit(1738794478.490:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7728 comm="syz.3.1409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f760da69de9 code=0x7ffc0000
[  672.175104][ T7673] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1396'.
[  672.205799][ T1266] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  672.212289][ T1266] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  672.219795][ T1266] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  672.289027][ T7748] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  672.299141][ T7748] EXT4-fs (loop3): Unsupported blocksize for fs encryption
[  672.417812][ T7753] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1415'.
[  672.905825][ T1266] cdc_ncm 3-1:1.0: setting tx_max = 88
[  672.921019][ T1266] cdc_ncm 3-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  672.943994][ T7767] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1420'.
[  673.198366][ T1266] usb 3-1: USB disconnect, device number 21
[  673.353687][ T2947] print_req_error: 20 callbacks suppressed
[  673.353700][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  673.358073][ T1266] cdc_ncm 3-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  673.361414][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  673.391316][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  673.402710][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  673.413412][ T2947] buffer_io_error: 11 callbacks suppressed
[  673.413421][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  673.431525][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  673.504271][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  673.530738][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  673.546597][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  673.553654][ T7781] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1421'.
[  673.557801][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  673.576675][ T7783] fuse: Bad value for 'fd'
[  673.588332][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  673.612217][ T7787] netlink: 'syz.3.1424': attribute type 5 has an invalid length.
[  673.620479][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  673.648003][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  673.663506][ T7787] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1424'.
[  673.672499][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  673.693726][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  673.737242][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  673.752012][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  673.771676][ T7764] F2FS-fs (loop0): invalid crc value
[  673.866595][ T7764] F2FS-fs (loop0): Found nat_bits in checkpoint
[  673.985167][ T7764] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  674.026187][ T7764] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  674.113089][ T7764] attempt to access beyond end of device
[  674.113089][ T7764] loop0: rw=2049, want=45104, limit=40427
[  674.328147][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  674.329985][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  674.370874][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  674.477450][ T7828] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1427'.
[  675.560284][ T7851] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  675.571453][ T7851] ext4 filesystem being mounted at /285/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  675.736472][ T3676] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  675.890085][ T7864] netlink: 'syz.3.1436': attribute type 5 has an invalid length.
[  675.898665][ T7864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1436'.
[  675.976949][ T7870] netlink: 'syz.4.1438': attribute type 4 has an invalid length.
[  676.036974][ T7867] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  676.069162][ T7867] EXT4-fs (loop0): Unsupported blocksize for fs encryption
[  676.185764][ T1103] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  676.195751][ T3676] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  676.385753][ T3676] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  676.404750][ T3676] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.434985][ T3676] usb 3-1: Product: syz
[  676.439147][ T3676] usb 3-1: Manufacturer: syz
[  676.443537][ T3676] usb 3-1: SerialNumber: syz
[  676.455644][ T1103] usb 4-1: Using ep0 maxpacket: 32
[  676.507095][ T7879] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1439'.
[  676.575711][ T1103] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  676.588138][ T1103] usb 4-1: config 0 has no interface number 0
[  676.765721][ T1103] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  676.777808][ T1103] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.794246][ T1103] usb 4-1: Product: syz
[  676.802621][ T1103] usb 4-1: Manufacturer: syz
[  676.827935][ T1103] usb 4-1: SerialNumber: syz
[  676.833528][ T1103] usb 4-1: config 0 descriptor??
[  676.886327][ T1103] smsc95xx v1.0.6
[  677.195737][ T1266] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  677.345780][ T1103] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  677.365679][ T1103] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  677.435662][ T1266] usb 5-1: Using ep0 maxpacket: 32
[  677.575728][ T1266] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  677.585722][ T1266] usb 5-1: config 0 has no interface number 0
[  677.617286][ T7866] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1437'.
[  677.635865][ T1103] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  677.652616][ T1103] smsc95xx: probe of 4-1:0.67 failed with error -71
[  677.668350][ T1103] usb 4-1: USB disconnect, device number 25
[  677.729602][ T7849] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1432'.
[  677.787764][ T1266] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  677.805759][ T3676] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  677.812020][ T3676] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  677.825659][ T3676] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  677.838901][ T1266] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.847086][ T1266] usb 5-1: Product: syz
[  677.852814][ T1266] usb 5-1: Manufacturer: syz
[  677.857579][ T1266] usb 5-1: SerialNumber: syz
[  677.862794][ T1266] usb 5-1: config 0 descriptor??
[  677.906348][ T1266] smsc95xx v1.0.6
[  677.927186][ T7896] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  677.936347][ T7896] ext4 filesystem being mounted at /287/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  678.225928][ T3676] cdc_ncm 3-1:1.0: setting tx_max = 88
[  678.235177][ T3676] cdc_ncm 3-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  678.325745][ T1266] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  678.337362][ T1266] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  678.549827][ T1103] usb 3-1: USB disconnect, device number 22
[  678.561209][ T1103] cdc_ncm 3-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  678.670671][ T7939] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1440'.
[  678.695746][ T1266] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  678.706623][ T1266] smsc95xx: probe of 5-1:0.67 failed with error -71
[  678.716545][ T1266] usb 5-1: USB disconnect, device number 13
[  679.017065][ T7943] netlink: 'syz.3.1448': attribute type 5 has an invalid length.
[  679.025173][ T7943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1448'.
[  679.120599][ T3676] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  679.128932][  T733] print_req_error: 30 callbacks suppressed
[  679.128944][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  679.150299][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  679.151044][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  679.161606][  T733] buffer_io_error: 18 callbacks suppressed
[  679.161615][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  679.176125][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  679.177980][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  679.207586][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  679.207664][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  679.226965][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  679.226974][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  679.228293][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  679.228352][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  679.228358][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  679.228407][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  679.228413][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  679.229917][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  679.229924][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  679.718579][ T7958] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  679.733519][ T7958] EXT4-fs (loop2): Unsupported blocksize for fs encryption
[  679.835759][ T3676] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  679.868734][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  679.952668][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  679.968067][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  680.078387][ T3676] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  680.080683][ T7965] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1455'.
[  680.089505][ T3676] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.127590][ T3676] usb 2-1: Product: syz
[  680.131593][ T3676] usb 2-1: Manufacturer: syz
[  680.136278][ T3676] usb 2-1: SerialNumber: syz
[  680.837394][ T7941] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1447'.
[  680.855695][ T3676] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS
[  680.861530][ T3676] cdc_ncm 2-1:1.0: bind() failure
[  680.868235][ T3676] cdc_ncm 2-1:1.1: bind() failure
[  680.900086][ T7980] netlink: 'syz.3.1460': attribute type 5 has an invalid length.
[  680.908402][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1460'.
[  681.315682][ T3676] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  681.326953][   T23] kauditd_printk_skb: 16 callbacks suppressed
[  681.326961][   T23] audit: type=1326 audit(1738794488.840:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7940 comm="syz.1.1447" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c1607ede9 code=0x0
[  681.369738][ T1103] usb 2-1: USB disconnect, device number 22
[  681.493759][ T7997] fuse: Bad value for 'fd'
[  681.785718][ T3676] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  681.879906][ T8004] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1467'.
[  681.955744][ T3676] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  681.964630][ T3676] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.972436][ T3676] usb 4-1: Product: syz
[  681.976416][ T3676] usb 4-1: Manufacturer: syz
[  681.980814][ T3676] usb 4-1: SerialNumber: syz
[  682.165661][ T1234] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  682.228251][ T8009] fuse: Unknown parameter 'fd0x000000000000000a'
[  682.266961][ T8009] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  682.275200][ T8009] EXT4-fs (loop4): external journal has bad superblock
[  682.405674][ T1234] usb 3-1: Using ep0 maxpacket: 32
[  682.461505][ T8014] netlink: 'syz.1.1471': attribute type 5 has an invalid length.
[  682.469893][ T8014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1471'.
[  682.489974][ T8016] netlink: 'syz.1.1472': attribute type 4 has an invalid length.
[  682.715767][ T1234] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  682.733911][ T1234] usb 3-1: config 0 has no interface number 0
[  682.895741][ T1234] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  682.904581][ T1234] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.912654][ T1234] usb 3-1: Product: syz
[  682.916886][ T1234] usb 3-1: Manufacturer: syz
[  682.921280][ T1234] usb 3-1: SerialNumber: syz
[  682.930125][ T1234] usb 3-1: config 0 descriptor??
[  682.967556][ T1234] smsc95xx v1.0.6
[  683.158486][ T7983] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1461'.
[  683.175819][ T3676] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  683.183173][ T3676] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  683.199359][ T3676] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  683.405735][ T1234] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  683.537677][ T8023] F2FS-fs (loop0): invalid crc value
[  683.544898][ T1234] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  683.560971][ T8023] F2FS-fs (loop0): Found nat_bits in checkpoint
[  683.593971][ T3676] cdc_ncm 4-1:1.0: setting tx_max = 88
[  683.635507][ T8023] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  683.643075][ T8023] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  683.727742][ T3676] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[  683.760324][ T8023] attempt to access beyond end of device
[  683.760324][ T8023] loop0: rw=2049, want=45104, limit=40427
[  683.789213][ T3676] usb 4-1: USB disconnect, device number 26
[  683.796481][ T3676] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[  683.825721][ T1234] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  683.836986][ T1234] smsc95xx: probe of 3-1:0.67 failed with error -71
[  683.869585][ T1234] usb 3-1: USB disconnect, device number 23
[  684.286283][ T8072] fuse: Bad value for 'fd'
[  684.753431][ T8074] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm syz.4.1476: Invalid block bitmap block 0 in block_group 0
[  684.767630][ T8074] Quota error (device loop4): write_blk: dquota write failed
[  684.774864][ T8074] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  684.785328][ T8074] EXT4-fs error (device loop4): ext4_free_blocks:4795: comm syz.4.1476: Freeing blocks not in datazone - block = 0, count = 4096
[  684.855162][ T8074] EXT4-fs error (device loop4): ext4_read_inode_bitmap:134: comm syz.4.1476: Invalid inode bitmap blk 0 in block_group 0
[  684.909518][ T8074] EXT4-fs error (device loop4) in ext4_free_inode:352: Corrupt filesystem
[  685.002985][  T695] Quota error (device loop4): remove_tree: Getting block too big (0 >= 9)
[  685.019606][ T8082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1479'.
[  685.053180][ T8074] EXT4-fs (loop4): 1 orphan inode deleted
[  685.058810][ T8074] EXT4-fs (loop4): mounted filesystem without journal. Opts: ��; ,errors=continue
[  685.522855][  T733] print_req_error: 49 callbacks suppressed
[  685.522868][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  685.622455][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  685.631527][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  685.644592][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  685.653865][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  685.655203][ T2947] buffer_io_error: 32 callbacks suppressed
[  685.655211][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  685.667790][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  685.680737][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  685.701064][ T8085] netlink: 'syz.1.1480': attribute type 4 has an invalid length.
[  685.718379][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  685.726463][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  685.737360][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  685.745914][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  685.757131][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  685.776630][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  685.787599][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  685.795494][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  685.806437][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  685.844037][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  685.845143][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  685.861798][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  685.990957][ T8100] netlink: 'syz.4.1483': attribute type 5 has an invalid length.
[  686.001415][ T8100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1483'.
[  687.475762][ T1266] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  687.659888][ T8138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1494'.
[  687.710805][ T8142] netlink: 'syz.2.1496': attribute type 5 has an invalid length.
[  687.736935][ T8142] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1496'.
[  687.749166][ T8140] netlink: 'syz.3.1495': attribute type 4 has an invalid length.
[  688.245760][ T1266] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  688.355674][ T1234] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  688.369767][ T8151] F2FS-fs (loop0): invalid crc value
[  688.381178][ T8151] F2FS-fs (loop0): Found nat_bits in checkpoint
[  688.404610][ T8151] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  688.411366][ T8151] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  688.425743][ T1266] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  688.434799][ T1266] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.441829][ T8151] attempt to access beyond end of device
[  688.441829][ T8151] loop0: rw=2049, want=45104, limit=40427
[  688.442968][ T1266] usb 2-1: Product: syz
[  688.457657][ T1266] usb 2-1: Manufacturer: syz
[  688.462104][ T1266] usb 2-1: SerialNumber: syz
[  688.735724][ T1234] usb 5-1: Using ep0 maxpacket: 32
[  688.855750][ T1234] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  688.863710][ T1234] usb 5-1: config 0 has no interface number 0
[  688.995672][ T3676] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  689.025747][ T1234] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  689.034590][ T1234] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.042602][ T1234] usb 5-1: Product: syz
[  689.046603][ T1234] usb 5-1: Manufacturer: syz
[  689.051008][ T1234] usb 5-1: SerialNumber: syz
[  689.056209][ T1234] usb 5-1: config 0 descriptor??
[  689.126496][ T1234] smsc95xx v1.0.6
[  689.440384][ T3676] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  689.565572][ T8170] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  689.574452][ T8170] ext4 filesystem being mounted at /273/file0 supports timestamps until (%ptR?) (0x7fffffff)
[  689.575750][ T1234] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  689.598074][ T1234] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  689.625828][ T3676] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  689.644921][ T3676] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.653170][ T3676] usb 3-1: Product: syz
[  689.656898][ T8128] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1490'.
[  689.658739][ T8176] fuse: Bad value for 'fd'
[  689.676478][ T3676] usb 3-1: Manufacturer: syz
[  689.681003][ T3676] usb 3-1: SerialNumber: syz
[  689.717477][ T8179] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1504'.
[  689.735748][ T1266] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  689.742914][ T1266] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  689.794476][ T1266] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  689.916318][ T8132] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1492'.
[  689.945767][ T1234] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  689.956467][ T1234] smsc95xx: probe of 5-1:0.67 failed with error -71
[  689.971179][ T1234] usb 5-1: USB disconnect, device number 14
[  690.165748][ T1266] cdc_ncm 2-1:1.0: setting tx_max = 88
[  690.174194][ T1266] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  690.376463][ T1234] usb 2-1: USB disconnect, device number 23
[  690.395787][ T1234] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  690.598224][ T8163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1500'.
[  690.623551][ T8212] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1507'.
[  690.692050][ T8215] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  690.702485][ T8215] EXT4-fs (loop3): Unsupported blocksize for fs encryption
[  690.740425][ T8218] fuse: Invalid rootmode
[  690.790195][ T8218] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  690.798566][ T8218] EXT4-fs (loop4): external journal has bad superblock
[  691.105551][ T3676] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[  691.111939][ T3676] cdc_ncm 3-1:1.0: bind() failure
[  691.118713][ T3676] cdc_ncm 3-1:1.1: bind() failure
[  691.148892][ T1266] usb 3-1: USB disconnect, device number 24
[  691.157533][ T8230] fuse: Unknown parameter 'fd0x000000000000000a'
[  691.226533][ T8227] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  691.234740][ T8227] EXT4-fs (loop1): external journal has bad superblock
[  691.319503][  T733] print_req_error: 59 callbacks suppressed
[  691.319517][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  691.322908][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  691.325224][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  691.338944][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  691.360061][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  691.379620][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  691.392582][  T733] buffer_io_error: 39 callbacks suppressed
[  691.392591][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  691.406782][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  691.485786][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  691.493049][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  691.497588][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  691.514723][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  691.525768][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  691.533772][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  691.544667][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  691.553002][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  691.563912][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  691.674794][ T1266] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  691.805753][ T8249] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  691.816274][ T8249] EXT4-fs (loop0): Unsupported blocksize for fs encryption
[  692.671683][ T8264] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1519'.
[  692.735768][ T1266] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  693.116363][ T1266] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  693.131218][ T1266] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.140314][ T1266] usb 3-1: Product: syz
[  693.144361][ T1266] usb 3-1: Manufacturer: syz
[  693.148762][ T1266] usb 3-1: SerialNumber: syz
[  693.205684][ T1234] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  693.445681][ T1234] usb 4-1: Using ep0 maxpacket: 32
[  693.585749][ T1234] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  693.593667][ T1234] usb 4-1: config 0 has no interface number 0
[  693.785748][ T1103] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  693.905754][ T1234] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  693.914653][ T1234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.922460][ T1234] usb 4-1: Product: syz
[  693.926439][ T1234] usb 4-1: Manufacturer: syz
[  693.930830][ T1234] usb 4-1: SerialNumber: syz
[  693.936078][ T1234] usb 4-1: config 0 descriptor??
[  693.976157][ T1234] smsc95xx v1.0.6
[  694.145805][ T1103] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  694.275758][ T1266] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  694.282100][ T1266] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  694.289310][ T1266] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  694.315765][ T1103] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  694.324616][ T1103] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.332441][ T1103] usb 2-1: Product: syz
[  694.336465][ T1103] usb 2-1: Manufacturer: syz
[  694.340819][ T1103] usb 2-1: SerialNumber: syz
[  694.395760][ T1234] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  694.406328][ T1234] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  694.451460][ T8285] netlink: 'syz.4.1525': attribute type 5 has an invalid length.
[  694.459812][ T8285] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1525'.
[  694.513763][ T1266] cdc_ncm 3-1:1.0: setting tx_max = 88
[  694.521249][ T1266] cdc_ncm 3-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[  694.722392][ T3676] usb 3-1: USB disconnect, device number 25
[  694.729136][ T3676] cdc_ncm 3-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[  694.740367][ T8270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1520'.
[  694.755843][ T1234] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  694.771406][ T1234] smsc95xx: probe of 4-1:0.67 failed with error -71
[  694.790215][ T1234] usb 4-1: USB disconnect, device number 27
[  695.235141][ T8319] netlink: 'syz.2.1527': attribute type 4 has an invalid length.
[  695.237180][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  695.244105][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  695.258581][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  695.497648][ T8278] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1523'.
[  695.618717][ T1103] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  695.694223][ T1103] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  695.702402][ T1103] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  696.056568][ T8337] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1531'.
[  696.624297][ T1103] cdc_ncm 2-1:1.0: setting tx_max = 88
[  696.632941][ T1103] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  696.878431][ T1103] usb 2-1: USB disconnect, device number 24
[  696.887067][ T1103] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  697.085583][ T8362] netlink: 'syz.3.1535': attribute type 5 has an invalid length.
[  697.315356][ T8362] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1535'.
[  697.378201][  T733] print_req_error: 20 callbacks suppressed
[  697.378213][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  697.397253][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  697.410550][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  697.437089][ T2950] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  697.453964][ T2947] blk_update_request: I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  697.465770][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  697.476477][ T2950] buffer_io_error: 11 callbacks suppressed
[  697.476485][ T2950] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  697.489925][ T2947] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  697.499524][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  697.507586][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  697.533483][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  697.543218][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  697.569593][ T8378] ==================================================================
[  697.577496][ T8378] BUG: KASAN: use-after-free in __ext4_iget+0x384/0x4330
[  697.580557][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  697.584332][ T8378] Read of size 8 at addr ffff8881d2ccbb20 by task syz.3.1539/8378
[  697.592760][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  697.599771][ T8378] 
[  697.599794][ T8378] CPU: 0 PID: 8378 Comm: syz.3.1539 Not tainted 5.4.289-syzkaller-00030-gcb850525fc3e #0
[  697.599799][ T8378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  697.599801][ T8378] Call Trace:
[  697.599832][ T8378]  dump_stack+0x1d8/0x241
[  697.610914][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  697.612626][ T8378]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[  697.612638][ T8378]  ? printk+0xd1/0x111
[  697.622579][  T733] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  697.632162][ T8378]  ? __ext4_iget+0x384/0x4330
[  697.632172][ T8378]  print_address_description+0x8c/0x600
[  697.632183][ T8378]  ? _raw_spin_lock+0xa4/0x1b0
[  697.632192][ T8378]  ? _raw_spin_trylock_bh+0x190/0x190
[  697.632199][ T8378]  ? __ext4_iget+0x384/0x4330
[  697.632213][ T8378]  __kasan_report+0xf3/0x120
[  697.635988][  T733] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  697.639445][ T8378]  ? __ext4_iget+0x384/0x4330
[  697.639458][ T8378]  kasan_report+0x30/0x60
[  697.712619][ T8378]  __ext4_iget+0x384/0x4330
[  697.716953][ T8378]  ? idr_replace+0x230/0x230
[  697.721373][ T8378]  ? ext4_get_projid+0x140/0x140
[  697.726146][ T8378]  ? _raw_write_lock+0xa4/0x170
[  697.730831][ T8378]  ? __proc_create+0x65a/0xa00
[  697.735434][ T8378]  ext4_enable_quotas+0x528/0x940
[  697.740295][ T8378]  ? ext4_fill_flex_info+0x5e0/0x5e0
[  697.745411][ T8378]  ? proc_create+0x230/0x230
[  697.749841][ T8378]  ? ext4_fill_flex_info+0x53b/0x5e0
[  697.754960][ T8378]  ? ext4_register_sysfs+0x1d9/0x210
[  697.760080][ T8378]  ext4_fill_super+0x84f0/0x8d90
[  697.764861][ T8378]  ? ext4_mount+0x40/0x40
[  697.769026][ T8378]  ? vscnprintf+0x80/0x80
[  697.773189][ T8378]  mount_bdev+0x267/0x370
[  697.777354][ T8378]  ? ext4_mount+0x40/0x40
[  697.781520][ T8378]  legacy_get_tree+0xdf/0x170
[  697.786034][ T8378]  ? ext4_lazyinit_thread+0xc60/0xc60
[  697.791238][ T8378]  vfs_get_tree+0x85/0x260
[  697.795492][ T8378]  do_new_mount+0x292/0x570
[  697.799834][ T8378]  ? do_move_mount_old+0x160/0x160
[  697.804781][ T8378]  ? security_capable+0x86/0xb0
[  697.809467][ T8378]  do_mount+0x688/0xe10
[  697.813460][ T8378]  ? copy_mount_string+0x30/0x30
[  697.818235][ T8378]  ? copy_mount_options+0x1cd/0x300
[  697.823264][ T8378]  ? copy_mount_options+0x29a/0x300
[  697.828300][ T8378]  ksys_mount+0xc2/0xf0
[  697.832293][ T8378]  __x64_sys_mount+0xb1/0xc0
[  697.836722][ T8378]  do_syscall_64+0xca/0x1c0
[  697.841061][ T8378]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  697.846801][ T8378] RIP: 0033:0x7f760da6b58a
[  697.851042][ T8378] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.870481][ T8378] RSP: 002b:00007f760c0d3e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  697.878727][ T8378] RAX: ffffffffffffffda RBX: 00007f760c0d3ef0 RCX: 00007f760da6b58a
[  697.886536][ T8378] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 00007f760c0d3eb0
[  697.894348][ T8378] RBP: 0000200000000000 R08: 00007f760c0d3ef0 R09: 0000000000000000
[  697.902159][ T8378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000040
[  697.909972][ T8378] R13: 00007f760c0d3eb0 R14: 00000000000004bc R15: 00002000000001c0
[  697.917783][ T8378] 
[  697.919952][ T8378] Allocated by task 6767:
[  697.924123][ T8378]  __kasan_kmalloc+0x171/0x210
[  697.928722][ T8378]  kmem_cache_alloc+0xd9/0x250
[  697.933321][ T8378]  f2fs_alloc_inode+0x22/0x3c0
[  697.937920][ T8378]  iget_locked+0x143/0x790
[  697.942175][ T8378]  f2fs_iget+0x52/0x4cf0
[  697.946255][ T8378]  f2fs_fill_super+0x4d1b/0x8330
[  697.951024][ T8378]  mount_bdev+0x267/0x370
[  697.955191][ T8378]  legacy_get_tree+0xdf/0x170
[  697.959705][ T8378]  vfs_get_tree+0x85/0x260
[  697.963959][ T8378]  do_new_mount+0x292/0x570
[  697.968296][ T8378]  do_mount+0x688/0xe10
[  697.972287][ T8378]  ksys_mount+0xc2/0xf0
[  697.976287][ T8378]  __x64_sys_mount+0xb1/0xc0
[  697.980708][ T8378]  do_syscall_64+0xca/0x1c0
[  697.985049][ T8378]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  697.990774][ T8378] 
[  697.992943][ T8378] Freed by task 17:
[  697.996593][ T8378]  __kasan_slab_free+0x1b5/0x270
[  698.001368][ T8378]  kmem_cache_free+0x10b/0x2c0
[  698.005966][ T8378]  rcu_do_batch+0x492/0xa00
[  698.010305][ T8378]  rcu_core+0x4c8/0xcb0
[  698.014297][ T8378]  __do_softirq+0x23b/0x6b7
[  698.018633][ T8378] 
[  698.020807][ T8378] The buggy address belongs to the object at ffff8881d2ccb660
[  698.020807][ T8378]  which belongs to the cache f2fs_inode_cache of size 1264
[  698.035217][ T8378] The buggy address is located 1216 bytes inside of
[  698.035217][ T8378]  1264-byte region [ffff8881d2ccb660, ffff8881d2ccbb50)
[  698.048492][ T8378] The buggy address belongs to the page:
[  698.053979][ T8378] page:ffffea00074b3200 refcount:1 mapcount:0 mapping:ffff8881f0f8a280 index:0xffff8881d2ccd190 compound_mapcount: 0
[  698.066026][ T8378] flags: 0x8000000000010200(slab|head)
[  698.071325][ T8378] raw: 8000000000010200 0000000000000000 0000000100000001 ffff8881f0f8a280
[  698.079746][ T8378] raw: ffff8881d2ccd190 0000000080170001 00000001ffffffff 0000000000000000
[  698.088155][ T8378] page dumped because: kasan: bad access detected
[  698.094416][ T8378] page_owner tracks the page as allocated
[  698.099965][ T8378] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE)
[  698.117152][ T8378]  prep_new_page+0x18f/0x370
[  698.121574][ T8378]  get_page_from_freelist+0x2d13/0x2d90
[  698.126957][ T8378]  __alloc_pages_nodemask+0x393/0x840
[  698.132165][ T8378]  alloc_slab_page+0x39/0x3c0
[  698.136677][ T8378]  new_slab+0x97/0x440
[  698.140583][ T8378]  ___slab_alloc+0x2fe/0x490
[  698.145009][ T8378]  __slab_alloc+0x62/0xa0
[  698.149175][ T8378]  kmem_cache_alloc+0x109/0x250
[  698.153865][ T8378]  f2fs_alloc_inode+0x22/0x3c0
[  698.158463][ T8378]  iget_locked+0x143/0x790
[  698.162718][ T8378]  f2fs_iget+0x52/0x4cf0
[  698.166798][ T8378]  f2fs_fill_super+0x4d1b/0x8330
[  698.171568][ T8378]  mount_bdev+0x267/0x370
[  698.175734][ T8378]  legacy_get_tree+0xdf/0x170
[  698.180246][ T8378]  vfs_get_tree+0x85/0x260
[  698.184500][ T8378]  do_new_mount+0x292/0x570
[  698.188835][ T8378] page last free stack trace:
[  698.193353][ T8378]  free_unref_page_prepare+0x297/0x380
[  698.198651][ T8378]  free_unref_page_list+0x10a/0x590
[  698.203682][ T8378]  release_pages+0xad8/0xb20
[  698.208109][ T8378]  __pagevec_release+0xc3/0x150
[  698.212797][ T8378]  shmem_undo_range+0x8a5/0x1ad0
[  698.217569][ T8378]  shmem_evict_inode+0x218/0x9a0
[  698.222341][ T8378]  evict+0x4ea/0x960
[  698.226076][ T8378]  do_unlinkat+0x48e/0x8b0
[  698.230326][ T8378]  do_syscall_64+0xca/0x1c0
[  698.234666][ T8378]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  698.240392][ T8378] 
[  698.242560][ T8378] Memory state around the buggy address:
[  698.248034][ T8378]  ffff8881d2ccba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  698.255931][ T8378]  ffff8881d2ccba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  698.263828][ T8378] >ffff8881d2ccbb00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[  698.271724][ T8378]                                ^
[  698.276675][ T8378]  ffff8881d2ccbb80: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00
[  698.284571][ T8378]  ffff8881d2ccbc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  698.292468][ T8378] ==================================================================
[  698.300367][ T8378] Disabling lock debugging due to kernel taint
[  698.426191][ T8378] EXT4-fs warning (device loop3): ext4_enable_quotas:6100: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix.
[  698.523937][ T1103] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  698.542510][ T8378] EXT4-fs (loop3): mount failed
[  698.736634][ T8372] F2FS-fs (loop2): invalid crc value
[  698.746171][ T8372] F2FS-fs (loop2): Found nat_bits in checkpoint
[  698.783482][ T8372] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  698.790200][ T8372] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  698.885785][ T1103] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  699.066018][ T1103] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  699.088999][ T1103] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.099602][ T8407] attempt to access beyond end of device
[  699.099602][ T8407] loop2: rw=2049, want=45104, limit=40427
[  699.152917][ T1103] usb 2-1: Product: syz
[  699.177450][ T1103] usb 2-1: Manufacturer: syz
[  699.242012][ T1103] usb 2-1: SerialNumber: syz
[  699.474116][ T2950] Buffer I/O error on dev loop2p4, logical block 1, async page read
[  699.474130][ T2947] Buffer I/O error on dev loop2p3, logical block 0, async page read
[  699.483539][ T2948] Buffer I/O error on dev loop2p6, logical block 1, async page read
[  700.375730][ T1103] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  700.381972][ T1103] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  700.389272][ T1103] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  700.585788][ T1103] cdc_ncm 2-1:1.0: setting tx_max = 88
[  700.592736][ T1103] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  700.787886][ T1103] usb 2-1: USB disconnect, device number 25
[  700.805669][ T1103] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM