last executing test programs:

10m18.826807976s ago: executing program 32 (id=17):
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_aout(r4, &(0x7f00000002c0)=ANY=[], 0xc1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r4, 0x0)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_JOIN_FILTERS(r5, 0x65, 0x6, 0x0, &(0x7f00000000c0))

10m15.679730982s ago: executing program 33 (id=32):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x6, 0x10001, 0xd, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
rt_sigaction(0x1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
lseek(r5, 0x9, 0x0)

9m50.609509137s ago: executing program 34 (id=113):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000002700)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800007f0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r6}, 0x10)
write$selinux_user(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[], 0x34)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x800004, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000", @ANYBLOB="0000000000000000b708000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x2)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)

9m47.0619846s ago: executing program 4 (id=129):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="a85c00"/28], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r7 = openat$cgroup_procs(r6, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r7, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x53}, @call={0x85, 0x0, 0x0, 0x9e}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

9m45.431333553s ago: executing program 4 (id=131):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000000000000046, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x45, &(0x7f0000000300), 0x0, 0x0, 0x0, &(0x7f0000000380), 0x8, 0xf8, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x6, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', r3, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
bind$bt_hci(r4, &(0x7f0000000140), 0x6)
ioctl$sock_bt_hci(r4, 0x400448e6, &(0x7f0000000100))

9m33.831386143s ago: executing program 4 (id=169):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x90)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0})
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000740)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000002c0)={'batadv_slave_1\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000140)={0x1, r2})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000940))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)

9m32.725928568s ago: executing program 4 (id=171):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x451, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=")
mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x101091, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
fchdir(0xffffffffffffffff)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000180)=0x3, 0x2)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x88700a, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r6, &(0x7f000000c1c0)={0x2020}, 0x2020)

9m31.590799764s ago: executing program 4 (id=176):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='sched_switch\x00', r1}, 0x10)
openat$selinux_enforce(0xffffffffffffff9c, 0x0, 0x400800, 0x0)
syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="756e695f786c6174653d312c696f636861727365743d69a17707e859d35af809cabc3e7b83736f383835392d392c73686f72746e616d653d77696e6e742c636f6465706167653d313235352c757466383d302c636f6465706167653d3836332c756e695f786c6174653d302c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c726f6469722c726f6469722c696f636861727365743d6b6f69382d72752c00", @ANYRES32=0x0, @ANYRES64, @ANYBLOB=' \t', @ANYRES16], 0x81, 0x2c0, &(0x7f0000000a40)="$eJzs3c+KI0UYAPCve5KZjArJwZMINujB07C7T7CDjLA4JyUHvejiZkGTsJBAwD8Y9+Rd8OQ7+A4+gBffwINHwZt7EFuS7p50bxJnImNWdn6/S76u+r6u6prKBAZS89Gr4+GDR9OHj7/8JTqdJNK7cTeeJNGLNCpfBwDwPHmS5/F7nuYLl+W24jAi8m55le5hegDAf6D4/M+v9PkPADwf3nv/g3dOz8/P3s2yTsT4m1k/ieK16D99GJ/EKAZxK7rxZ0R+oYhfund+Fq0sq/4YMDuOfsT4w5/K69PfIpb1t6MbvafrD8usbCneGM9n/cXIi9d2vJBEnOZJkXInuvFyRN6O8ibFy9v3zs/uZOv10T+MN1//vpz/X4M4iW78/HE8ilE8WN5iVf/V7Sx7K//ujy+KJ+hHJPNZ/2iZt5If7OUHAgAAAAAAAAAAAAAAAAAAAADAjXCSXejVz8+pTgM8Odncv/V8oPKEn3ntfJ1bWZZVx/jM+u0o6lvxSitaz+7JAQAAAAAAAAAAAAAAAAAA4P9j+tnnw/uj0WDSCH7MF8FxM2dxuSm5DFq1lupr/VuTtwefLoLhDxE7VV05iINyaqOkMUSntibXMdbRLsnHmwaNdNsatkZRTP7b3Sf2WvMBk0uqqiXZcRGqsuH9JC5J7mzeJLWdWW3DyTT5x03bDPINS3ewteqw3pJecYhN93nx326b4/WFKt9F7YvFbFYttmy9pX3N75SnJNfy+wYAAAAAAAAAAAAAAAAAANhu9aXf+HWt8/EzmRIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7F31//+r68FkGr1ly6TqSlddZcu83pI2kteCo8l0mXvUGLa3vycEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgJvg7AAD//2w5Q3s=")
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r2}, 0x10)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_nanosleep(0x8, 0x0, &(0x7f0000000000)={0x0, 0x989680}, 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)

9m31.349724527s ago: executing program 35 (id=178):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000300)='./file0\x00', 0x10c0, 0x0, 0x0, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYBLOB='\x00\x00\x00', @ANYRES32, @ANYBLOB], 0x48)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000080)={0xf000, 0x0, 0x0, 0xffffffffffffffff, 0x39ea2b67c19ce5c2})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r5}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='mm_page_alloc\x00'}, 0x10)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406a05bb0000000000000109022401010000000009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000300)={0xfffffffffffffe22, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00220700000006a33006676e44"], 0x0}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000200060000000000", @ANYRES32, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="0400000000000001fdffffff00"/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xf, &(0x7f0000000540)=ANY=[@ANYBLOB="1505d5dc19c7e2d29445b8bfee15c20bb22973d4fc106f4c689f97532264c05ddc663462d29b86ccd2729ba97d847e54a52378cc8e7e34c4b850c2f6ebf2212c80fb42fbfa1711"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket(0x10, 0x3, 0x0)
connect$netlink(r7, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)

9m31.074221963s ago: executing program 4 (id=180):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r1, 0x0, 0x24, &(0x7f0000002a40)={@multicast2, @empty}, 0x8)
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000f000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='sched_switch\x00', r4}, 0x10)
syz_open_dev$usbfs(0x0, 0x75, 0x121301)
pipe(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56741, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x21}}]}}]}, 0x48}}, 0x0)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0)
futex(&(0x7f0000000040), 0x88, 0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x804810, &(0x7f00000001c0)={[{@quota}, {@errors_remount}]}, 0x26, 0x76e, &(0x7f0000001280)="$eJzs3M1rHGUYAPBnptkmbaMbQfDjIEILLZRukubSnhov3gqFgtcakk0ImWRDdlO7sWDrWajNRUEQ9ezRq1DqH+BNCgreBdEaDyLCymw2qYm76bb52JL+fjCZ952P93me7PBmBzITwHPrzfxHEjEYEVciotjankbE0WZrIOLW+nFrD29O5ksSjcbV35L8tFhrFDfHSlrrE9E8JV6NiPuFiLMf/j9utb4yN5Fl5aVWf7g2vzhcra+cm52fmCnPlBdGxy6OXBgbuzAy9tgaXumy1lPvXDx29/u3V1d/+KZ2542+c0mMN+uOVm1dDvNE1n8nhRj/bzciFvYjWA8lvU4AAICu5N/zj0REX/NbajGONFsAAADAYdLobwAAAACHXhK9zgAAAADYXxv/B7DxbO9+PQfbya9vRcRQu/h9zWeIIwaiEBHH15ItTyYk66fBrty6HRH3xrdff1/lV9itXY49sq2/9Rnpo7scnb1wL59/xtvNP+nm/BNt5p++jXcn7FLn+e9R/CMd5r8rXcb49vPXCh3j3454va9d/GQzftIh/rtdxr+z+tHdTvsaX0acbvv3J9kSa4f3Q4xPz2Y7vn7g/t9nHuxU//FO8ZOd61/ssv731/6Y6zSX5PHPnNz5828XP78mPm7lkUbE3dY6769ui3Fy/sfvdqp/KqLxNJ//F13W//PX/Te6PBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa0ogYjCQtbbbTtFSKOBERL8fxNKtUa2enK8sLU/m+iKEopNOzWXkkIorr/STvD7TG2+ifb7Yf9cci4qWfjq0fNJuVS5OVbKqXhQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDFiYgYjCQtRUQaEX8W07RUiujr4tz+A8gPAAAA2CNDbbf+c+B5AAAAAPun/f0/AAAAcJg87f1/ssd5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIfalcuX86Wx9vDmZN6ful5fnqtcPzdVrs6V5pcnS5OVpcXSTKUyk5VLk5X5x42XVSqLoxdj+cZwrVyN4Wp95dp8ZXmhdm12fmKmfK1cOJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFKDzSVJSxGRNttpWipFvBARQ1FIpmez8khEvBgRD4qF/rw/2uukAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2HPV+srcRJaVlw5rYyAinoE0nsNG2rrEnpV8nqnGBxHRYdftzrsOstHjiQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJ6o1lfmJrKsvFTtdSYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0VvpLEhH5crp4anD73qPJX8XmOiLe++zqJzcmarWl0Xz775vba5+2tp/vRf4AAADwXLj0JAdv3Kdv3McDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0q1pfmZvIsvLS7hqXor7SSDoc0+saAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp/NvAAAA///yXsEd")

9m31.048989465s ago: executing program 36 (id=180):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r1, 0x0, 0x24, &(0x7f0000002a40)={@multicast2, @empty}, 0x8)
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000f000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='sched_switch\x00', r4}, 0x10)
syz_open_dev$usbfs(0x0, 0x75, 0x121301)
pipe(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56741, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x21}}]}}]}, 0x48}}, 0x0)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0)
futex(&(0x7f0000000040), 0x88, 0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x804810, &(0x7f00000001c0)={[{@quota}, {@errors_remount}]}, 0x26, 0x76e, &(0x7f0000001280)="$eJzs3M1rHGUYAPBnptkmbaMbQfDjIEILLZRukubSnhov3gqFgtcakk0ImWRDdlO7sWDrWajNRUEQ9ezRq1DqH+BNCgreBdEaDyLCymw2qYm76bb52JL+fjCZ952P93me7PBmBzITwHPrzfxHEjEYEVciotjankbE0WZrIOLW+nFrD29O5ksSjcbV35L8tFhrFDfHSlrrE9E8JV6NiPuFiLMf/j9utb4yN5Fl5aVWf7g2vzhcra+cm52fmCnPlBdGxy6OXBgbuzAy9tgaXumy1lPvXDx29/u3V1d/+KZ2542+c0mMN+uOVm1dDvNE1n8nhRj/bzciFvYjWA8lvU4AAICu5N/zj0REX/NbajGONFsAAADAYdLobwAAAACHXhK9zgAAAADYXxv/B7DxbO9+PQfbya9vRcRQu/h9zWeIIwaiEBHH15ItTyYk66fBrty6HRH3xrdff1/lV9itXY49sq2/9Rnpo7scnb1wL59/xtvNP+nm/BNt5p++jXcn7FLn+e9R/CMd5r8rXcb49vPXCh3j3454va9d/GQzftIh/rtdxr+z+tHdTvsaX0acbvv3J9kSa4f3Q4xPz2Y7vn7g/t9nHuxU//FO8ZOd61/ssv731/6Y6zSX5PHPnNz5828XP78mPm7lkUbE3dY6769ui3Fy/sfvdqp/KqLxNJ//F13W//PX/Te6PBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa0ogYjCQtbbbTtFSKOBERL8fxNKtUa2enK8sLU/m+iKEopNOzWXkkIorr/STvD7TG2+ifb7Yf9cci4qWfjq0fNJuVS5OVbKqXhQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDFiYgYjCQtRUQaEX8W07RUiujr4tz+A8gPAAAA2CNDbbf+c+B5AAAAAPun/f0/AAAAcJg87f1/ssd5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIfalcuX86Wx9vDmZN6ful5fnqtcPzdVrs6V5pcnS5OVpcXSTKUyk5VLk5X5x42XVSqLoxdj+cZwrVyN4Wp95dp8ZXmhdm12fmKmfK1cOJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFKDzSVJSxGRNttpWipFvBARQ1FIpmez8khEvBgRD4qF/rw/2uukAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2HPV+srcRJaVlw5rYyAinoE0nsNG2rrEnpV8nqnGBxHRYdftzrsOstHjiQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJ6o1lfmJrKsvFTtdSYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0VvpLEhH5crp4anD73qPJX8XmOiLe++zqJzcmarWl0Xz775vba5+2tp/vRf4AAADwXLj0JAdv3Kdv3McDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0q1pfmZvIsvLS7hqXor7SSDoc0+saAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp/NvAAAA///yXsEd")

9m17.745543745s ago: executing program 0 (id=212):
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="300000004a003b880000", @ANYBLOB='{'], 0x30}}, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_usb_connect$cdc_ecm(0x4, 0x6a, &(0x7f0000000d00)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x58, 0x1, 0x1, 0x4, 0x10, 0xc6, [{{0x9, 0x4, 0x0, 0x7f, 0x4, 0x2, 0x6, 0x0, 0x4, {{0xb, 0x24, 0x6, 0x0, 0x0, "549501e87001"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x0, 0xe32f, 0x2}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x9}, @mbim={0xc, 0x24, 0x1b, 0x208, 0x1, 0x96, 0x0, 0x1, 0x6}, @ncm={0x6, 0x24, 0x1a, 0x0, 0x20}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x5, 0xca}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x24, 0x1, 0x80}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000cc0)={0xa, 0x6, 0x110, 0x5, 0xff, 0x94, 0x10, 0x96}, 0x5, &(0x7f00000001c0)={0x5, 0xf, 0x5}, 0x2, [{0xf, &(0x7f0000001080)=@string={0xf, 0x3, "6027b5ce44160ea62a00c5e5d1"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x42a}}]})
syz_usb_control_io(r1, &(0x7f00000005c0)={0x2c, &(0x7f00000003c0)={0x0, 0x7, 0x9a, {0x9a, 0x8, "c19a25e0cc06ea748f994160146ef2aabaab12134722caa148192f2f91e0c60eea42ae625aee4c77307e08e9dc6c57c6d4ab183d47b91bbf27284e8c4ca8fa5b25830c51e7cbd850c670b272a0014539978d91b6ee0dd39a42cb06435f996fb3a5a9e2b5a750d58637c5a30b04a7af3d6e8f706d03021b11d8e8771d71a250df101fd7e4c4e00c3a1548714f5b17392a957a53183f70c158"}}, &(0x7f0000000b00)=ANY=[@ANYBLOB="0003a1000000a10313a97bfcf2deb97a03b6aba1aef0ecf3810e0a83577226e871b7be668fbf049ef3e599d1010baa26135c0ae46574e9fd313836cff2c352c89fbba12e65f6be99ad25256692987ba4c00e98bf354e9b71288290c0828ae8ee4f89edc2569251af9c5455a9a6d3b1ca91586629946e5701ccc7432e2fb349d8e60930d1c55706ec155c65a035b00aa9e6923e9bd117d15276f25575d22e8859469e6b37a8ef84c68ce623aca46fc5c7d2b7a005f7e27196f8a19bf16b18092fac126c3da5094a89ee5dade5fb21b92a39e86bb9baa414b66c85f06f48ee4b4786b95d2a96b3a5a207d20cdda06230dafe997262390929baf26e20a981b8bd40c72fed7bdd2105b01b5b8afed603ef4759612dae14d5265bb9fbddb66299f5dc0c31b1e20f0aa7cbc120070de8b0be29cef284e78e55c36d98e6ba2b719efae12bd95795dec8ac0647c57cf6995447192249ce25ec65407967310ceb07de55b2"], &(0x7f0000000300)={0x0, 0xf, 0x19, {0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0xdd, "de6d101f6a0e35b82c8b092d6ec7eb0f"}]}}, &(0x7f0000000540)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x4, 0x4, 0x9, "cfe9b658", "1ae235e1"}}, &(0x7f0000000580)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x0, 0x8, 0x5, 0x0, 0x6, 0x1ff, 0x7}}}, &(0x7f0000000a40)={0x84, &(0x7f0000000600)=ANY=[@ANYBLOB="200a54000000f6aa8f4a3fc977c7cb116d6a40f828d8d21c5d01ddedfb8d69ffed2b48094437f764840adaeabede7dd514cfd21b6871bfaf9091778b8cbacf714d6876fb34bd57bbafc31d09c84db724f62a8038a8a5f2d42af714d0f2f08cb7c9"], &(0x7f0000000680)={0x0, 0xa, 0x1, 0x9f}, &(0x7f00000006c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x3}}, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x140, 0x10}}, &(0x7f0000000780)={0x40, 0x7, 0x2, 0x2}, &(0x7f00000007c0)={0x40, 0x9, 0x1}, &(0x7f0000000800)={0x40, 0xb, 0x2, "8fea"}, &(0x7f0000000840)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000000880)={0x40, 0x13, 0x6, @link_local}, &(0x7f00000008c0)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000900)={0x40, 0x19, 0x2, "23d9"}, &(0x7f0000000940)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000000980)={0x40, 0x1c, 0x1, 0x6}, &(0x7f00000009c0)={0x40, 0x1e, 0x1, 0x3f}, &(0x7f0000000a00)={0x40, 0x21, 0x1, 0x4}})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
accept4(r2, 0x0, 0x0, 0x0)
r3 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240), 0x2, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
syz_usb_disconnect(r1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}})
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000180)={0x29, 0x4, 0x0, {0x1, 0xfffffffff0000000, 0x1, 0x0, [0x0]}}, 0x29)
write$binfmt_misc(r3, &(0x7f00000010c0), 0xb8)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4d9, 0xa070, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000e00)={0x24, &(0x7f0000000480)={0x20, 0x6, 0x90, {0x90, 0x3, "d3584b0bf05f49333719724cfad44b016244c4a50823a7c5f43ff39d758a34cb61673dc9653e678acf5faaeb757367dde6f22ed9498e9c7f00ad38ba71d5c875cd5c3a11877d3fbdd31dcae36b23ac4133a01eb7c5d1a5bef77894eefc54db7fc4531cbbd078d721e3a2d334c181fc2de9080aff5ce3eb3e9485d994bd4b99a94c80d9f93c24a927390091a7e4d2"}}, &(0x7f0000000c80)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf0ff}}, &(0x7f0000000d80)={0x0, 0x22, 0x16, {[@global=@item_012={0x1, 0x1, 0x5, "03"}, @main=@item_012={0x2, 0x0, 0xb, "eae3"}, @main=@item_4={0x3, 0x0, 0xc}, @global=@item_4={0x3, 0x1, 0x3, "8b396133"}, @global=@item_012={0x1, 0x1, 0x4, "c9"}, @global=@item_4={0x3, 0x1, 0x6, "a58fe856"}]}}, &(0x7f0000000dc0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x100, 0xcb, 0x1, {0x22, 0x45c}}}}, &(0x7f0000001040)={0x2c, &(0x7f0000000e40)={0x0, 0xe, 0x4c, "da7b0dfac84fd7d49cc6e685978ac95567309c4d2d5827a804232ba6c580fda14c9c5052de91247fc1fe8cc74712d3af6ef85a2dae0b3f4b927879a211a007f36401be7a5e0f123e0bca27c8"}, &(0x7f0000000ec0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000f00)={0x0, 0x8, 0x1, 0x90}, &(0x7f0000000f40)={0x20, 0x1, 0x9c, "ced5af8f9652740880e3a9bcf01447a33d9289f9dcc0882d3ab181ba5b36a1f0bfa2b994f96de42291f8153fd0e8422bb09be72e0a6ca1dbb03537611b146357bde4cce96a1d5b614abe732b2a2db3ff31323844fc691477905683fb04638767495f06c838e47f43f049463068d00102ffa6477235a784bf04ce4f3011d64dfe5d49de0699a0583539a98b34e2545d8f98f355a0096e9726f8b30930"}, &(0x7f0000001000)={0x20, 0x3, 0x1, 0x5}})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe80, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x58, &(0x7f0000000980)={[{@abort}, {@bh}, {@nomblk_io_submit}, {@stripe={'stripe', 0x3d, 0x4ffff}}, {@norecovery}, {@minixdf}, {@nobh}]}, 0xfe, 0x799, &(0x7f00000001c0)="$eJzs3c1rHGUYAPBnNp+m1UYQbL00Jy2UbtoaWwWh8SSChYKebcNmG2I22ZLdlCbkYBFBEEGLB0Evnv2oN28ievZv8CIiLVXTYsWDrMx+JJtukm7TTdI2vx9M8r4zs/PMs7Pzvu/uDLsB7FpD6Z9MxIGI+CiJ2Fefn0RET7XUHTFaW+/20mIunZKoVN74M6muc2tpMRdNj0ntqVf2R8SP70UczrTGLc0vTI0VCvnZen24PH1huDS/cGRyemwiP5GfOXFsZOT4yRdOnuhcrn//vLD3+sevPvfN6L/vPn31w5+SGI299WXNeXTKUAzVn5Oe9Cms+b7TUR4MyU7vAJuSnppdtbM8DsS+6KqWAIBHWdr/VwCAXSbR/wPALtP4HODW0mKuMe3sJxLb68YrEdFfy79xfbO2pLt+za6/eh104Fay6spIEhGDHYi/PyI+/+6tr9Iptug6JMBa3rkcEecGh1rb/2TlnoVNOtrGOkN31LV/sH1+SMc/L641/sssj39ijfFP3xrn7mYMRfTWN1fVev5nrq0K2nCqA8Hr47+Xa/e2pYk2jf+Wb1ob7KrXHk8rByNispBP27YnIuJQ9PSdnyzkj20Q49DN/26ut2yoafz315W3v0zjp/9X1shc6+5b/ZjxsfLY/eTc7MbliGe6V+7tu93S/jeOeuv498xGGz64Unztpfc/W2+1NP8038bUmv/WqnwR8WysnX9DsuH9icPp4T9a+7t2jG9//XRgvfjNxz+d0viN9wLbIT3+AxvnP5g0369Z6mz8u+e//Ppf3qH09d+bvFkt99bnXRorl2ePRfQmr7fOP76ytUa9sX6af23Di72xKv+V9i9Zo/1L3xOeazPH7ut/fL35/LdWmv/4PR3/ey9cvT3VtV789o7/SLV0qD6nnfav3R28n+cOAAAAAAAAAAAAAAAAAAAAAAAAANqViYi9kWSyy+VMJput/Yb3UzGQKRRL5cPni3Mz41H9rezB6Mk0vupyX62eNL7/dLCpfvyO+vMR8WREfNL3WLWezRUL4zudPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU7Vnn9/9Tv/ft9N4BAFumv2VOpVKpNNdv5jdcDAA8dFr7fwDgUaf/B4DdR/8PALuP/h8Adh/9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFvszOnT6VT5Z2kxl9bHL87PTRUvHhnPl6ay03O5bK44eyE7USxOFPLZXHH6btsrFIsXRmJm7tJwOV8qD5fmF85OF+dmymcnp8dOxdl8z7ZkBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3pjS/MDVWKORnH4nCBxHxAOyGQmcLvx35Zf9G61y5y8t4tI1Y/fUT4gFJeecLO9wwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwk/g8AAP//Ez0kyA==")
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='freezer.parent_freezing\x00', 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1)
preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0xfb, 0x0)

9m14.018495675s ago: executing program 0 (id=229):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r2}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000700)=ANY=[@ANYRES32=0x0, @ANYRES32=r3, @ANYRESHEX, @ANYRES64=r2, @ANYRES64=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r4}, 0x10)
close(r5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1c00000000000000000000000080000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000004000000000000001b3200"/28], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="320021fc00000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000680)='sched_switch\x00', r10}, 0xfffffffffffffffb)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r11, 0x4018620d, &(0x7f0000000100))
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3000010, &(0x7f0000000000), 0x41, 0x51b, &(0x7f0000000100)="$eJzs3c9vI1cdAPDvTOLd7G6KU0CoVKJUtGi3grU3DW0jhKBc4FQJKPclJE4UxY6j2CmbqKKp+A8QEkicOHFB4g9AQj3wB6BKleCCOCBAIARbOCABHTTjsZp17CTQrJ3Gn4/04vfm1/e9sfw8M36ZCWBqPRkRL0bETEQ8ExHVcnpaprt54bC33Nv3X13NUxJZ9vJfk0jKaf1t5eXZiLjRWyXmIuJrX474ZnI8bmf/YGul2WzsluV6t7VT7+wf3N5srWw0NhrbS0uLzy+/sPzc8p2s9J7audDP/PhLn//5p7/1u7t/vvXtvFqf+0hUYqAd56nX9EqxL/ryfbT7MIJNwEzZnsqkKwIAwJnkx/gfjIhPFMf/1ZgpjuYGzEyiZgAAAMB5yb4wH/9OIjIAAADg0kojYj6StFaOBZiPNL1SXhv4cFxPm+1O91Pr7b3ttXxexEJU0vXNZuNOOVZ4ISpJXl4sx9j2y88OlJci4tGI+F71WlGurbabaxO+9gEAAADT4sbA+f8/qmmRP92Q/xMAAAAALq6FkQUAAADgsnDKDwAAAJff4Pm/+/0DAADApfKVl17KU9Z//vXaK/t7W+1Xbq81Olu11t5qbbW9u1PbaLc3inv2tU7bXrPd3vlMbO/dq3cbnW69s39wt9Xe2+7e3XzgEdgAAADAGD368Td+nUTE4WevFSnK+wACPOAPk64AcJ4M9YPp5S7eML0qk64AMHHJKfMN3gEAgPe/mx89/vt///n/rg3A5WasDwBMH7//w/SqGAEIU2u2vAbwgV7x6qjlRv7+/8uzRsqyiDerR6e4vggAAOM1X6QkrZXnAfORprVaxCMR6UJUkvXNZuNOeX7wq2rlal5eLNZMTh0zDAAAAAAAAAAAAAAAAAAAAAAAAAD0ZFkSGQAAAHCpRaR/Soq7+UfcrD49P3h94Eryz2r8sSz88OXv31vpdncX8+l/K57ldSUiuj8opz878vFhAAAAwHlLDkfO6p2nl6+LY60VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFPg7fuvrvbTOOP+5YsRsTAs/mzMFa9zUYmI639PYvbIeklEzJxD/MPXI+KxYfGTeCfLXouyFsPiX3vI8ReKXTM8fhoRN84hPkyzN/L+58Vhn780nixeh3/+Zsv0Xo3u/9Iy8mNFPzes/3nk2NZaQ2M8/tZP671c5Xj81yMenx3e//T732RE/KeObe1fWZYdj/+Nrx8cjGp/9qOIm0O/f5IHYtW7rZ16Z//g9mZrZaOx0dheWlp8fvmF5eeW79TXN5uN8u/QGN/92M/eGRU/b//1IfF/+5te/3tS+58etdEB/3nr3v0P9bLH3oA8/q2nhn7/zsWI+Gn53ffJMp/Pv9nPH/byRz3xkzefOKn9ayP2/2nv/60ztv+Zr37n92dcFAAYg87+wdZKs9nYPSEzd4Zl3o+ZX8xdiGr8j5nstd47d1Hq8/9m8qPVd6f0W3UBKnYkk40l1tXieP6sa10ZU9sn2i0BAAAPwbsH/ZOuCQAAAAAAAAAAAAAAAAAAAEyvcdxKbTDm4WSaCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwov8GAAD//3QT3Gw=")
r12 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r12, 0x107, 0xf, &(0x7f00000000c0)=0x9, 0x4)
mlockall(0x7)

9m11.719036491s ago: executing program 0 (id=234):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
signalfd(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000000104010400000000000000000000000006000640000000000a0002000000005147b60005"], 0x38}}, 0x0)

9m10.766796011s ago: executing program 0 (id=238):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYBLOB="000000f34279e645762e5f"], 0x48)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./bus\x00', 0x0, &(0x7f0000020000)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75", @ANYRES64], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5")
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$binfmt_script(r0, &(0x7f00000003c0), 0xb)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = open$dir(&(0x7f0000000040)='./file3\x00', 0x800, 0x22)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r6, 0xc080661a, &(0x7f0000000240)={@desc={0x1, 0x0, @desc1}})
dup3(0xffffffffffffffff, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0})
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
fchmodat(r7, &(0x7f00000000c0)='./file1\x00', 0x0)
openat(r7, &(0x7f00000001c0)='./file1\x00', 0x5, 0x0)
syz_clone(0x100000, &(0x7f0000000540)="c7b5a8ef347db9417d67243c98a9f7cc8601f8a8dc91eee9873ccf8d976264744e7489e380dae72e2559cfca5912d3df165f8326a6a6420c9a1465bc49da9410321dcb4e51f3bb528ae26274a40220a6ba8b67b21e5b89e9a0086d44c7442001eed8c18a5a6c63296e65d0d5db6e942ce4f9cbe9877d89ce9a09b1834a165eb6d5df74addd7972715341ba2f0ecbd047ee9db808dcd6e6924c8360af27245532f4a0099c8f20eafabafcb7259ddd552c8da87fdf4497590be4d79745da436a558d4465e0ebe8c9667d0b3d35685a169e3827138d34a2c005307b5bb99f28", 0xde, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000680)="998f0626f770ba9361c83d53761f4f396d952cb16961f84fa2053a5d90827d5d28c9f96f28c3f1582ee2a8456eb879744da76020266eed740315d6f4893512ec19161ee7d9f50fb6de52663921b2b3648068d66d8d245718bde87e92c8a154596002bf915b6939581f028092f4e98c4d39121de56da6a8f9f78fbb89a3186a949fdb2dac5c30556cd70529199ddb43ead1b049faf97ae70cdb9caa5a01120cd438e6f0e241e5e8b6a82cbc50e65522386ea2bec75c4ccc71637c37f33c589fa3e7677554661f95dadde215076319f8a03c9880b4cdde2a8da7dcccfe64471776fa9447d8ae1f203407")

9m8.101832151s ago: executing program 0 (id=254):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000040)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r6, 0x40505412, &(0x7f00000000c0)={0x4, 0x8})
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f00000000c0)=0x13)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r7, 0x6628)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r8=>0x0})
setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r7, &(0x7f00000000c0)="3f03fe7f0302120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0x48, 0x0, &(0x7f0000000540)={0xc9, 0x7, r8, 0x1, 0x0, 0x6, @multicast}, 0x14)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
dup(r9)

9m7.514019706s ago: executing program 0 (id=262):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x1c0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x200000, 0x0)
close(r1)
close(r0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
close(0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file0\x00', 0x81c0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x81c0, 0x0)

9m7.513897946s ago: executing program 37 (id=262):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x1c0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x200000, 0x0)
close(r1)
close(r0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
close(0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file0\x00', 0x81c0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x81c0, 0x0)

9m0.935081674s ago: executing program 2 (id=328):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000006feaaa"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000c00)={0x1, 0x0, [{0x0, 0xaf, &(0x7f00000007c0)=""/175}]})
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f00000005c0)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/68, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000000c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000480)=""/83, &(0x7f00000001c0)=""/72})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000004, 0x28011, r2, 0x0)

9m0.536857281s ago: executing program 2 (id=331):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000006feaaa"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c00)={0x1, 0x0, [{0x0, 0xaf, &(0x7f00000007c0)=""/175}]})
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f00000005c0)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/68, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000480)=""/83, &(0x7f00000001c0)=""/72})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000004, 0x28011, r3, 0x0)

8m59.816682739s ago: executing program 2 (id=338):
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)

8m59.778271343s ago: executing program 2 (id=341):
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xa1000a, &(0x7f00000003c0)=ANY=[], 0x21, 0x150d, &(0x7f0000001180)="$eJzs3AuYjtX6MPD7Xms9DA29TXIY1lr3w5sGy5Akh4QckiTZkuSUEJokSUiMs6QhCTlOksMQksM0Jo3z+ZBzkiRNkoSEJOu7Zu/21967/f/39f/3fa7vP/fvup7rXff7PPd61pp73nmf9cz1vt/0Hlu/ZYM6zYkI/lvwbw/JABADACMB4HoACACgclzluJz9+SQm//dOwv5cD6Vd6xGwa4nrn7tx/XM3rn/uxvXP3bj+uRvXP3fj+uduXH/GcrNd84vdwFvu3fj+f27G7///g2SXn/bFlvI39fkDKQW4/rkav/5zN65/7sb1z924/rkb1z934/rnblx/xnKz//q9Y/7fwf+E7Vr//jHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYyx0u+V8pAPh7+1qPizHGGGOMMcYYY38en/daj4AxxhhjjDHGGGP/9yEIkKAggDyQF2IgH+SH6yAWCkBBuB4icAPEwY1QCG6CwlAEikIxiIfiUAI0GLBAEEJJKAVRuBlKwy2QAGWgLJQDB+UhESpARbgVKsFtUBluhypwB1SFalAdasCdUBPuglpQG+rA3VAX6kF9aAD3QEO4FxrBfdAY7ocm8AA0hQehGfwFmsND0AIehpbwCLSCR6E1tIG20A7a/5fyX4D+8CIMgIGQDINgMAyBoTAMhsMIGAkvwSh4GUbDK5ACY2AsvArj4DUYD6/DBJgIk+ANmAxTYCpMg+kwA1LhTZgJb8EseBtmwxyYC/MgDebDAngHFsIiWAzvwhJ4D5bCMlgOKyAd3ocMWAmZ8AGsgg8hC1bDGlgL62A9bICNsAk2wxbYCttgO+yAnbALPoLdsAf2wj7YDwfgIHwMh+ATOAyfwhH47A/mX/yX/D4ICChQoEKFeTAPxmAM5sf8GIuxWBALYgQjGIdxWAgLYWEsjEWxKMZjPJbAEmjQICFhSSyJUYxiaSyNCZiAZbEsOnSYiIlYEW/FSlgJK2NlrIJVsCpWw2pYA2tgTayJtbAW1sE6WBfrYn2sj/fgPXgvNsJG2BgbYxNsgk2xKTbDZtgcm2MLbIEtsSW2wlbYGltjW2yL7bE9dsAO2BE7YmfsjF2wC3bDbpiESdgdu2MP7IE9sSf2wl7YG3tjH+yLffEFfAFfxBdxINYVg3AwDsahOBSH4wgcgS/hKHwZX8ZXMAXH4Fh8FV/F2gBwASfgRJyEk7CmmIJTcRqSmIGpmIozcSbOwlk4G+fgHJyHaTgfF+ACXIiLcBG+i0vwPXwPl+EyXIHpmI4ZuBIzMRNX4UXMwtW4BtfiOlyP63AjbsKNuAW34hbcjttxJ+7Ej/Aj3IN7cB/uwwOoAPBj/AQ/wRQ8gkfwKB7FY3gMj+NxzMZsPIEn8CSexFN4Ck/jaTyDZ/EcnsXzeB4v4EW8hJfwMl7GK/hc/FctDpTZnAIihxJK5BF5RIyIEflFfhErYkVBUVBERETEiThRSBQShUVhUVQUFfEiXpQQJYQRRpAIRUlRUkRFVJQWpUWCSBBlRVnhhBOJIlFUFBVFJVFJVBa3iyriDlFVVBOdXA1RQ9QUnV0tUVvUEXVEXVFP1BcNRAPRUDQUjUQj0Vg0Fk1EE9FUPCiaiUE4HB8SOZVpKcZgKzEWW4s2oq1oJ17Dx0QHMR47ik6is3hCTMQJ2E10cEniKdFdTMUe4hkxDZ8VvcQM7C2eF31EX9FPvCD6i45ugBgoZuMgMVjMw6FimBguRoiFWE/kVKy+eEWkiDFirHhVrMDXxHjxupggJopJ4g0xWUwRU8U0MV3MEKniTTFTvCVmibfFbDFHzBXzRJqYLxaId8RCsUgsFu+KJeI9sVQsE8vFCpEu3hcZYqXIFB+IVeJDkSVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix1ip9glPhK7xR6xV+wT+8UBcVB8LA6JT8Rh8ak4Ij4TR8Xn4pj4QhwXX4ps8ZU4Ib4WJ8U34pT4VpwW34kz4qw4J74X58UP4oK4KC6JH8Vl8ZO4In4WV4UXIFEKKaWSgcwj88oYmU/ml9fJWFlAFpTXy4i8QcbJG2UheZMsLIvIorKYjJfFZQmppZFWkgxlSVlKRuXNsrS8RSbIMrKsLCedLC8TZQVZUd4qK8nbZGV5u6wi75BVZTVZXdaQd8qa8i5ZS9aWdeTdsq6sJ+vLBvIe2VDeKxvJ+2Rjeb9sIh+QTeWDspn8i2wuH5It5MOypXxEtpKPytayjWwr28n28jHZQT4uO8pOsrN8QnaRXWU3+aRMkk/J7vJp2UM+I3vKZ2Uv+ZzsLZ+XfWRf2U/+LK9KLwfIgTJZDpKD5RA5VA6Tw+UIOVK+JEfJl+Vo+YpMkWPkWPmqHCdfk+Pl63KCnCgnyTfkZDlFTpXT5HQ5Q6bKN+VM+ZacJd+Ws+UcOVfOk2lyvhz+S0+L/w/y3/o3+aP/evadcpf8SO6We+ReuU/ulwfkQXlQHpKH5GF5WB6RR+RReVQek8fkcXlcZstseUKekCflSXlKnpKn5Wl5Rp6VP8rv5Xn5g7wgL8qL8kd5WV6WV375GYBCJZRUSgUqj8qrYlQ+lV9dp2JVAVVQXa8i6gYVp25UhdRNqrAqooqqYipeFVcllFZGWUUqVCVVKRVVN+MvFxSqrCqnnCqvElWFP5KvSqtbVIIq80/5vze+9qq96qA6qI6qo+qsOqsuqovqprqpJJWkuqvuqofqoXqqnqqX6qV6q96qj+qj+ql+qr/qrwaoASpZJavBaogaqoap4WqEGqleUqPUKDVajVYpKkWNVWPVODVOjVfj1QQ1QU1Sk9RkNVlNVVPVdDVdpapUNVPNVLPULDVbzVZz1VyVptLUArVALVQL1WK1WC1RS9RStVQtV8tVukpXGSpDZapMtUqtUllqtVqt1qq1ar1arzaqjWqz2qy2qq1qu9qustQutUvtVrvVXrVX7Vf71UF1UB1Sh9RhdVgdUUfUUXVUHVPH1HF1XGWrbHVCnVAn1Ul1Sp1Sp9VpdUadUefUOXVenVcX1AV1SV1Sl9VldUVdUVfV1ZzLvkAEIlCBCvIEeYKYICbIH+QPYoPYoGBQMIgEkSAuiAsKBTcFhYMiQdGgWBAfFA9KBDowgQ0oCIOSQakgGtwclA5uCRKCMkHZoFzggvJBYlAhqBjcGlQKbgsqB7cHVYI7gqpBtaB6UCO4M6gZ3BXUCmoHdYK7g7pBvaB+0CC4J2gY3Bs0Cu4LGgf3B02CB4KmwYNBs+AvQfPgoaBF8HDQMngkaBU8GrQO2gRtg3ZB+z+1f+8vFHncDdADdbIepAfrIXqoHqaH6xF6pH5Jj9Iv69H6FZ2ix+ix+lU9Tr+mx+vX9QQ9UU/Sb+jJeoqeqqfp6XqGTtVv6pn6LT1Lv61n6zl6rp6n0/R8vUC/oxfqRXqxflcv0e/ppXqZXq5X6HT9vs7QK3Wm/kCv0h/qLL1ar9Fr9Tq9Xm/QG/UmvVlv0Vv1Nr1d79A79S79kd6t9+i9ep/erw/og/pjfUh/og/rT/UR/Zk+qj/Xx/QX+rj+Umfrr/QJ/bU+qb/Rp/S3+rT+Tp/RZ/U5/b0+r3/QF/RFfUn/qC/rn/QV/bO+qn3OxX3O27tRRpk8Jo+JMTEmv8lvYk2sKWgKmoiJmDgTZwqZQqawKWyKmqIm3sSbEqaEyUGGTElT0kRN1JQ2pU2CSTBlTVnjjDOJJtFUNBVNJVPJVDaVTRVTxVQ1VU11U93cae40d5m7TG1T29xt7jb1TD3TwDQwDU1D08g0Mo1NY9PENDFNTVPTzDQzzU1z08K0MC1NS9PKtDKtTWvT1rQ17U1708F0MB1NR9PZdDZdTBfTzXQzSSbJdDfdTQ/Tw/Q0PU0v08v0Nr1NH9PH9DP9TH/T3wwwA0yySTaDzWAz1Aw1w81wM9KMNKPMKDPajDYpJsWMNWPNODPOjDfjzQQz0Uwyb5jJZoqZaqaZ6WaGSTWpZqaZaWaZWWa2mW3mmrkmzaSZBWaBWWgWmsVmsVlilpilZqlZbpabdJNuMkyGyTSZZpVZZbJMlllj1ph1Zp3ZYDaYTWaT2WK2mG1mm9lhdphdZpfZbXabvWav2W/2m4PmoDlkDpnD5rA5Yo6Yo+aoRwBz3Bw32SbbnDAnzElz0pwyp8xpc9qcMWfMOXPOnDfnzQVzwVwyl8xl85O5Yn42V403MTafzW+vs7G2gC1or7f/Ghe1xWy8LW5LWG0L2yL/FBtrbYItY8v+fYlpK9iEmJzHctbZ8jbRVrBVbTVb3dawd9qa9i5b6zdxQ3uvbWTvs43t/baBveef4ib2AdvUPmKb2Udtc9vGtrDtbEv7iG1lH7WtbRvb1razXWxX280+aZPsU7a7ffo3cYZdaTfZzXaL3WoP2U/sJfujPWm/sZftT3aAHWhH2pfsKPuyHW1fsSl2zG/iSfYNO9lOsVPtNDvdzvhNPNfOs2l2vl1g37EL7aLfxOn2fbvEZtqldpldblf8Nc4ZU6b9wK6yH9osu9qusWvtOrvebrAb//dY19rtdofdaQ/aj+1uu8futfvsfnvgr3HOPA7bT+0R+5k9Yb+2x+wX9rg9ZbPtV3+Nc+Z3yn5rT9vv7Bl71p6z39vz9gd7wV7Mmb/Pmfv39md71XoLhCRIkqKA8lBeiqF8lJ+uo1gqQAXpeorQDRRHN1IhuokKUxEqSsUonopTCdJkyBJRSCWpFEXpZipNt1AClaGyVI4cladEqkAV6VaqRLdRZbqdqtAdVJWqUXWqQXdSTbqLalFtqkN3U12qR/WpAd1DDeleakT3UWO6n5rQA9SUHqRm9BdqTg9RC3qYWtIj1IoepdbUhtpSO2pPj1EHepw6UifqTE9QF+pK3ehJSqKnqDs9TT3oGepJz1Iveo560/PUh/pSP3qB+tOLNIAGUjINosE0hIbSMBpOI2gkvUSj6GUaTa9QCo2hsfQqjaPXaDy9ThNoIk2iN2gyTaGpNI2m0wxKpTdpJr1Fs+htmk1zaC7NozSaTwvoHVpIi2gxvUtL6D1aSstoOa2gdHqfMmglZdIHtIo+pCxaTWtoLa2j9bSBNtIm2kxbaCtto+20g3bSLvqIdtMe2kv7aD8doIP0MR2ifL+84D6jo/Q5HaMv6Dh9Sdn0FZ2gr+kkfUOn6Fs6Td/RGTpL5+h7Ok8/0AW6SJfoR7pMP9EV+pmukicIMRShDFUYhHnCvGFMmC/MH14XxoYFwoLh9WEkvCGMC28MC4U3hYXDImHRsFgYHxYPS4Q6NKENKQzDkmGpMBreHJYObwkTwjJh2bBc6MLyYWJYIawY3hpWCm8LK4e3h1XCO8KqYbXwkftrhHeGNcO7wlph7bBOeHdYN6wX1g8DAGgY3hs2Cu8LG4f3h5XCB8Km4YMh/PJ5lRbhw2HL8JGwVfho2DpsE7YN24Xtw8fCDuHjYcewU9g5fCLsEnYNu4VPhknhU2H38Onf3Z8cDgoHh0PCIaH398nl0RXR9Oj70Yzoymhm9IPoquiH0azo6uia6Nrouuj66Iboxuim6ObolujW6Lbo9uiO6M6o9w3ygkMnnHTKBS6Py+tiXD6X313nYl0BV9Bd7yLuBhfnbnSF3E2usCviirpiLt4VdyWcdsZZRy50JV0pF3U3u9LuFpfgyriyrpxzrrxLdO1ce9fedXCPu46uk+vsnnBPuK6uq3vSPemect3d066He8b1dM+6Xu4595x73vVxfV0/94Lr7150A9xAl+yS3WA32A11Q91wN9yNdCPdKDfKjXajXYpLcWPdWDfOjXPj3Xg3wU1wk9wkN9lNdlPdVDfdTXepLtXNdDPdLDfL5VRprpvr0lyaW+AWuIVuoVvsFrslCUvcUrfULXfLXbpLdxkuw2W6TLfKrXJZLsutcWvcOrfObXAb3Ca3yW1xW9w2t83tcDvcLrfL7Xa73V631+13+91Bd9AdcofcYXfYHXFH3FF31B1zx9xx96XLdl+5E+5rd9J94065b91p95074866c+57d9794C64i+6S+9Fddj+5K+5nd9V5lxp5MzIz8lZkVuTtyOzInMjcyLxIWmR+ZEHkncjCyKLI4si7kSWR9yJLI8siyyMrIumR9yMZkZWRzMgHkVWRDyNZkdWRNZG1kXWR9Qp88d2hL+lL+ai/2Zf2t/gEX8aX9eW88+V9oq/gK/pbfSV/m6/sb/dV/B2+qq/mq/tHfWvfxrf17Xx7/5jv4B/3HX0n39k/4bv4rr6bf9In+ad8d/+07+Gf8T39s76Xf8739s/7Pr6v7+df8P39i36AH+iT/SA/2A/xQ/0wP9yP8CP9S36Uf9mP9q/4FD/Gj/Wv+nH+NT/ev+4n+Il+kn/DT/ZT/FQ/zU/3M3yqf9PP9G/5Wf5tP9vP8XP9PJ/m5/sF/h2/0C/yi/27fol/zy/1y/xyv8Kn+/d9hl/pM/0HfpX/0Gf51X6NX+vX+fV+g9/oN/nNfovf6rf57X6H3+l3+Y/8br/H7/X7/H5/wB/0H/tD/hN/2H/qj/jP/FH/uT/mv/DH/Zc+23/lT/iv/Un/jT/lv/Wn/Xf+jD/rz/nv/Xn/g7/gL/pL/kd/2f/kr/if/dU/+Jm1en/mLXTGGGOMsf+PDPmd/YP+zXMKAMQv7Z+89wX2FMv+x/0SALYV/lt7mIjvEgGApwb2fujvW926ycnJvxybJSEotQwAIv9ygl/i1dAZukISdIKK/3Z8w0Tfy/Q7/UdvB8j/Dzkx8Gv8a/+f/wf9P/bEpIwq4aW4/6T/ZQAJpX7NyVmF/z1eDZ1zZgOdoNJ/0H+RDr8z/nxfpAJ0/IecWADomO9fx58Ij8PTkPRPRzLGGGOMMcYYY38zTFTv+Xvr55z1ebz6NScv/Br/3vqcMcYYY4wxxhhj196zffs9+VhSUqee3OAGN3JZo+t/csy1/svEGGOMMcYY+7P9etH/63P5ruWAGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxXOj/xTeNXes5MsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY9fa/woAAP//xvg1gg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400000002000000040000000e000000000000000000000000000052d1c73ef8367337838caccde9122b8fe9cb15f6734d45afb1d4b28067cc2573c6ded1ccf2a11f9b312387e0e08c55f2dc4afe714f2dab85f8ae4c67f20c0582b58029f90892a3a9a45c7e42db84c354ae2089802a1d114fae9eb60f354fdaa97782688167d8a7e759feb9f8833ae189e93c2f71"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
pipe(&(0x7f00000045c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
vmsplice(r7, &(0x7f00000003c0)=[{&(0x7f00000000c0)="17e4f3ca3c05", 0x6}, {&(0x7f0000000200)="abc46908b3df918fe61946b2a7d85cf473884b91c53b94d51db7a5918ed07847c392ee17a23d6fea6e8d3c0f5e15638daf629312107876c7f31ade70432bc5b43f642876bf7e04c45086b9b3695182eeff8243f87f8966baec1a670803eb8ca6b37342f9ea242f21e5726b6c501808457f85459c91ff1116eae79e54b5ec3544ebbb18ee617231e4bdb87424814565dfb6ebe0", 0x93}, {&(0x7f0000000b40)="db56b84884ffc02c06bd0f01587a681de55a4df7714790716dddda75831670014c811bd064f615db698adae8a7c5ece07759b81233530ed432985e4feebb5d4ca49dcb8c490c015a179acacef99f7da736180800000000000000ba12b327f6b79ea0d90605040d84453eff84443a09ab5eeba1586f85c1e383f8095573726b1bf117d96c91d1349f4951ead7fd07838c89e171c4bda933d8fc5c35ce2fcbc1c5bae12537482f023984c435e056b2e8a6613a841360d40172a17e494ae06d5af1305ffa1eb9cbcedd90b7de636015883d0d3473c4bdfd1fc7fe92dbdaeb7f7cb4da6723a595f62f88651699215680b1469d208d4179ede7b54cb5877e70f6035097d7bfc7b98298d4be0692b941cff240daa8b3c97a6c1802517abdd8991dea3d804eddc0d1d1d7bfd52a38d6f1862eb0ae476dfb9fb25cb8de962d6e195f0ba926c936", 0x143}, {&(0x7f0000000140)="d80a642bc17284b8945c0c21fcd2df4e9cf2a68e854560584ed04f62aebae0dab1e7c4", 0x23}, {&(0x7f00000004c0)="67df3baec1ce766316819b76b14295d4f969f2095747039d8a9e01159fc171d6ab964bc50f5d66ab6bcdefa298582348a01ac90b6ecd3001c769cf58704f758dae3ecd02919b7e1eebc643c57afec3b45811ab935a8f893220c7329def2702370b371c3966c553ce13a625dfddbe8bc98f220a9ff6ac6a09165c1273ac580916e65995994307bb", 0x87}, {&(0x7f00000002c0)="2b4f2c23cd72e5f8c27c5125a38cc74027abf1994ab65ba7ca4e64b9ab8b357454e5abb6d754f1318dd05531dce7560e6e7d95526c4358848e67345b32", 0x3d}], 0x6, 0x8)
r8 = socket$inet(0x2, 0x3, 0x7f)
bind$inet(r8, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_int(r8, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r6, 0x0, r8, 0x0, 0x8000, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x22, &(0x7f0000000480), 0xff, 0x451, &(0x7f0000000d00)="$eJzs281vVFUbAPDn3pkCL7zSioiCoFU0Nn60tKCycKPRxIUmJrrAZW0LqQzU0JoIabQag0tD4t64NPEvcOXKqCsTt7o3JEQbE9CNY+7MvW1nmCn9mDKV+f2SgXPmnrnnPD333DlzzkwAPWsw+yeJ+H9E/BIR/fVsY4HB+n83Fucn/lqcn0iiWn3j96RW7vri/ERRtHjdnjwzlEaknyR5JY1mL146O16pTF3I8yNz594dmb146enpc+Nnps5MnR87efLE8dHnnh17piNxZvFdP/TBzOGDr7x15bWJU1fe/uHrrL0HjtSPr4yjUwazwP+o1jQfe6zTlXXZP9XlOJNyt1vDWpUiIuuuvtr4749SLHdef7z8cVcbB2yp7J69s/3hhSpwB0ui2y0AuqN4o88+/xaP2zT12BauvVD/AJTFfSN/1I+UI83L9G1h/YMRcWrh7y+yRzStQ1RbrBsAAGzWt9n856lW8780DqwotzffGxqIiLsjYl9E3BMR+yPi3oha2fsi4v511t+8NXTz/DO9uqHA1iib/z2f7201zv+K2V8MlPLcXbX4+5LT05WpY/nfZCj6dmb50VYnL07x0s+ftat/5fwve2T1F3PB/CRXy00LdJPjc+OdmpRe+yjiULlV/MnSTkASEQcj4tD6Tr23SEw/8dXhdoVuHf8qOrDPVP0y4vF6/y9EU/yFZPX9yZFdUZk6NlJcFTf78afLr7erf1Pxd0DW/7sbr/+mEv1/Jiv3a2fXX8flXz9t+5myvMHrf0fyZm1Pd0f+3Pvjc3MXRiN2JK/W8g3Pjy2/tsgX5bP4h462Hv/78tdk8T8QEdlFfCQiHoyIh/K+ezgiHomIo6vE//2Lj77T7th26P/Jlve/pet/oLH/158onf3um3b1r+3+d6KWGsqfqd3/bqF9c3blJTZ6NQMAAMB/T1r7bnySDi+l03R4uP4d/v2xO63MzM49eXrmvfOT9e/QD0RfWqx09a9YDx1NFvIz1vNj+Vpxcfx4vm78eel/tfzwxExlssuxQ6/b02b8Z34rdbt1wJbzey3oXc3jP+1SO4Dbz/s/9C7jH3qX8Q+9q9X4/7Apby8A7kze/6F3Gf/Qu4x/6F3GP/Skzfyuf6sS5VV+vS+xXRKRbotmSLRIlDswurt8YwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQfwMAAP//EgHx+Q==")
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000001, &(0x7f0000000180)={[{@discard}, {@dax_never}, {@nobarrier}, {@max_batch_time={'max_batch_time', 0x3d, 0xaa83}}, {@discard}, {@journal_dev={'journal_dev', 0x3d, 0x100000000}}, {@test_dummy_encryption}]}, 0xfe, 0x26e, &(0x7f00000008c0)="$eJzs3TuIHGUAB/D/zO6aXLJo1EYQHyAienDETrGJjUJAQhARVIiI2EQSISbY3VrZWGhjo5LKJoid0VLSBBsfYBU1xdkIelh4WGixsjt35z1W7rxdZ8LN7wd7M8N8r5m7/zfDwewEaK0jSY4l6SSZT9JLUmwscG/1ObK6eXHu6qlkOHz6t2JcrtqurNU7nGSQ5JEkV8oip7vJhcvPL/1x7ckH3j7fu/+jy8/N1XqQq5aXrj+18uGJtz49/vCFr7/75USRY+lvOq7Z23QuV09it0hu+z86u0EU3aZHwG6cfOOT70e5vz3JfeP891Km+uW9c+6mK7089MG/1X3312/vrHOswOwNh73RNXAwBFqnTNJPUS4kqdbLcmGhuof/oXOofPXsudfnXzl7/szLTc9UwKz0k+tPfH7gs8Nb8v9zp8o/sH+N8v/MyUs/jtZXOk2PBqjFXdVilP/5FxcfjPxD68g/tNc/+e81PRSgZv10Xf+hpdz/Q3vtMv9FnWMC6uH6D/vY+r/1BhN3yz+0l/xDe8k/7Fenv9mpxMb8AwDtMjzQ9BPIQFOann8AAAAAAAAAAAAAAAAAAIDtLs5dPbX22bznvUd3rLy4t4eJv3w/WX48SXdS/53x+4iTg+Ofh34vRsXWFVW1qbxwz5QNTOnjhp++vvmnmTQzvGWPFb+6eyb979nimWTwZpKj3e62v7+D07d/6w77ey9N38d/sfXL/B97tt7+t/rrUrP9H7+WfDGaf45Omn/K3DFeTp5/+pn+zWmv/TllAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTm7wAAAP//17J3hA==")
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r9 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r9, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x9, 0xfffffffe, 0x0, "38cf32903bb9383bf7d600ae6dddfbd1ce5dffffffff5c9c000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df751905b9aafab4afaaf70aa3f6a004", "cba3d625780820d1cb060071038259ca171ce1a311ef97e4298d1e14ef01060000e9009600fdff00000000000000000000000000000000000400", "d300e6d6ae9ef30bffff004000", [0x8000000000000000, 0xfffffffffffffffc]})

8m58.873993068s ago: executing program 2 (id=351):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x1c0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
close(0xffffffffffffffff)
close(r0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
close(0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file0\x00', 0x81c0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x81c0, 0x0)

8m58.774579537s ago: executing program 2 (id=353):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x200000, 0x0)
close(r1)
close(r0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
close(0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file0\x00', 0x81c0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x81c0, 0x0)

8m58.74030221s ago: executing program 38 (id=353):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x200000, 0x0)
close(r1)
close(r0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
close(0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file0\x00', 0x81c0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x81c0, 0x0)

8m28.052667203s ago: executing program 1 (id=578):
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000100)={0x50}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_fscache}]}})
utime(&(0x7f0000000200)='./file0\x00', 0x0)
chown(&(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff)

8m27.991667569s ago: executing program 1 (id=579):
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_fscache}]}})
utime(&(0x7f0000000200)='./file0\x00', 0x0)

8m27.857360511s ago: executing program 1 (id=582):
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000240)=ANY=[], 0xfd14)

8m27.691365777s ago: executing program 1 (id=584):
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xa1000a, &(0x7f00000003c0)=ANY=[], 0x21, 0x150d, &(0x7f0000001180)="$eJzs3AuYjtX6MPD7Xms9DA29TXIY1lr3w5sGy5Akh4QckiTZkuSUEJokSUiMs6QhCTlOksMQksM0Jo3z+ZBzkiRNkoSEJOu7Zu/21967/f/39f/3fa7vP/fvup7rXff7PPd61pp73nmf9cz1vt/0Hlu/ZYM6zYkI/lvwbw/JABADACMB4HoACACgclzluJz9+SQm//dOwv5cD6Vd6xGwa4nrn7tx/XM3rn/uxvXP3bj+uRvXP3fj+uduXH/GcrNd84vdwFvu3fj+f27G7///g2SXn/bFlvI39fkDKQW4/rkav/5zN65/7sb1z924/rkb1z934/rnblx/xnKz//q9Y/7fwf+E7Vr//jHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYyx0u+V8pAPh7+1qPizHGGGOMMcYYY38en/daj4AxxhhjjDHGGGP/9yEIkKAggDyQF2IgH+SH6yAWCkBBuB4icAPEwY1QCG6CwlAEikIxiIfiUAI0GLBAEEJJKAVRuBlKwy2QAGWgLJQDB+UhESpARbgVKsFtUBluhypwB1SFalAdasCdUBPuglpQG+rA3VAX6kF9aAD3QEO4FxrBfdAY7ocm8AA0hQehGfwFmsND0AIehpbwCLSCR6E1tIG20A7a/5fyX4D+8CIMgIGQDINgMAyBoTAMhsMIGAkvwSh4GUbDK5ACY2AsvArj4DUYD6/DBJgIk+ANmAxTYCpMg+kwA1LhTZgJb8EseBtmwxyYC/MgDebDAngHFsIiWAzvwhJ4D5bCMlgOKyAd3ocMWAmZ8AGsgg8hC1bDGlgL62A9bICNsAk2wxbYCttgO+yAnbALPoLdsAf2wj7YDwfgIHwMh+ATOAyfwhH47A/mX/yX/D4ICChQoEKFeTAPxmAM5sf8GIuxWBALYgQjGIdxWAgLYWEsjEWxKMZjPJbAEmjQICFhSSyJUYxiaSyNCZiAZbEsOnSYiIlYEW/FSlgJK2NlrIJVsCpWw2pYA2tgTayJtbAW1sE6WBfrYn2sj/fgPXgvNsJG2BgbYxNsgk2xKTbDZtgcm2MLbIEtsSW2wlbYGltjW2yL7bE9dsAO2BE7YmfsjF2wC3bDbpiESdgdu2MP7IE9sSf2wl7YG3tjH+yLffEFfAFfxBdxINYVg3AwDsahOBSH4wgcgS/hKHwZX8ZXMAXH4Fh8FV/F2gBwASfgRJyEk7CmmIJTcRqSmIGpmIozcSbOwlk4G+fgHJyHaTgfF+ACXIiLcBG+i0vwPXwPl+EyXIHpmI4ZuBIzMRNX4UXMwtW4BtfiOlyP63AjbsKNuAW34hbcjttxJ+7Ej/Aj3IN7cB/uwwOoAPBj/AQ/wRQ8gkfwKB7FY3gMj+NxzMZsPIEn8CSexFN4Ck/jaTyDZ/EcnsXzeB4v4EW8hJfwMl7GK/hc/FctDpTZnAIihxJK5BF5RIyIEflFfhErYkVBUVBERETEiThRSBQShUVhUVQUFfEiXpQQJYQRRpAIRUlRUkRFVJQWpUWCSBBlRVnhhBOJIlFUFBVFJVFJVBa3iyriDlFVVBOdXA1RQ9QUnV0tUVvUEXVEXVFP1BcNRAPRUDQUjUQj0Vg0Fk1EE9FUPCiaiUE4HB8SOZVpKcZgKzEWW4s2oq1oJ17Dx0QHMR47ik6is3hCTMQJ2E10cEniKdFdTMUe4hkxDZ8VvcQM7C2eF31EX9FPvCD6i45ugBgoZuMgMVjMw6FimBguRoiFWE/kVKy+eEWkiDFirHhVrMDXxHjxupggJopJ4g0xWUwRU8U0MV3MEKniTTFTvCVmibfFbDFHzBXzRJqYLxaId8RCsUgsFu+KJeI9sVQsE8vFCpEu3hcZYqXIFB+IVeJDkSVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix1ip9glPhK7xR6xV+wT+8UBcVB8LA6JT8Rh8ak4Ij4TR8Xn4pj4QhwXX4ps8ZU4Ib4WJ8U34pT4VpwW34kz4qw4J74X58UP4oK4KC6JH8Vl8ZO4In4WV4UXIFEKKaWSgcwj88oYmU/ml9fJWFlAFpTXy4i8QcbJG2UheZMsLIvIorKYjJfFZQmppZFWkgxlSVlKRuXNsrS8RSbIMrKsLCedLC8TZQVZUd4qK8nbZGV5u6wi75BVZTVZXdaQd8qa8i5ZS9aWdeTdsq6sJ+vLBvIe2VDeKxvJ+2Rjeb9sIh+QTeWDspn8i2wuH5It5MOypXxEtpKPytayjWwr28n28jHZQT4uO8pOsrN8QnaRXWU3+aRMkk/J7vJp2UM+I3vKZ2Uv+ZzsLZ+XfWRf2U/+LK9KLwfIgTJZDpKD5RA5VA6Tw+UIOVK+JEfJl+Vo+YpMkWPkWPmqHCdfk+Pl63KCnCgnyTfkZDlFTpXT5HQ5Q6bKN+VM+ZacJd+Ws+UcOVfOk2lyvhz+S0+L/w/y3/o3+aP/evadcpf8SO6We+ReuU/ulwfkQXlQHpKH5GF5WB6RR+RReVQek8fkcXlcZstseUKekCflSXlKnpKn5Wl5Rp6VP8rv5Xn5g7wgL8qL8kd5WV6WV375GYBCJZRUSgUqj8qrYlQ+lV9dp2JVAVVQXa8i6gYVp25UhdRNqrAqooqqYipeFVcllFZGWUUqVCVVKRVVN+MvFxSqrCqnnCqvElWFP5KvSqtbVIIq80/5vze+9qq96qA6qI6qo+qsOqsuqovqprqpJJWkuqvuqofqoXqqnqqX6qV6q96qj+qj+ql+qr/qrwaoASpZJavBaogaqoap4WqEGqleUqPUKDVajVYpKkWNVWPVODVOjVfj1QQ1QU1Sk9RkNVlNVVPVdDVdpapUNVPNVLPULDVbzVZz1VyVptLUArVALVQL1WK1WC1RS9RStVQtV8tVukpXGSpDZapMtUqtUllqtVqt1qq1ar1arzaqjWqz2qy2qq1qu9qustQutUvtVrvVXrVX7Vf71UF1UB1Sh9RhdVgdUUfUUXVUHVPH1HF1XGWrbHVCnVAn1Ul1Sp1Sp9VpdUadUefUOXVenVcX1AV1SV1Sl9VldUVdUVfV1ZzLvkAEIlCBCvIEeYKYICbIH+QPYoPYoGBQMIgEkSAuiAsKBTcFhYMiQdGgWBAfFA9KBDowgQ0oCIOSQakgGtwclA5uCRKCMkHZoFzggvJBYlAhqBjcGlQKbgsqB7cHVYI7gqpBtaB6UCO4M6gZ3BXUCmoHdYK7g7pBvaB+0CC4J2gY3Bs0Cu4LGgf3B02CB4KmwYNBs+AvQfPgoaBF8HDQMngkaBU8GrQO2gRtg3ZB+z+1f+8vFHncDdADdbIepAfrIXqoHqaH6xF6pH5Jj9Iv69H6FZ2ix+ix+lU9Tr+mx+vX9QQ9UU/Sb+jJeoqeqqfp6XqGTtVv6pn6LT1Lv61n6zl6rp6n0/R8vUC/oxfqRXqxflcv0e/ppXqZXq5X6HT9vs7QK3Wm/kCv0h/qLL1ar9Fr9Tq9Xm/QG/UmvVlv0Vv1Nr1d79A79S79kd6t9+i9ep/erw/og/pjfUh/og/rT/UR/Zk+qj/Xx/QX+rj+Umfrr/QJ/bU+qb/Rp/S3+rT+Tp/RZ/U5/b0+r3/QF/RFfUn/qC/rn/QV/bO+qn3OxX3O27tRRpk8Jo+JMTEmv8lvYk2sKWgKmoiJmDgTZwqZQqawKWyKmqIm3sSbEqaEyUGGTElT0kRN1JQ2pU2CSTBlTVnjjDOJJtFUNBVNJVPJVDaVTRVTxVQ1VU11U93cae40d5m7TG1T29xt7jb1TD3TwDQwDU1D08g0Mo1NY9PENDFNTVPTzDQzzU1z08K0MC1NS9PKtDKtTWvT1rQ17U1708F0MB1NR9PZdDZdTBfTzXQzSSbJdDfdTQ/Tw/Q0PU0v08v0Nr1NH9PH9DP9TH/T3wwwA0yySTaDzWAz1Aw1w81wM9KMNKPMKDPajDYpJsWMNWPNODPOjDfjzQQz0Uwyb5jJZoqZaqaZ6WaGSTWpZqaZaWaZWWa2mW3mmrkmzaSZBWaBWWgWmsVmsVlilpilZqlZbpabdJNuMkyGyTSZZpVZZbJMlllj1ph1Zp3ZYDaYTWaT2WK2mG1mm9lhdphdZpfZbXabvWav2W/2m4PmoDlkDpnD5rA5Yo6Yo+aoRwBz3Bw32SbbnDAnzElz0pwyp8xpc9qcMWfMOXPOnDfnzQVzwVwyl8xl85O5Yn42V403MTafzW+vs7G2gC1or7f/Ghe1xWy8LW5LWG0L2yL/FBtrbYItY8v+fYlpK9iEmJzHctbZ8jbRVrBVbTVb3dawd9qa9i5b6zdxQ3uvbWTvs43t/baBveef4ib2AdvUPmKb2Udtc9vGtrDtbEv7iG1lH7WtbRvb1razXWxX280+aZPsU7a7ffo3cYZdaTfZzXaL3WoP2U/sJfujPWm/sZftT3aAHWhH2pfsKPuyHW1fsSl2zG/iSfYNO9lOsVPtNDvdzvhNPNfOs2l2vl1g37EL7aLfxOn2fbvEZtqldpldblf8Nc4ZU6b9wK6yH9osu9qusWvtOrvebrAb//dY19rtdofdaQ/aj+1uu8futfvsfnvgr3HOPA7bT+0R+5k9Yb+2x+wX9rg9ZbPtV3+Nc+Z3yn5rT9vv7Bl71p6z39vz9gd7wV7Mmb/Pmfv39md71XoLhCRIkqKA8lBeiqF8lJ+uo1gqQAXpeorQDRRHN1IhuokKUxEqSsUonopTCdJkyBJRSCWpFEXpZipNt1AClaGyVI4cladEqkAV6VaqRLdRZbqdqtAdVJWqUXWqQXdSTbqLalFtqkN3U12qR/WpAd1DDeleakT3UWO6n5rQA9SUHqRm9BdqTg9RC3qYWtIj1IoepdbUhtpSO2pPj1EHepw6UifqTE9QF+pK3ehJSqKnqDs9TT3oGepJz1Iveo560/PUh/pSP3qB+tOLNIAGUjINosE0hIbSMBpOI2gkvUSj6GUaTa9QCo2hsfQqjaPXaDy9ThNoIk2iN2gyTaGpNI2m0wxKpTdpJr1Fs+htmk1zaC7NozSaTwvoHVpIi2gxvUtL6D1aSstoOa2gdHqfMmglZdIHtIo+pCxaTWtoLa2j9bSBNtIm2kxbaCtto+20g3bSLvqIdtMe2kv7aD8doIP0MR2ifL+84D6jo/Q5HaMv6Dh9Sdn0FZ2gr+kkfUOn6Fs6Td/RGTpL5+h7Ok8/0AW6SJfoR7pMP9EV+pmukicIMRShDFUYhHnCvGFMmC/MH14XxoYFwoLh9WEkvCGMC28MC4U3hYXDImHRsFgYHxYPS4Q6NKENKQzDkmGpMBreHJYObwkTwjJh2bBc6MLyYWJYIawY3hpWCm8LK4e3h1XCO8KqYbXwkftrhHeGNcO7wlph7bBOeHdYN6wX1g8DAGgY3hs2Cu8LG4f3h5XCB8Km4YMh/PJ5lRbhw2HL8JGwVfho2DpsE7YN24Xtw8fCDuHjYcewU9g5fCLsEnYNu4VPhknhU2H38Onf3Z8cDgoHh0PCIaH398nl0RXR9Oj70Yzoymhm9IPoquiH0azo6uia6Nrouuj66Iboxuim6ObolujW6Lbo9uiO6M6o9w3ygkMnnHTKBS6Py+tiXD6X313nYl0BV9Bd7yLuBhfnbnSF3E2usCviirpiLt4VdyWcdsZZRy50JV0pF3U3u9LuFpfgyriyrpxzrrxLdO1ce9fedXCPu46uk+vsnnBPuK6uq3vSPemect3d066He8b1dM+6Xu4595x73vVxfV0/94Lr7150A9xAl+yS3WA32A11Q91wN9yNdCPdKDfKjXajXYpLcWPdWDfOjXPj3Xg3wU1wk9wkN9lNdlPdVDfdTXepLtXNdDPdLDfL5VRprpvr0lyaW+AWuIVuoVvsFrslCUvcUrfULXfLXbpLdxkuw2W6TLfKrXJZLsutcWvcOrfObXAb3Ca3yW1xW9w2t83tcDvcLrfL7Xa73V631+13+91Bd9AdcofcYXfYHXFH3FF31B1zx9xx96XLdl+5E+5rd9J94065b91p95074866c+57d9794C64i+6S+9Fddj+5K+5nd9V5lxp5MzIz8lZkVuTtyOzInMjcyLxIWmR+ZEHkncjCyKLI4si7kSWR9yJLI8siyyMrIumR9yMZkZWRzMgHkVWRDyNZkdWRNZG1kXWR9Qp88d2hL+lL+ai/2Zf2t/gEX8aX9eW88+V9oq/gK/pbfSV/m6/sb/dV/B2+qq/mq/tHfWvfxrf17Xx7/5jv4B/3HX0n39k/4bv4rr6bf9In+ad8d/+07+Gf8T39s76Xf8739s/7Pr6v7+df8P39i36AH+iT/SA/2A/xQ/0wP9yP8CP9S36Uf9mP9q/4FD/Gj/Wv+nH+NT/ev+4n+Il+kn/DT/ZT/FQ/zU/3M3yqf9PP9G/5Wf5tP9vP8XP9PJ/m5/sF/h2/0C/yi/27fol/zy/1y/xyv8Kn+/d9hl/pM/0HfpX/0Gf51X6NX+vX+fV+g9/oN/nNfovf6rf57X6H3+l3+Y/8br/H7/X7/H5/wB/0H/tD/hN/2H/qj/jP/FH/uT/mv/DH/Zc+23/lT/iv/Un/jT/lv/Wn/Xf+jD/rz/nv/Xn/g7/gL/pL/kd/2f/kr/if/dU/+Jm1en/mLXTGGGOMsf+PDPmd/YP+zXMKAMQv7Z+89wX2FMv+x/0SALYV/lt7mIjvEgGApwb2fujvW926ycnJvxybJSEotQwAIv9ygl/i1dAZukISdIKK/3Z8w0Tfy/Q7/UdvB8j/Dzkx8Gv8a/+f/wf9P/bEpIwq4aW4/6T/ZQAJpX7NyVmF/z1eDZ1zZgOdoNJ/0H+RDr8z/nxfpAJ0/IecWADomO9fx58Ij8PTkPRPRzLGGGOMMcYYY38zTFTv+Xvr55z1ebz6NScv/Br/3vqcMcYYY4wxxhhj196zffs9+VhSUqee3OAGN3JZo+t/csy1/svEGGOMMcYY+7P9etH/63P5ruWAGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxXOj/xTeNXes5MsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY9fa/woAAP//xvg1gg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400000002000000040000000e000000000000000000000000000052d1c73ef8367337838caccde9122b8fe9cb15f6734d45afb1d4b28067cc2573c6ded1ccf2a11f9b312387e0e08c55f2dc4afe714f2dab85f8ae4c67f20c0582b58029f90892a3a9a45c7e42db84c354ae2089802a1d114fae9eb60f354fdaa97782688167d8a7e759feb9f8833ae189e93c2f71"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
pipe(&(0x7f00000045c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
vmsplice(r7, &(0x7f00000003c0)=[{&(0x7f00000000c0)="17e4f3ca3c05", 0x6}, {&(0x7f0000000200)="abc46908b3df918fe61946b2a7d85cf473884b91c53b94d51db7a5918ed07847c392ee17a23d6fea6e8d3c0f5e15638daf629312107876c7f31ade70432bc5b43f642876bf7e04c45086b9b3695182eeff8243f87f8966baec1a670803eb8ca6b37342f9ea242f21e5726b6c501808457f85459c91ff1116eae79e54b5ec3544ebbb18ee617231e4bdb87424814565dfb6ebe0", 0x93}, {&(0x7f0000000b40)="db56b84884ffc02c06bd0f01587a681de55a4df7714790716dddda75831670014c811bd064f615db698adae8a7c5ece07759b81233530ed432985e4feebb5d4ca49dcb8c490c015a179acacef99f7da736180800000000000000ba12b327f6b79ea0d90605040d84453eff84443a09ab5eeba1586f85c1e383f8095573726b1bf117d96c91d1349f4951ead7fd07838c89e171c4bda933d8fc5c35ce2fcbc1c5bae12537482f023984c435e056b2e8a6613a841360d40172a17e494ae06d5af1305ffa1eb9cbcedd90b7de636015883d0d3473c4bdfd1fc7fe92dbdaeb7f7cb4da6723a595f62f88651699215680b1469d208d4179ede7b54cb5877e70f6035097d7bfc7b98298d4be0692b941cff240daa8b3c97a6c1802517abdd8991dea3d804eddc0d1d1d7bfd52a38d6f1862eb0ae476dfb9fb25cb8de962d6e195f0ba926c936", 0x143}, {&(0x7f0000000140)="d80a642bc17284b8945c0c21fcd2df4e9cf2a68e854560584ed04f62aebae0dab1e7c4", 0x23}, {&(0x7f00000004c0)="67df3baec1ce766316819b76b14295d4f969f2095747039d8a9e01159fc171d6ab964bc50f5d66ab6bcdefa298582348a01ac90b6ecd3001c769cf58704f758dae3ecd02919b7e1eebc643c57afec3b45811ab935a8f893220c7329def2702370b371c3966c553ce13a625dfddbe8bc98f220a9ff6ac6a09165c1273ac580916e65995994307bb", 0x87}, {&(0x7f00000002c0)="2b4f2c23cd72e5f8c27c5125a38cc74027abf1994ab65ba7ca4e64b9ab8b357454e5abb6d754f1318dd05531dce7560e6e7d95526c4358848e67345b32", 0x3d}], 0x6, 0x8)
r8 = socket$inet(0x2, 0x3, 0x7f)
bind$inet(r8, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_int(r8, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r6, 0x0, r8, 0x0, 0x8000, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x22, &(0x7f0000000480), 0xff, 0x451, &(0x7f0000000d00)="$eJzs281vVFUbAPDn3pkCL7zSioiCoFU0Nn60tKCycKPRxIUmJrrAZW0LqQzU0JoIabQag0tD4t64NPEvcOXKqCsTt7o3JEQbE9CNY+7MvW1nmCn9mDKV+f2SgXPmnrnnPD333DlzzkwAPWsw+yeJ+H9E/BIR/fVsY4HB+n83Fucn/lqcn0iiWn3j96RW7vri/ERRtHjdnjwzlEaknyR5JY1mL146O16pTF3I8yNz594dmb146enpc+Nnps5MnR87efLE8dHnnh17piNxZvFdP/TBzOGDr7x15bWJU1fe/uHrrL0HjtSPr4yjUwazwP+o1jQfe6zTlXXZP9XlOJNyt1vDWpUiIuuuvtr4749SLHdef7z8cVcbB2yp7J69s/3hhSpwB0ui2y0AuqN4o88+/xaP2zT12BauvVD/AJTFfSN/1I+UI83L9G1h/YMRcWrh7y+yRzStQ1RbrBsAAGzWt9n856lW8780DqwotzffGxqIiLsjYl9E3BMR+yPi3oha2fsi4v511t+8NXTz/DO9uqHA1iib/z2f7201zv+K2V8MlPLcXbX4+5LT05WpY/nfZCj6dmb50VYnL07x0s+ftat/5fwve2T1F3PB/CRXy00LdJPjc+OdmpRe+yjiULlV/MnSTkASEQcj4tD6Tr23SEw/8dXhdoVuHf8qOrDPVP0y4vF6/y9EU/yFZPX9yZFdUZk6NlJcFTf78afLr7erf1Pxd0DW/7sbr/+mEv1/Jiv3a2fXX8flXz9t+5myvMHrf0fyZm1Pd0f+3Pvjc3MXRiN2JK/W8g3Pjy2/tsgX5bP4h462Hv/78tdk8T8QEdlFfCQiHoyIh/K+ezgiHomIo6vE//2Lj77T7th26P/Jlve/pet/oLH/158onf3um3b1r+3+d6KWGsqfqd3/bqF9c3blJTZ6NQMAAMB/T1r7bnySDi+l03R4uP4d/v2xO63MzM49eXrmvfOT9e/QD0RfWqx09a9YDx1NFvIz1vNj+Vpxcfx4vm78eel/tfzwxExlssuxQ6/b02b8Z34rdbt1wJbzey3oXc3jP+1SO4Dbz/s/9C7jH3qX8Q+9q9X4/7Apby8A7kze/6F3Gf/Qu4x/6F3GP/Skzfyuf6sS5VV+vS+xXRKRbotmSLRIlDswurt8YwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQfwMAAP//EgHx+Q==")
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000001, &(0x7f0000000180)={[{@discard}, {@dax_never}, {@nobarrier}, {@max_batch_time={'max_batch_time', 0x3d, 0xaa83}}, {@discard}, {@journal_dev={'journal_dev', 0x3d, 0x100000000}}, {@test_dummy_encryption}]}, 0xfe, 0x26e, &(0x7f00000008c0)="$eJzs3TuIHGUAB/D/zO6aXLJo1EYQHyAienDETrGJjUJAQhARVIiI2EQSISbY3VrZWGhjo5LKJoid0VLSBBsfYBU1xdkIelh4WGixsjt35z1W7rxdZ8LN7wd7M8N8r5m7/zfDwewEaK0jSY4l6SSZT9JLUmwscG/1ObK6eXHu6qlkOHz6t2JcrtqurNU7nGSQ5JEkV8oip7vJhcvPL/1x7ckH3j7fu/+jy8/N1XqQq5aXrj+18uGJtz49/vCFr7/75USRY+lvOq7Z23QuV09it0hu+z86u0EU3aZHwG6cfOOT70e5vz3JfeP891Km+uW9c+6mK7089MG/1X3312/vrHOswOwNh73RNXAwBFqnTNJPUS4kqdbLcmGhuof/oXOofPXsudfnXzl7/szLTc9UwKz0k+tPfH7gs8Nb8v9zp8o/sH+N8v/MyUs/jtZXOk2PBqjFXdVilP/5FxcfjPxD68g/tNc/+e81PRSgZv10Xf+hpdz/Q3vtMv9FnWMC6uH6D/vY+r/1BhN3yz+0l/xDe8k/7Fenv9mpxMb8AwDtMjzQ9BPIQFOann8AAAAAAAAAAAAAAAAAAIDtLs5dPbX22bznvUd3rLy4t4eJv3w/WX48SXdS/53x+4iTg+Ofh34vRsXWFVW1qbxwz5QNTOnjhp++vvmnmTQzvGWPFb+6eyb979nimWTwZpKj3e62v7+D07d/6w77ey9N38d/sfXL/B97tt7+t/rrUrP9H7+WfDGaf45Omn/K3DFeTp5/+pn+zWmv/TllAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTm7wAAAP//17J3hA==")
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r9 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r9, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x9, 0xfffffffe, 0x0, "38cf32903bb9383bf7d600ae6dddfbd1ce5dffffffff5c9c000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df751905b9aafab4afaaf70aa3f6a004", "cba3d625780820d1cb060071038259ca171ce1a311ef97e4298d1e14ef01060000e9009600fdff00000000000000000000000000000000000400", "d300e6d6ae9ef30bffff004000", [0x8000000000000000, 0xfffffffffffffffc]})

8m26.626443447s ago: executing program 1 (id=590):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000006feaaa"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c00)={0x1, 0x0, [{0x0, 0xaf, &(0x7f00000007c0)=""/175}]})
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f00000005c0)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/68, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000480)=""/83, &(0x7f00000001c0)=""/72})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000004, 0x28011, r3, 0x0)

8m26.221117785s ago: executing program 1 (id=592):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c00)={0x1, 0x0, [{0x0, 0xaf, &(0x7f00000007c0)=""/175}]})
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f00000005c0)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/68, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000480)=""/83, &(0x7f00000001c0)=""/72})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000004, 0x28011, r3, 0x0)

8m26.220752095s ago: executing program 39 (id=592):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c00)={0x1, 0x0, [{0x0, 0xaf, &(0x7f00000007c0)=""/175}]})
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f00000005c0)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/68, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000480)=""/83, &(0x7f00000001c0)=""/72})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000004, 0x28011, r3, 0x0)

21.052501053s ago: executing program 6 (id=3184):
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', <r1=>0x0})
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'syz_tun\x00', <r3=>0x0})
bind$packet(r2, &(0x7f0000000080)={0x11, 0x800, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)
bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08"], 0x0)

21.052363072s ago: executing program 6 (id=3185):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0xe)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MTU={0x8, 0x4, 0x1}]}, 0x4c}}, 0x0)

21.041515683s ago: executing program 6 (id=3186):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xb1, 0xbd, 0x2f, 0x8, 0x47d, 0x5003, 0x2f8c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x58, 0xb7}}]}}]}}, 0x0)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010102000000406d060000000001"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="0000f50000000341e9", @ANYRES8, @ANYRES16=r0], 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

18.004052529s ago: executing program 6 (id=3221):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0\x00')

17.972804631s ago: executing program 6 (id=3226):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f3, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000340)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x89, 0x0, @rand_addr, @private}}}})

17.809953597s ago: executing program 6 (id=3228):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x308800, 0x800}, 0x20)

17.572671819s ago: executing program 40 (id=3228):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x308800, 0x800}, 0x20)

5.817840854s ago: executing program 5 (id=3355):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000280), 0x0, 0x0, 0x0, r3)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r3)
add_key(&(0x7f0000001580)='asymmetric\x00', 0x0, &(0x7f0000000300)="303e30000000000002d190c937dc6914243b0402d6dcb7154fe6727ae888746b024ee670a5882a0ad79716bb4e5704b7f62edac751478af9c62f000000000000", 0x40, r4)

4.196290996s ago: executing program 5 (id=3358):
r0 = syz_open_procfs(0x0, &(0x7f00000021c0)='maps\x00')
read$char_usb(r0, 0x0, 0x0)

4.157485119s ago: executing program 5 (id=3362):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000980)={0x40, 0x7, 0x1, "e4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000180)={0x40, 0x12, 0x1, "b4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

1.901752211s ago: executing program 7 (id=3380):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0x0, 0xffffffffffffffff, 0x0, 0x65, 0xfffffffffffffffe}, 0x30)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)

1.901586871s ago: executing program 3 (id=3381):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
write(r2, &(0x7f0000000300)='(', 0x1)
write$uinput_user_dev(r2, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x86, 0xc95a, 0x3, 0x3, 0x80, 0x2, 0x1, 0x7f, 0x5, 0x4d, 0xfffffff2, 0x2, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x3, 0x24, 0xffffffff, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x3, 0x5, 0x3c, 0x8f, 0x5, 0x6, 0x3, 0x5, 0x8, 0x3, 0x0, 0x80, 0x0, 0x5, 0xfffffff7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf6, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x9, 0x2f, 0xe, 0x101, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x8000, 0x800009, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0xffff, 0x9, 0x5f31, 0x0, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x2, 0x0, 0x1, 0x7ffc, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x4, 0x7, 0x7, 0x6, 0xb, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x6, 0x7fff, 0x0, 0x6, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1f0, 0x5, 0x8, 0x86, 0x8, 0x10000009, 0x3e7, 0x2, 0x2, 0x202, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x25, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x7, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x3, 0x400000, 0xfffffff9, 0x1, 0x1, 0x5, 0x1, 0x5, 0x0, 0x120000, 0x3, 0x6, 0x9, 0x5, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x2, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x7, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x805, 0x8, 0xc8, 0xca2, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x80000009, 0x1, 0x6c1b, 0x0, 0x4, 0x8, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1f, 0x1}}, 0x3c)

1.891928732s ago: executing program 7 (id=3382):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0x54}}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000094"])
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r1, 0xae9a)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x3, 0x0, 0x4, 0x0, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x0, 0x1000})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

1.884336963s ago: executing program 3 (id=3383):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x300, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {}, {}, {}, {0x16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000001980)={0xa, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3245078b089b3b0838651a0890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b343b0d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000003a000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000018000000400000000000000002000000"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x951, @void, @value}, 0x94)
sendmmsg$inet(r0, &(0x7f0000000380)=[{{&(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10, 0x0}}], 0x1, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r6 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r6, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
linkat(r5, &(0x7f0000000740)='./file1\x00', r6, &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000400)={0x1c, 0x0, 0xc01, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x40000)
sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x3ed, 0x700, 0x70bd2d, 0x25dfdbfb, {0x1}}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x4010)
socket$nl_route(0x10, 0x3, 0x0)

1.845163527s ago: executing program 9 (id=3384):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
socket$netlink(0x10, 0x3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)

1.845074977s ago: executing program 7 (id=3385):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x380000, @rand_addr=' \x01\x00'}, 0x1c)

1.844805657s ago: executing program 7 (id=3386):
unshare(0x400)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)

1.81141438s ago: executing program 7 (id=3387):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x90)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c0bb326635000800000f300f0f1c9af26dbaa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x4b}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x400a894)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.80970479s ago: executing program 3 (id=3388):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x0, &(0x7f0000a00000/0x600000)=nil)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x12, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000056f7eb591963b065e9c646467041a9cf26b5ff30879e82328ddd2caf5f69906361fb9a7f6587aaae1833df40777ccb96c028b66b2d8d3e3a47da90c625c9d4df5742476f6a2f38ad02dc89ee587fcba52d7374549a4e37937af77c3e2b055c58585bb5ae3a0bda5bc94515bc2cb45151ece89169fd9eabd629d36c35f37fcb1066"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x25)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r7, 0x5403, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x400, &(0x7f0000000180)=ANY=[], 0xfd, 0x274, &(0x7f0000000500)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KDSKBENT(r7, 0x4b47, &(0x7f00000001c0)={0xb, 0x38, 0x9})
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, 0x0)
ioctl$UFFDIO_ZEROPAGE(r8, 0xc018aa06, &(0x7f0000000100)={{&(0x7f000040a000/0x2000)=nil, 0x2000}})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local})
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0xfffffffe}}, 0x2e)

1.797908291s ago: executing program 7 (id=3389):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e09d7040460a2196324f01020301090224000100000000090400000206d3450009050102100000000009058b0240"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000f40)={0x84, &(0x7f00000009c0)={0x20, 0x0, 0x7, "4e20b403dbfd7b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000e00)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.033785803s ago: executing program 9 (id=3392):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r1=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000001000080000000000506000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x19, &(0x7f0000000080)=""/25, 0x0, 0x0, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x94)

1.026993524s ago: executing program 9 (id=3393):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000340)=0xa, 0x4)

966.091249ms ago: executing program 9 (id=3394):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000340)={0x0, 0x0})

916.102454ms ago: executing program 5 (id=3398):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r3, @ANYBLOB="080001"], 0x40}}, 0x0)

915.709794ms ago: executing program 3 (id=3399):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000004cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000014", @ANYRES32=r1], 0x30, 0x40400d1}}], 0x1, 0x10)

895.358906ms ago: executing program 5 (id=3400):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="030600000000fbdbdf255200000008000300", @ANYRES32=r2], 0x4c}}, 0x0)

894.771826ms ago: executing program 9 (id=3401):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0x6, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x2, 0x2, 0xf, 0x7}, {0x5, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
kcmp(r1, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000001e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r7, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r8, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
getpeername(r7, 0x0, &(0x7f00000000c0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'lo\x00', <r10=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x3c}}, 0x0)

846.023221ms ago: executing program 8 (id=3402):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000010850000006d00000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a40)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

845.93152ms ago: executing program 8 (id=3403):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000001040)='n_', 0x2}], 0x1, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
splice(r0, 0x0, r2, 0x0, 0xfdef, 0x0)

833.721122ms ago: executing program 8 (id=3404):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)=ANY=[@ANYBLOB="18030000120001000000000000000000100000000c0000000000000000000000f70236"], 0x318}], 0x1}, 0x0)

807.541884ms ago: executing program 3 (id=3405):
mount_setattr(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x1800, &(0x7f0000000000)={0xb, 0x0, 0x20000}, 0x20)

807.437524ms ago: executing program 5 (id=3406):
r0 = io_uring_setup(0x70c3, &(0x7f0000000180))
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

789.383886ms ago: executing program 8 (id=3407):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0x54}}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000094"])
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r1, 0xae9a)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x3, 0x0, 0x4, 0x0, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x0, 0x1000})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

726.534822ms ago: executing program 3 (id=3408):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000980)={0x40, 0x7, 0x1, "e4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000180)={0x40, 0x12, 0x2, "b47c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

726.337662ms ago: executing program 8 (id=3409):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
timer_create(0x3, 0x0, &(0x7f00009b1ffc)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000040), &(0x7f0000000080))

726.205672ms ago: executing program 8 (id=3410):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./bus\x00', 0x14542, &(0x7f0000000240)=ANY=[], 0x1, 0x1222, &(0x7f0000001580)="$eJzs3E9rHGUcB/Bf18TE1PxRa7U96INePA1NDnpRJEgKkgWldoVWEKZmosuOuyGzBLaIsSevvg7x6E0Q30AuvgZvuXjsQRzpbNLUmlbEJuufz+ew84Pn+e7zDLMMPMM8u//6V5/2NqtsMx9G68yZaG1FpNtpNqIVEVHf+XhhPRrXrq+vtttrV1K6vHp1+dWU0sKL33/w2Tcv/TA8+/63C9/NxN7Sh/s/r/y0d37vwv6vVz/pVqlbpf5gmPJ0YzAY5jfKIm10q16W0rtlkVdF6varYvt37ZvlYGtrlPL+xvzc1nZRVSnvj1KvGKXhIA23Ryn/OO/2U5ZlaX4ueKDpP+/S+fp2XdcRdT0dj0dd1/UTMRdn48mYj4X4IiKeiqfjmTgXz8b5eC6ejwtNr9OYPgAAAAAAAAAAAAAAAAAAAPx/PGz//2Is2f8PAAAAAAAAAAAAAAAAAAAAp+C9a9fXV9vttSspzUaUX+50djrj47j91mHHS7EYv0Sz+39sXF9+u712KTWW4la5e5Df3ek81sRWN6MbZRSx3PydwEF+qmk7zC+P8+koH7s7nZmYuze/Eotx7vjxV/6Qv3OcjVdeviefxWL8+FEMooyNZuyj/OfLKb31Tvu+/MWmHwAAAPwXZOmuY9fvWfag9nH+7vr6uOcDb0TE0fOB+9bXU3FxarLnTkQ1utnLy7LYrkY3W4dFL589LMp/cfHapEZvndA3t+KRT3U6/lZ85uBn9E+43IpHWjz0tpFO5ebEiTu66JOeCQAAAAAAAAAAAH/FCb9FOBXHvFn25mROFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5jB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQwUAAP//2C/Elw==")
r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYRES64=r0], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0x1008801, &(0x7f0000005ac0)=ANY=[], 0x1, 0x1e5, &(0x7f0000000700)="$eJzsmbGLE0EUxr+Z3UvOQxQbCxsLDzzR2+xuVK654gRLQbgTtQzeekQ3iSQrJAHBYGNjaSHY+g9YWKSysLOz1UIFwcKU1iMzO9mdZLOauBbBez/I7DezM2/mvd18zYIgiEPL1y8/Pz+7srV3AcBRrKOsx79b6RxuzP/04uH559tXX77++Opd89ij4XQ8BkCI+fe3AbzdsYDHx1VfiMnV6/q6B57oG+A4p/VNMDjjs4p0dQCG23r4nqFbR7QIA3anFe7frYeBKxtPNr5sqoCYON9owLAPYFVvwYzzdXr9+7UQaMciDMZiRYz3ydxaVPypfqMdjm2jBPJ53Xr6ZCD7jh53jfp54PC0roJhV+stlOE4TloSI/9TdhrfyuRfMEkUr9FMcWLzHwf8fwUr+AQBLEEW8wk2PSL/0MnIydHwfXbVt2U5/F8IZVwAMrc+rIXhtQKRS9oEcl+J2D+YDZw1/MmGnfhHJWo8qHR6/c16o3YQHARN369edi+67iW/oowobn/jf6vKn9aM+Cs5c0ushG4titpeF4jaXtL349Zw3N03rR9qDVf+x7FxJo4hXxWVdnn2Hkz/uLpKtWHlHp4gCIIgCIIgCIIgCIIgCGIhToPFH8LiD1UiB/+6mv0rAAD//90/aw8=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
tkill(0x0, 0x41)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f0000000080)={0x0, 0x200002000001, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x2401})

0s ago: executing program 9 (id=3411):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000a80)={0x4c, 0x0, &(0x7f0000000940)=[@transaction_sg={0x400c6313, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x1000000000000, 0x0})

kernel console output (not intermixed with test programs):


[  555.305078][T11292] attempt to access beyond end of device
[  555.305078][T11292] loop3: rw=2049, want=41008, limit=40427
[  555.326564][   T30] audit: type=1326 audit(1730830954.548:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11449 comm="syz.6.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  555.387728][   T30] audit: type=1326 audit(1730830954.708:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11461 comm="syz.6.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  555.425589][  T495] attempt to access beyond end of device
[  555.425589][  T495] loop7: rw=2049, want=41008, limit=40427
[  555.445168][   T30] audit: type=1326 audit(1730830954.708:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11461 comm="syz.6.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  555.480042][   T30] audit: type=1326 audit(1730830954.708:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11461 comm="syz.6.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  555.548845][   T30] audit: type=1326 audit(1730830954.708:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11461 comm="syz.6.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  555.959049][   T30] audit: type=1326 audit(1730830954.708:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11461 comm="syz.6.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  555.988503][   T30] audit: type=1326 audit(1730830954.738:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11461 comm="syz.6.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  556.023805][   T30] audit: type=1326 audit(1730830954.738:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11461 comm="syz.6.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  556.036672][T11292] attempt to access beyond end of device
[  556.036672][T11292] loop9: rw=2049, want=41008, limit=40427
[  556.113334][   T30] audit: type=1326 audit(1730830954.738:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11461 comm="syz.6.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5e131c719 code=0x7ffc0000
[  556.700311][T11473] loop7: detected capacity change from 0 to 40427
[  556.758124][T11473] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  556.954935][T11473] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  557.029075][T11473] F2FS-fs (loop7): invalid crc value
[  557.041820][T11473] F2FS-fs (loop7): Found nat_bits in checkpoint
[  557.107109][T11473] F2FS-fs (loop7): Start checkpoint disabled!
[  557.126771][T11473] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  557.139860][T11473] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  557.217483][T11292] attempt to access beyond end of device
[  557.217483][T11292] loop8: rw=2049, want=41008, limit=40427
[  558.559575][T11503] futex_wake_op: syz.8.2659 tries to shift op by 32; fix this program
[  558.578131][  T495] attempt to access beyond end of device
[  558.578131][  T495] loop7: rw=2049, want=41008, limit=40427
[  559.242725][T11501] loop9: detected capacity change from 0 to 40427
[  559.603685][T11501] F2FS-fs (loop9): Insane cp_payload (553648128 >= 504)
[  559.610689][T11501] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  559.621354][T11501] F2FS-fs (loop9): invalid crc value
[  559.628889][T11501] F2FS-fs (loop9): Found nat_bits in checkpoint
[  559.731348][T11501] F2FS-fs (loop9): Start checkpoint disabled!
[  559.740375][T11501] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  559.750539][T11501] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  560.343468][   T30] kauditd_printk_skb: 209 callbacks suppressed
[  560.343485][   T30] audit: type=1326 audit(1730830959.498:1739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.361558][T11514] loop8: detected capacity change from 0 to 40427
[  560.377948][   T30] audit: type=1326 audit(1730830959.498:1740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.411763][   T30] audit: type=1326 audit(1730830959.498:1741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.440906][   T30] audit: type=1326 audit(1730830959.498:1742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.505649][   T30] audit: type=1326 audit(1730830959.558:1743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.520116][T11514] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[  560.544252][T11514] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  560.555337][   T30] audit: type=1326 audit(1730830959.558:1744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.582994][  T312] attempt to access beyond end of device
[  560.582994][  T312] loop9: rw=2049, want=45112, limit=40427
[  560.583456][   T30] audit: type=1326 audit(1730830959.658:1745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.620260][T11514] F2FS-fs (loop8): invalid crc value
[  560.627515][   T30] audit: type=1326 audit(1730830959.658:1746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.652220][   T30] audit: type=1326 audit(1730830959.658:1747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.676257][   T30] audit: type=1326 audit(1730830959.658:1748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11521 comm="syz.7.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  560.716680][T11514] F2FS-fs (loop8): Found nat_bits in checkpoint
[  560.791985][T11514] F2FS-fs (loop8): Start checkpoint disabled!
[  560.831705][T11534] futex_wake_op: syz.9.2668 tries to shift op by 32; fix this program
[  560.843113][T11514] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  560.851538][T11514] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  560.937466][T11526] loop3: detected capacity change from 0 to 40427
[  560.965546][T11526] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  561.917964][T11526] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  561.927522][T11526] F2FS-fs (loop3): invalid crc value
[  561.956654][T11547] futex_wake_op: syz.9.2672 tries to shift op by 32; fix this program
[  561.996242][  T495] attempt to access beyond end of device
[  561.996242][  T495] loop8: rw=2049, want=41008, limit=40427
[  562.008441][T11526] F2FS-fs (loop3): Found nat_bits in checkpoint
[  562.067475][T11526] F2FS-fs (loop3): Start checkpoint disabled!
[  562.084170][T11526] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  562.092396][T11526] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  562.915046][T11545] loop7: detected capacity change from 0 to 40427
[  562.948246][T11545] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  562.960782][T11545] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  562.978320][T11545] F2FS-fs (loop7): invalid crc value
[  563.000328][T11545] F2FS-fs (loop7): Found nat_bits in checkpoint
[  563.296304][T11545] F2FS-fs (loop7): Start checkpoint disabled!
[  563.316628][T11545] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  563.324005][T11545] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  563.406350][T11570] loop8: detected capacity change from 0 to 128
[  563.449877][T11559] loop6: detected capacity change from 0 to 40427
[  563.464301][T11570] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  563.474904][T11570] ext4 filesystem being mounted at /495/file0 supports timestamps until 2038 (0x7fffffff)
[  563.598562][T11559] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[  563.676268][T11559] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  563.789800][T11559] F2FS-fs (loop6): invalid crc value
[  563.816574][T11292] attempt to access beyond end of device
[  563.816574][T11292] loop7: rw=2049, want=41008, limit=40427
[  563.865157][T11559] F2FS-fs (loop6): Found nat_bits in checkpoint
[  563.897785][T11292] attempt to access beyond end of device
[  563.897785][T11292] loop3: rw=2049, want=41008, limit=40427
[  563.906543][T11559] F2FS-fs (loop6): Start checkpoint disabled!
[  564.165967][T11559] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  564.196341][T11559] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  564.292731][T11588] fuse: Bad value for 'rootmode'
[  565.534801][   T30] kauditd_printk_skb: 159 callbacks suppressed
[  565.534821][   T30] audit: type=1326 audit(1730830964.798:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11589 comm="syz.8.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  565.586864][T11603] futex_wake_op: syz.3.2681 tries to shift op by 32; fix this program
[  565.645865][   T30] audit: type=1326 audit(1730830964.798:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11589 comm="syz.8.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  565.660530][  T495] attempt to access beyond end of device
[  565.660530][  T495] loop6: rw=2049, want=41008, limit=40427
[  565.695912][   T30] audit: type=1326 audit(1730830964.828:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11584 comm="syz.7.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  565.735859][   T30] audit: type=1326 audit(1730830964.828:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11584 comm="syz.7.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5af5f8719 code=0x7ffc0000
[  566.968654][   T30] audit: type=1326 audit(1730830964.918:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11597 comm="syz.9.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  567.090436][   T30] audit: type=1326 audit(1730830964.918:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11597 comm="syz.9.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  567.185847][   T30] audit: type=1326 audit(1730830964.918:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11597 comm="syz.9.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  567.211168][T11613] loop9: detected capacity change from 0 to 128
[  567.214390][T11620] futex_wake_op: syz.6.2684 tries to shift op by 32; fix this program
[  567.223130][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.242810][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.260502][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.270584][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.280669][   T30] audit: type=1326 audit(1730830964.918:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11597 comm="syz.9.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  567.329756][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.345838][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.353190][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.360948][T11613] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  567.377212][T11613] ext4 filesystem being mounted at /515/file0 supports timestamps until 2038 (0x7fffffff)
[  567.444943][   T30] audit: type=1326 audit(1730830964.918:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11597 comm="syz.9.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  567.585534][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.593298][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.600615][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.608078][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.615464][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.622823][   T30] audit: type=1326 audit(1730830964.918:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11597 comm="syz.9.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  567.657649][T11601] loop8: detected capacity change from 0 to 40427
[  567.665201][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.685877][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.695531][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.711423][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.725388][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.733338][T11601] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[  567.740860][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.742221][T11601] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  567.754822][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.772247][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.780792][T11601] F2FS-fs (loop8): invalid crc value
[  567.787166][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.800932][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.809192][T11601] F2FS-fs (loop8): Found nat_bits in checkpoint
[  567.817177][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.831015][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.849759][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.860080][T11615] loop7: detected capacity change from 0 to 40427
[  567.866706][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.874351][ T1259] hid-generic 0000:0000:0000.0077: unknown main item tag 0x0
[  567.885198][T11601] F2FS-fs (loop8): Start checkpoint disabled!
[  567.892478][T11601] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  567.894241][ T1259] hid-generic 0000:0000:0000.0077: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  567.899628][T11601] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  567.917237][T11615] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  567.929289][T11615] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  567.953692][T11615] F2FS-fs (loop7): invalid crc value
[  568.029035][T11615] F2FS-fs (loop7): Found nat_bits in checkpoint
[  568.083953][T11615] F2FS-fs (loop7): Start checkpoint disabled!
[  568.411991][T11615] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  568.425069][  T312] attempt to access beyond end of device
[  568.425069][  T312] loop8: rw=2049, want=41008, limit=40427
[  568.426018][T11615] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  568.592523][T11636] loop3: detected capacity change from 0 to 40427
[  568.713291][T11636] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  568.738875][T11636] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  568.755409][T11636] F2FS-fs (loop3): invalid crc value
[  568.805541][T11636] F2FS-fs (loop3): Found nat_bits in checkpoint
[  568.853145][T11636] F2FS-fs (loop3): Start checkpoint disabled!
[  568.860148][T11636] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  568.867677][T11636] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  568.881721][  T312] attempt to access beyond end of device
[  568.881721][  T312] loop7: rw=2049, want=41008, limit=40427
[  569.246652][  T495] attempt to access beyond end of device
[  569.246652][  T495] loop3: rw=2049, want=45112, limit=40427
[  578.509218][T11656] futex_wake_op: syz.6.2690 tries to shift op by 32; fix this program
[  578.519685][T11663] futex_wake_op: syz.9.2693 tries to shift op by 32; fix this program
[  578.622093][T11664] loop7: detected capacity change from 0 to 128
[  578.798772][T11668] device syzkaller0 entered promiscuous mode
[  578.870634][T11664] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  578.881795][T11664] ext4 filesystem being mounted at /519/file0 supports timestamps until 2038 (0x7fffffff)
[  578.907017][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  578.907033][   T30] audit: type=1326 audit(1730830978.228:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.075584][   T30] audit: type=1326 audit(1730830978.268:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.226597][   T30] audit: type=1326 audit(1730830978.268:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.289224][   T30] audit: type=1326 audit(1730830978.268:1951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.365825][   T30] audit: type=1326 audit(1730830978.268:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.425828][   T30] audit: type=1326 audit(1730830978.278:1953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.495816][   T30] audit: type=1326 audit(1730830978.278:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.557284][   T30] audit: type=1326 audit(1730830978.278:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.607189][   T30] audit: type=1326 audit(1730830978.278:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.639789][T11682] loop8: detected capacity change from 0 to 40427
[  579.655490][   T30] audit: type=1326 audit(1730830978.278:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11676 comm="syz.9.2694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  579.706976][T11682] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[  579.713765][T11682] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  579.800638][T11682] F2FS-fs (loop8): invalid crc value
[  579.826867][T11682] F2FS-fs (loop8): Found nat_bits in checkpoint
[  579.852715][T11688] loop7: detected capacity change from 0 to 40427
[  579.880867][T11688] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  579.895814][T11688] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  579.916192][T11688] F2FS-fs (loop7): invalid crc value
[  579.923233][T11682] F2FS-fs (loop8): Start checkpoint disabled!
[  579.936613][T11688] F2FS-fs (loop7): Found nat_bits in checkpoint
[  579.952187][T11682] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  579.961291][T11682] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  580.008682][T11688] F2FS-fs (loop7): Start checkpoint disabled!
[  580.027029][T11688] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  580.034116][T11688] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  580.336595][T11693] loop6: detected capacity change from 0 to 40427
[  580.379998][  T495] attempt to access beyond end of device
[  580.379998][  T495] loop8: rw=2049, want=41008, limit=40427
[  580.400436][T11695] loop9: detected capacity change from 0 to 40427
[  580.436293][T11693] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[  580.443256][T11693] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  580.470668][T11695] F2FS-fs (loop9): Insane cp_payload (553648128 >= 504)
[  580.487627][T11695] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  580.498039][T11693] F2FS-fs (loop6): invalid crc value
[  580.528937][T11695] F2FS-fs (loop9): invalid crc value
[  580.535631][  T495] attempt to access beyond end of device
[  580.535631][  T495] loop7: rw=2049, want=41008, limit=40427
[  580.547628][T11695] F2FS-fs (loop9): Found nat_bits in checkpoint
[  580.556803][T11693] F2FS-fs (loop6): Found nat_bits in checkpoint
[  580.609509][T11695] F2FS-fs (loop9): Start checkpoint disabled!
[  580.648959][T11693] F2FS-fs (loop6): Start checkpoint disabled!
[  580.696182][T11695] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  580.703220][T11695] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  580.729840][T11693] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  580.736475][T11707] loop3: detected capacity change from 0 to 40427
[  580.746869][T11693] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  580.837318][T11707] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  580.912625][T11707] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  580.993093][T11723] futex_wake_op: syz.7.2702 tries to shift op by 32; fix this program
[  581.001813][T11707] F2FS-fs (loop3): invalid crc value
[  581.019276][T11707] F2FS-fs (loop3): Found nat_bits in checkpoint
[  581.071647][T11707] F2FS-fs (loop3): Start checkpoint disabled!
[  581.094270][T11707] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  581.101382][T11707] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  583.295539][ T1258] attempt to access beyond end of device
[  583.295539][ T1258] loop3: rw=2049, want=41008, limit=40427
[  583.307243][   T10] attempt to access beyond end of device
[  583.307243][   T10] loop6: rw=2049, want=41008, limit=40427
[  583.367530][T11740] loop7: detected capacity change from 0 to 128
[  583.646394][ T1258] attempt to access beyond end of device
[  583.646394][ T1258] loop9: rw=2049, want=40992, limit=40427
[  583.646654][T11740] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  583.687596][T11740] ext4 filesystem being mounted at /522/file0 supports timestamps until 2038 (0x7fffffff)
[  583.738481][T11747] device syzkaller0 entered promiscuous mode
[  584.059030][T11757] loop7: detected capacity change from 0 to 40427
[  584.113211][   T30] kauditd_printk_skb: 83 callbacks suppressed
[  584.113232][   T30] audit: type=1326 audit(1730830983.398:2041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11737 comm="syz.8.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  584.146837][   T30] audit: type=1326 audit(1730830983.398:2042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11737 comm="syz.8.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  584.239260][T11757] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  584.255878][T11757] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  584.264971][T11759] loop3: detected capacity change from 0 to 40427
[  584.275010][T11757] F2FS-fs (loop7): invalid crc value
[  584.302097][T11757] F2FS-fs (loop7): Found nat_bits in checkpoint
[  584.359131][T11759] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  584.367084][T11759] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  584.370787][T11757] F2FS-fs (loop7): Start checkpoint disabled!
[  584.386260][T11759] F2FS-fs (loop3): invalid crc value
[  584.402119][T11757] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  584.409208][T11757] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  584.416634][T11759] F2FS-fs (loop3): Found nat_bits in checkpoint
[  584.451047][T11770] futex_wake_op: syz.6.2712 tries to shift op by 32; fix this program
[  584.494940][T11762] loop8: detected capacity change from 0 to 40427
[  584.505064][T11759] F2FS-fs (loop3): Start checkpoint disabled!
[  584.512699][T11759] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  584.519927][T11759] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  584.554433][T11762] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[  584.561403][T11762] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  584.571105][T11762] F2FS-fs (loop8): invalid crc value
[  585.587732][T11779] loop9: detected capacity change from 0 to 128
[  585.598882][T11762] F2FS-fs (loop8): Found nat_bits in checkpoint
[  585.962779][T11762] F2FS-fs (loop8): Start checkpoint disabled!
[  585.969142][ T1258] attempt to access beyond end of device
[  585.969142][ T1258] loop7: rw=2049, want=41008, limit=40427
[  586.004012][T11762] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  586.011087][T11762] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  586.083338][ T1258] attempt to access beyond end of device
[  586.083338][ T1258] loop3: rw=2049, want=41008, limit=40427
[  586.095056][   T30] audit: type=1326 audit(1730830985.418:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11786 comm="syz.9.2716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  586.150269][   T30] audit: type=1326 audit(1730830985.458:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11786 comm="syz.9.2716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  586.939345][   T30] audit: type=1326 audit(1730830985.458:2045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11786 comm="syz.9.2716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  587.185843][   T30] audit: type=1326 audit(1730830985.458:2046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11786 comm="syz.9.2716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  587.216188][T11292] attempt to access beyond end of device
[  587.216188][T11292] loop8: rw=2049, want=41008, limit=40427
[  587.236433][T11796] loop9: detected capacity change from 0 to 128
[  587.252431][   T30] audit: type=1326 audit(1730830985.458:2047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11786 comm="syz.9.2716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  587.275997][   T30] audit: type=1326 audit(1730830985.468:2048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11786 comm="syz.9.2716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  587.300050][   T30] audit: type=1326 audit(1730830985.468:2049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11786 comm="syz.9.2716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  587.335835][   T30] audit: type=1326 audit(1730830985.468:2050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11786 comm="syz.9.2716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  587.376497][T11796] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  587.395978][T11796] ext4 filesystem being mounted at /522/file0 supports timestamps until 2038 (0x7fffffff)
[  587.799276][T11800] loop7: detected capacity change from 0 to 40427
[  587.802364][T11810] device syzkaller0 entered promiscuous mode
[  587.865960][T11800] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  587.874647][T11800] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  587.886569][T11800] F2FS-fs (loop7): invalid crc value
[  587.893552][T11800] F2FS-fs (loop7): Found nat_bits in checkpoint
[  587.942911][T11800] F2FS-fs (loop7): Start checkpoint disabled!
[  587.958330][T11800] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  587.965340][T11800] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  589.166666][   T30] kauditd_printk_skb: 89 callbacks suppressed
[  589.166684][   T30] audit: type=1326 audit(1730830987.328:2140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  589.226144][   T30] audit: type=1326 audit(1730830987.328:2141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  589.305499][   T30] audit: type=1326 audit(1730830987.748:2142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  589.382526][   T30] audit: type=1326 audit(1730830987.748:2143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  589.406762][   T30] audit: type=1326 audit(1730830987.748:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  589.430162][   T30] audit: type=1326 audit(1730830987.748:2145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  589.453596][   T30] audit: type=1326 audit(1730830987.748:2146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  589.989985][   T30] audit: type=1326 audit(1730830987.748:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  590.174070][ T1258] attempt to access beyond end of device
[  590.174070][ T1258] loop7: rw=2049, want=41008, limit=40427
[  590.197472][T11831] loop3: detected capacity change from 0 to 40427
[  590.203858][   T30] audit: type=1326 audit(1730830987.748:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11811 comm="syz.9.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  590.235812][   T30] audit: type=1326 audit(1730830988.298:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11801 comm="syz.3.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f667850f719 code=0x7ffc0000
[  590.327306][T11831] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  590.334090][T11831] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  590.493714][T11831] F2FS-fs (loop3): invalid crc value
[  590.560339][T11820] loop8: detected capacity change from 0 to 40427
[  590.591639][T11831] F2FS-fs (loop3): Found nat_bits in checkpoint
[  590.608290][T11844] loop7: detected capacity change from 0 to 128
[  590.623906][T11830] loop6: detected capacity change from 0 to 40427
[  590.635294][T11831] F2FS-fs (loop3): Start checkpoint disabled!
[  590.642170][T11831] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  590.649175][T11831] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  590.657519][T11830] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[  590.664570][T11830] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  590.676086][T11820] F2FS-fs (loop8): Insane cp_payload (553648128 >= 504)
[  590.682959][T11820] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  590.700124][T11830] F2FS-fs (loop6): invalid crc value
[  590.719016][T11820] F2FS-fs (loop8): invalid crc value
[  590.762602][T11820] F2FS-fs (loop8): Found nat_bits in checkpoint
[  590.769814][T11830] F2FS-fs (loop6): Found nat_bits in checkpoint
[  590.971437][T11830] F2FS-fs (loop6): Start checkpoint disabled!
[  591.094019][T11820] F2FS-fs (loop8): Start checkpoint disabled!
[  591.134455][   T10] attempt to access beyond end of device
[  591.134455][   T10] loop3: rw=2049, want=41008, limit=40427
[  591.196336][T11830] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  591.203304][T11830] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  593.171069][   T10] attempt to access beyond end of device
[  593.171069][   T10] loop6: rw=2049, want=41008, limit=40427
[  594.220645][   T30] kauditd_printk_skb: 134 callbacks suppressed
[  594.220666][   T30] audit: type=1326 audit(1730830993.488:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11869 comm="syz.8.2732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  594.275591][T11884] futex_wake_op: syz.8.2737 tries to shift op by 32; fix this program
[  594.362443][T11874] loop7: detected capacity change from 0 to 40427
[  594.386748][T11874] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  594.405446][T11874] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  594.429927][T11874] F2FS-fs (loop7): invalid crc value
[  594.605501][T11874] F2FS-fs (loop7): Found nat_bits in checkpoint
[  594.639374][   T30] audit: type=1326 audit(1730830993.488:2285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11869 comm="syz.8.2732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  594.739012][T11868] loop3: detected capacity change from 0 to 40427
[  594.752532][T11874] F2FS-fs (loop7): Start checkpoint disabled!
[  594.769827][T11874] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  594.777859][T11874] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  594.906190][T11868] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  594.923235][T11886] loop6: detected capacity change from 0 to 40427
[  594.929155][T11868] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  594.939414][T11868] F2FS-fs (loop3): invalid crc value
[  594.946416][T11868] F2FS-fs (loop3): Found nat_bits in checkpoint
[  594.958529][T11886] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[  594.967771][T11886] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  594.984926][T11886] F2FS-fs (loop6): invalid crc value
[  595.001347][T11886] F2FS-fs (loop6): Found nat_bits in checkpoint
[  595.258367][T11883] loop9: detected capacity change from 0 to 40427
[  595.267963][   T30] audit: type=1326 audit(1730830994.588:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.8.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  595.269059][T11292] attempt to access beyond end of device
[  595.269059][T11292] loop7: rw=2049, want=41008, limit=40427
[  595.307540][   T30] audit: type=1326 audit(1730830994.588:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.8.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  595.330418][T11886] F2FS-fs (loop6): Start checkpoint disabled!
[  595.355609][   T30] audit: type=1326 audit(1730830994.618:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.8.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  595.396818][   T30] audit: type=1326 audit(1730830994.618:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.8.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  595.428499][   T30] audit: type=1326 audit(1730830994.618:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.8.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  595.458175][   T30] audit: type=1326 audit(1730830994.618:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.8.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  595.472155][T11868] F2FS-fs (loop3): Start checkpoint disabled!
[  595.497062][T11886] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  595.498417][T11883] F2FS-fs (loop9): Insane cp_payload (553648128 >= 504)
[  595.515234][T11886] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  595.516296][   T30] audit: type=1326 audit(1730830994.618:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.8.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  595.556299][T11868] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  595.569312][T11883] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  595.588625][T11883] F2FS-fs (loop9): invalid crc value
[  595.594760][   T30] audit: type=1326 audit(1730830994.618:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.8.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d06037719 code=0x7ffc0000
[  595.630528][T11868] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  595.762472][T11883] F2FS-fs (loop9): Found nat_bits in checkpoint
[  595.870055][T11883] F2FS-fs (loop9): Start checkpoint disabled!
[  595.896116][T11883] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  596.237374][T11883] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  596.282999][T11915] loop8: detected capacity change from 0 to 512
[  596.334769][T11292] attempt to access beyond end of device
[  596.334769][T11292] loop3: rw=2049, want=41008, limit=40427
[  596.462489][T11915] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  596.481934][T11292] attempt to access beyond end of device
[  596.481934][T11292] loop6: rw=2049, want=40992, limit=40427
[  596.506854][T11915] EXT4-fs (loop8): 1 truncate cleaned up
[  596.515829][T11915] EXT4-fs (loop8): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,grpid,noblock_validity,,errors=continue. Quota mode: none.
[  596.862703][T11908] loop7: detected capacity change from 0 to 40427
[  596.900090][T11292] attempt to access beyond end of device
[  596.900090][T11292] loop9: rw=2049, want=41008, limit=40427
[  596.918648][T11908] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504)
[  597.025686][T11925] EXT4-fs error (device loop8): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.8.2742: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  597.336192][T11908] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  597.355336][T11908] F2FS-fs (loop7): invalid crc value
[  597.377107][T11908] F2FS-fs (loop7): Found nat_bits in checkpoint
[  597.484666][T11936] tipc: Started in network mode
[  597.491867][T11936] tipc: Node identity ffffffff, cluster identity 4711
[  597.500978][T11908] F2FS-fs (loop7): Start checkpoint disabled!
[  597.509452][T11908] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  597.514660][T11936] tipc: Node number set to 4294967295
[  597.518270][T11908] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  598.368750][ T1258] attempt to access beyond end of device
[  598.368750][ T1258] loop7: rw=2049, want=40992, limit=40427
[  598.456494][ T1258] bridge0: port 2(bridge_slave_1) entered disabled state
[  599.905516][T12000] device syzkaller0 entered promiscuous mode
[  600.155932][   T20] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  600.292466][   T30] kauditd_printk_skb: 65 callbacks suppressed
[  600.292482][   T30] audit: type=1400 audit(1730830999.608:2359): avc:  denied  { bind } for  pid=12024 comm="syz.7.2777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  600.293567][T12025] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2777'.
[  600.299829][   T30] audit: type=1400 audit(1730830999.608:2360): avc:  denied  { setopt } for  pid=12024 comm="syz.7.2777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  600.385626][T12033] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2781'.
[  600.395678][T12033] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2781'.
[  600.395894][   T20] usb 4-1: Using ep0 maxpacket: 8
[  600.428476][T12035] usb usb9: usbfs: process 12035 (syz.7.2782) did not claim interface 0 before use
[  600.525925][   T20] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  600.535702][   T20] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  600.547677][   T20] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  600.561855][   T20] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  600.579883][   T20] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  600.601140][   T20] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  600.616246][   T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.632715][T12043] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2786'.
[  600.643724][T12043] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2786'.
[  600.821921][   T30] audit: type=1400 audit(1730831000.138:2361): avc:  denied  { getopt } for  pid=12048 comm="syz.8.2788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  601.032786][   T30] audit: type=1400 audit(1730831000.348:2362): avc:  denied  { setopt } for  pid=12063 comm="syz.8.2795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  601.068378][T12068] 9pnet_virtio: no channels available for device syz
[  601.285966][   T30] audit: type=1400 audit(1730831000.608:2363): avc:  denied  { create } for  pid=12089 comm="syz.8.2807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  602.102517][T12143] binder: 12142:12143 ioctl 4018620d 0 returned -22
[  602.109483][T12143] binder: 12142:12143 ioctl c018620c 200001c0 returned -1
[  602.441579][   T30] audit: type=1400 audit(1730831001.758:2364): avc:  denied  { relabelfrom } for  pid=12162 comm="syz.7.2840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  602.462130][   T30] audit: type=1400 audit(1730831001.768:2365): avc:  denied  { relabelto } for  pid=12162 comm="syz.7.2840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  602.483080][   T30] audit: type=1400 audit(1730831001.768:2366): avc:  denied  { bind } for  pid=12164 comm="syz.6.2841" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  602.860652][ T9448] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  602.907833][  T358] usb 4-1: USB disconnect, device number 3
[  603.105006][T12223] x_tables: duplicate underflow at hook 3
[  603.165858][ T9448] usb 8-1: Using ep0 maxpacket: 8
[  603.215884][   T60] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  603.345881][  T358] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  603.395818][ T8816] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  603.468057][   T60] usb 10-1: Using ep0 maxpacket: 16
[  603.506413][ T9448] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  603.515966][ T9448] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.524553][ T9448] usb 8-1: Product: syz
[  603.528954][ T9448] usb 8-1: Manufacturer: syz
[  603.533390][ T9448] usb 8-1: SerialNumber: syz
[  603.547647][ T9448] usb 8-1: config 0 descriptor??
[  603.635916][ T8816] usb 9-1: Using ep0 maxpacket: 16
[  603.636083][   T60] usb 10-1: unable to get BOS descriptor or descriptor too short
[  603.723854][T12263] bridge0: port 1(bridge_slave_0) entered blocking state
[  603.730756][T12263] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.737713][  T358] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  603.738775][T12263] device bridge_slave_0 entered promiscuous mode
[  603.748141][   T60] usb 10-1: config 7 has an invalid interface number: 221 but max is 0
[  603.755889][ T8816] usb 9-1: config 25 has an invalid interface number: 105 but max is 0
[  603.762977][  T358] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  603.772670][T12263] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.784956][   T60] usb 10-1: config 7 has no interface number 0
[  603.784990][   T60] usb 10-1: config 7 interface 221 has no altsetting 0
[  603.795428][ T8816] usb 9-1: config 25 has an invalid descriptor of length 0, skipping remainder of the config
[  603.801538][  T358] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  603.810324][T12263] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.819016][  T358] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.828308][ T8816] usb 9-1: config 25 has no interface number 0
[  603.835804][T12263] device bridge_slave_1 entered promiscuous mode
[  603.855355][  T358] usb 4-1: config 0 descriptor??
[  603.893869][T12263] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.900914][T12263] bridge0: port 2(bridge_slave_1) entered forwarding state
[  603.908034][T12263] bridge0: port 1(bridge_slave_0) entered blocking state
[  603.914949][T12263] bridge0: port 1(bridge_slave_0) entered forwarding state
[  603.923639][  T358] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  603.942868][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  603.950996][ T1258] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.958403][ T1258] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.967432][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  603.976191][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  603.984822][ T1258] bridge0: port 1(bridge_slave_0) entered blocking state
[  603.993043][ T1258] bridge0: port 1(bridge_slave_0) entered forwarding state
[  603.995930][ T8816] usb 9-1: New USB device found, idVendor=0482, idProduct=08d3, bcdDevice= b.28
[  604.000769][   T60] usb 10-1: New USB device found, idVendor=03f0, idProduct=2101, bcdDevice=f2.6a
[  604.009890][ T8816] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.019219][   T60] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.034960][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  604.035901][ T8816] usb 9-1: Product: syz
[  604.043197][   T60] usb 10-1: Product: syz
[  604.047485][ T8816] usb 9-1: Manufacturer: syz
[  604.051156][   T60] usb 10-1: Manufacturer: syz
[  604.055668][ T8816] usb 9-1: SerialNumber: syz
[  604.061501][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  604.064704][   T60] usb 10-1: SerialNumber: syz
[  604.073062][ T1258] bridge0: port 2(bridge_slave_1) entered blocking state
[  604.084241][ T1258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  604.091833][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  604.099891][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  604.108599][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  604.116735][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  604.134709][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  604.143558][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  604.153588][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  604.162273][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  604.170318][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  604.178562][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  604.187187][T12263] device veth0_vlan entered promiscuous mode
[  604.196781][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  604.204941][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  604.214147][T12263] device veth1_macvtap entered promiscuous mode
[  604.223319][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  604.231036][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  604.239242][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  604.248643][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  604.256808][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  604.280292][   T30] audit: type=1400 audit(1730831003.598:2367): avc:  denied  { create } for  pid=12269 comm="syz.6.2886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  604.301238][   T30] audit: type=1400 audit(1730831003.598:2368): avc:  denied  { bind } for  pid=12269 comm="syz.6.2886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  604.331482][  T821] usb 9-1: USB disconnect, device number 3
[  604.409041][   T60] usb 10-1: USB disconnect, device number 3
[  604.870243][ T1259] usb 8-1: USB disconnect, device number 2
[  604.888331][ T1258] device bridge_slave_1 left promiscuous mode
[  604.901277][ T1258] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.913719][ T1258] device bridge_slave_0 left promiscuous mode
[  604.922410][ T1258] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.954412][ T1258] device veth1_macvtap left promiscuous mode
[  604.961042][ T1258] device veth0_vlan left promiscuous mode
[  605.156075][   T60] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  605.408569][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  605.408582][   T30] audit: type=1326 audit(1730831004.728:2373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.441501][   T30] audit: type=1326 audit(1730831004.728:2374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.466202][   T30] audit: type=1326 audit(1730831004.728:2375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.517547][   T30] audit: type=1326 audit(1730831004.728:2376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.543038][   T30] audit: type=1326 audit(1730831004.758:2377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.571413][   T30] audit: type=1326 audit(1730831004.758:2378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.600450][   T30] audit: type=1326 audit(1730831004.778:2379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.600640][   T60] usb 9-1: Using ep0 maxpacket: 32
[  605.625614][   T30] audit: type=1326 audit(1730831004.788:2380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.658875][   T30] audit: type=1326 audit(1730831004.788:2381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.690070][   T30] audit: type=1326 audit(1730831004.788:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12301 comm="syz.9.2897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f05788fa719 code=0x7ffc0000
[  605.836447][   T60] usb 9-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  605.860337][   T60] usb 9-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  605.870988][   T60] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.880579][   T60] usb 9-1: config 0 descriptor??
[  605.906128][T12283] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  605.936509][   T60] hub 9-1:0.0: bad descriptor, ignoring hub
[  605.944196][   T60] hub: probe of 9-1:0.0 failed with error -5
[  605.954710][   T60] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  605.980306][  T821] usb 4-1: USB disconnect, device number 4
[  606.040616][T12328] usb usb8: usbfs: process 12328 (syz.7.2907) did not claim interface 0 before use
[  606.427249][T12376] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2929'.
[  606.438574][T12376] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  606.461911][ T1259] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  606.605837][  T821] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  606.705861][ T1259] usb 8-1: Using ep0 maxpacket: 32
[  606.825884][ T1259] usb 8-1: config 0 has an invalid interface number: 83 but max is 0
[  606.834051][ T1259] usb 8-1: config 0 has no interface number 0
[  606.995913][  T821] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  606.995929][ T1259] usb 8-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=92.f7
[  606.995953][ T1259] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.006627][  T821] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  607.016228][ T1259] usb 8-1: Product: syz
[  607.026602][  T821] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  607.051630][  T821] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  607.051711][ T1259] usb 8-1: Manufacturer: syz
[  607.068540][ T1259] usb 8-1: SerialNumber: syz
[  607.079040][ T1259] usb 8-1: config 0 descriptor??
[  607.195966][  T821] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  607.205813][  T821] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  607.214163][  T821] usb 4-1: Product: syz
[  607.222529][  T821] usb 4-1: Manufacturer: syz
[  607.235034][T12395] netlink: 'syz.8.2936': attribute type 4 has an invalid length.
[  607.266346][  T821] cdc_wdm 4-1:1.0: skipping garbage
[  607.274358][  T821] cdc_wdm 4-1:1.0: skipping garbage
[  607.281904][  T821] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  607.326075][ T1259] usb 9-1: USB disconnect, device number 4
[  607.337542][  T821] usb 8-1: USB disconnect, device number 3
[  607.433615][T12409] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2942'.
[  607.444655][T12409] netlink: 36 bytes leftover after parsing attributes in process `syz.8.2942'.
[  607.459603][T12409] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.473851][ T8816] usb 4-1: USB disconnect, device number 5
[  607.615937][ T1259] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  607.742097][T12432] binder_alloc: 12431: binder_alloc_buf, no vma
[  607.855818][ T1259] usb 10-1: Using ep0 maxpacket: 16
[  607.975971][ T1259] usb 10-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping
[  608.036015][   T60] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  608.146035][ T1259] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  608.158247][ T1259] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.167421][ T1259] usb 10-1: Product: syz
[  608.172709][ T1259] usb 10-1: Manufacturer: syz
[  608.177648][ T1259] usb 10-1: SerialNumber: syz
[  608.183123][ T1259] usb 10-1: config 0 descriptor??
[  608.305856][   T60] usb 9-1: Using ep0 maxpacket: 16
[  608.405848][ T8816] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  608.435944][   T60] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  608.446294][   T60] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  608.456626][   T60] usb 9-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  608.466358][   T60] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.479869][   T60] usb 9-1: config 0 descriptor??
[  608.566205][T12479] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2973'.
[  608.584167][T12479] bridge0: port 3(vlan2) entered blocking state
[  608.594374][T12479] bridge0: port 3(vlan2) entered disabled state
[  608.603119][T12479] device vlan2 entered promiscuous mode
[  608.610351][T12479] device gretap0 entered promiscuous mode
[  608.617628][T12479] bridge0: port 3(vlan2) entered blocking state
[  608.631150][T12479] bridge0: port 3(vlan2) entered forwarding state
[  608.765938][ T8816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  608.777066][ T8816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  608.786436][  T821] usb 9-1: USB disconnect, device number 5
[  608.787871][ T8816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  608.804565][ T8816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  608.965955][ T8816] usb 4-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  608.975578][ T8816] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.984298][ T8816] usb 4-1: Product: syz
[  608.989353][ T8816] usb 4-1: Manufacturer: syz
[  608.994249][ T8816] usb 4-1: SerialNumber: syz
[  608.999830][ T8816] usb 4-1: config 0 descriptor??
[  609.253774][T12499] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2981'.
[  609.288897][T12505] binder: 12504:12505 ioctl c018620c 0 returned -14
[  609.578627][ T1414] usb 10-1: USB disconnect, device number 4
[  609.611447][T12513] input: syz1 as /devices/virtual/input/input8
[  609.905841][ T8816] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  610.145819][ T8816] usb 9-1: Using ep0 maxpacket: 16
[  610.265927][ T8816] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  610.279219][ T8816] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  610.291217][ T8816] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  610.306568][ T8816] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  610.317588][ T8816] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.327097][ T8816] usb 9-1: config 0 descriptor??
[  610.375858][ T1414] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  610.806717][ T8816] microsoft 0003:045E:07DA.0078: unknown main item tag 0x0
[  610.817112][ T8816] input: HID 045e:07da as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:045E:07DA.0078/input/input9
[  610.895923][ T1414] usb 8-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  610.906517][ T1414] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.917496][ T1414] usb 8-1: Product: syz
[  610.921745][ T8816] microsoft 0003:045E:07DA.0078: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.8-1/input0
[  610.951371][ T1414] usb 8-1: Manufacturer: syz
[  610.955924][ T1414] usb 8-1: SerialNumber: syz
[  610.961028][ T1414] usb 8-1: config 0 descriptor??
[  611.012499][  T821] usb 9-1: USB disconnect, device number 6
[  611.143798][  T358] usb 4-1: USB disconnect, device number 6
[  611.256046][   T60] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  611.676042][   T60] usb 10-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  611.729798][   T60] usb 10-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 1
[  611.808808][   T60] usb 10-1: config 0 has an invalid descriptor of length 32, skipping remainder of the config
[  611.868513][   T60] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  611.883227][   T60] usb 10-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  611.893141][   T60] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.904434][   T60] usb 10-1: config 0 descriptor??
[  611.946423][   T60] usb-storage 10-1:0.0: USB Mass Storage device detected
[  611.964970][   T60] usb-storage 10-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  612.163553][  T821] usb 10-1: USB disconnect, device number 5
[  612.655835][  T821] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  612.821410][T12589] netlink: 47 bytes leftover after parsing attributes in process `syz.6.3016'.
[  612.906027][  T821] usb 9-1: Using ep0 maxpacket: 16
[  613.027373][  T821] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  613.075501][  T821] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  613.089222][  T821] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  613.120566][   T30] kauditd_printk_skb: 269 callbacks suppressed
[  613.120593][   T30] audit: type=1400 audit(1730831012.438:2652): avc:  denied  { read } for  pid=12598 comm="syz.6.3019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  613.155531][  T821] usb 9-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  613.167705][  T821] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.176939][   T60] usb 8-1: USB disconnect, device number 4
[  613.187177][  T821] usb 9-1: config 0 descriptor??
[  613.326642][T12622] device macsec0 entered promiscuous mode
[  613.337243][T12622] device veth1_macvtap left promiscuous mode
[  613.344923][T12622] device macsec0 left promiscuous mode
[  613.685996][  T821] usbhid 9-1:0.0: can't add hid device: -71
[  613.693569][  T821] usbhid: probe of 9-1:0.0 failed with error -71
[  613.705702][  T821] usb 9-1: USB disconnect, device number 7
[  613.755810][   T60] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  613.995873][   T60] usb 8-1: Using ep0 maxpacket: 8
[  614.115945][   T60] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  614.130793][   T60] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  614.143600][   T60] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  614.160243][   T60] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  614.174556][   T60] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  614.185596][   T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  614.235906][ T8816] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  614.486505][T12684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3056'.
[  614.496592][T12684] netlink: 'syz.3.3056': attribute type 1 has an invalid length.
[  614.615895][ T8816] usb 10-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  614.625948][ T8816] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  614.635860][ T8816] usb 10-1: config 0 descriptor??
[  615.163783][T12710] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3066'.
[  615.455829][  T358] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  615.586192][ T1414] hid-generic 0007:0009:0800.0079: item fetching failed at offset 0/4
[  615.595342][ T1414] hid-generic: probe of 0007:0009:0800.0079 failed with error -22
[  615.695848][  T358] usb 9-1: Using ep0 maxpacket: 32
[  615.815974][  T358] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  615.825260][  T358] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  615.835404][  T358] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  615.846469][  T358] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  615.858703][  T358] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  615.870559][  T358] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  615.886021][  T358] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  615.899957][  T821] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  615.907953][  T358] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.918959][  T358] usb 9-1: config 0 descriptor??
[  616.155809][  T821] usb 4-1: Using ep0 maxpacket: 8
[  616.177824][  T358] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  616.199669][  T358] usb 9-1: USB disconnect, device number 8
[  616.209525][  T358] usblp0: removed
[  616.414628][ T1414] usb 8-1: USB disconnect, device number 5
[  616.435886][  T821] usb 4-1: New USB device found, idVendor=0baf, idProduct=00f5, bcdDevice=df.c2
[  616.448646][  T821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.457008][  T821] usb 4-1: Product: syz
[  616.461223][  T821] usb 4-1: Manufacturer: syz
[  616.465982][  T821] usb 4-1: SerialNumber: syz
[  616.476131][  T821] usb 4-1: config 0 descriptor??
[  616.718356][  T821] usb 4-1: USB disconnect, device number 7
[  616.725817][  T358] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  616.836162][ T1414] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  616.961768][ T8816] usb 10-1: USB disconnect, device number 6
[  616.995877][  T358] usb 9-1: Using ep0 maxpacket: 32
[  617.075919][ T1414] usb 8-1: Using ep0 maxpacket: 32
[  617.145901][  T358] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  617.156322][  T358] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  617.172052][  T358] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  617.183282][  T358] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  617.194398][  T358] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  617.195889][ T1414] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  617.212972][  T358] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  617.237652][  T358] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  617.245861][ T1414] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  617.248166][  T358] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.265829][ T1414] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  617.277327][ T1414] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.277928][  T358] usb 9-1: config 0 descriptor??
[  617.303994][ T1414] usb 8-1: config 0 descriptor??
[  617.315863][  T821] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  617.346434][ T1414] hub 8-1:0.0: USB hub found
[  617.547985][  T358] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  617.565981][ T1414] hub 8-1:0.0: 1 port detected
[  617.575812][  T821] usb 4-1: Using ep0 maxpacket: 8
[  617.887358][   T30] audit: type=1400 audit(1730831017.208:2653): avc:  denied  { read write } for  pid=12713 comm="syz.8.3068" name="lp0" dev="devtmpfs" ino=2372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  617.913502][   T30] audit: type=1400 audit(1730831017.208:2654): avc:  denied  { open } for  pid=12713 comm="syz.8.3068" path="/dev/usb/lp0" dev="devtmpfs" ino=2372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  617.940541][   T30] audit: type=1400 audit(1730831017.238:2655): avc:  denied  { ioctl } for  pid=12713 comm="syz.8.3068" path="/dev/usb/lp0" dev="devtmpfs" ino=2372 ioctlcmd=0x60b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  617.975910][T12764] usblp0:failed reading printer status (-32)
[  617.975940][  T821] usb 4-1: New USB device found, idVendor=0baf, idProduct=00f5, bcdDevice=df.c2
[  617.991333][  T821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.999420][  T821] usb 4-1: Product: syz
[  618.003415][  T821] usb 4-1: Manufacturer: syz
[  618.008015][  T821] usb 4-1: SerialNumber: syz
[  618.012967][  T358] usb 9-1: USB disconnect, device number 9
[  618.019620][  T821] usb 4-1: config 0 descriptor??
[  618.025465][  T358] usblp0: removed
[  618.235895][ T1414] hub 8-1:0.0: activate --> -90
[  618.656579][   T20] usb 8-1: USB disconnect, device number 6
[  618.805845][  T358] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  619.045833][ T1414] usb 10-1: new full-speed USB device number 7 using dummy_hcd
[  619.055835][  T358] usb 9-1: Using ep0 maxpacket: 8
[  619.238129][T12792] bridge0: port 1(bridge_slave_0) entered blocking state
[  619.244980][T12792] bridge0: port 1(bridge_slave_0) entered disabled state
[  619.252409][T12792] device bridge_slave_0 entered promiscuous mode
[  619.259836][T12792] bridge0: port 2(bridge_slave_1) entered blocking state
[  619.266971][T12792] bridge0: port 2(bridge_slave_1) entered disabled state
[  619.274331][T12792] device bridge_slave_1 entered promiscuous mode
[  619.276355][ T1259] usb 4-1: USB disconnect, device number 8
[  619.350296][T12792] bridge0: port 2(bridge_slave_1) entered blocking state
[  619.357482][T12792] bridge0: port 2(bridge_slave_1) entered forwarding state
[  619.364555][T12792] bridge0: port 1(bridge_slave_0) entered blocking state
[  619.371354][T12792] bridge0: port 1(bridge_slave_0) entered forwarding state
[  619.381659][  T358] usb 9-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  619.390625][  T358] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.398542][  T358] usb 9-1: Product: syz
[  619.402527][  T358] usb 9-1: Manufacturer: syz
[  619.407223][  T358] usb 9-1: SerialNumber: syz
[  619.415422][  T358] usb 9-1: config 0 descriptor??
[  619.420279][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  619.428392][ T1258] bridge0: port 1(bridge_slave_0) entered disabled state
[  619.435699][ T1258] bridge0: port 2(bridge_slave_1) entered disabled state
[  619.447125][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  619.455165][ T1258] bridge0: port 1(bridge_slave_0) entered blocking state
[  619.455870][ T1414] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  619.462053][ T1258] bridge0: port 1(bridge_slave_0) entered forwarding state
[  619.472507][ T1414] usb 10-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBE, skipping
[  619.490517][ T1414] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  619.507286][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  619.515340][ T1258] bridge0: port 2(bridge_slave_1) entered blocking state
[  619.522224][ T1258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  619.534132][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  619.543991][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  619.558504][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  619.572730][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  619.581740][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  619.591336][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  619.603129][T12792] device veth0_vlan entered promiscuous mode
[  619.614629][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  619.624623][T12792] device veth1_macvtap entered promiscuous mode
[  619.636673][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  619.647259][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  619.665930][ T1414] usb 10-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  619.675118][ T1414] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  619.683742][ T1414] usb 10-1: Product: syz
[  619.688113][ T1414] usb 10-1: Manufacturer: syz
[  619.692748][ T1414] usb 10-1: SerialNumber: syz
[  619.699017][  T495] device gretap0 left promiscuous mode
[  619.702245][ T1414] usb 10-1: config 0 descriptor??
[  619.705611][  T495] bridge0: port 3(vlan2) entered disabled state
[  619.715877][   T30] audit: type=1400 audit(1730831019.038:2656): avc:  denied  { write } for  pid=12801 comm="syz.7.3098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  619.738179][  T495] device vlan2 left promiscuous mode
[  619.738439][   T30] audit: type=1400 audit(1730831019.038:2657): avc:  denied  { nlmsg_read } for  pid=12801 comm="syz.7.3098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  619.743295][  T495] bridge0: port 3(vlan2) entered disabled state
[  619.772412][ T1414] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[  619.876679][  T495] device bridge_slave_1 left promiscuous mode
[  619.882907][  T495] bridge0: port 2(bridge_slave_1) entered disabled state
[  619.890357][  T495] device bridge_slave_0 left promiscuous mode
[  619.896578][  T495] bridge0: port 1(bridge_slave_0) entered disabled state
[  619.904760][  T495] device veth0_vlan left promiscuous mode
[  620.005849][ T1259] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  620.246116][ T1259] usb 8-1: Using ep0 maxpacket: 32
[  620.454100][   T30] audit: type=1400 audit(1730831019.768:2658): avc:  denied  { create } for  pid=12833 comm="syz.3.3113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  620.525875][ T1259] usb 8-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  620.534839][ T1259] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.542658][ T1259] usb 8-1: Product: syz
[  620.546627][ T1259] usb 8-1: Manufacturer: syz
[  620.551292][ T1259] usb 8-1: SerialNumber: syz
[  620.556809][ T1259] usb 8-1: config 0 descriptor??
[  620.639111][T12842] binder: 12841:12842 ioctl 4018620d 0 returned -22
[  620.725686][   T30] audit: type=1400 audit(1730831020.038:2659): avc:  denied  { setopt } for  pid=12849 comm="syz.6.3119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  620.753034][   T30] audit: type=1400 audit(1730831020.068:2660): avc:  denied  { bind } for  pid=12853 comm="syz.6.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  620.772414][   T30] audit: type=1400 audit(1730831020.068:2661): avc:  denied  { listen } for  pid=12853 comm="syz.6.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  620.792604][   T30] audit: type=1400 audit(1730831020.068:2662): avc:  denied  { connect } for  pid=12853 comm="syz.6.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  620.812557][   T30] audit: type=1400 audit(1730831020.068:2663): avc:  denied  { accept } for  pid=12853 comm="syz.6.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  621.027634][   T60] usb 10-1: USB disconnect, device number 7
[  621.103082][T12857] bridge0: port 1(bridge_slave_0) entered blocking state
[  621.110376][T12857] bridge0: port 1(bridge_slave_0) entered disabled state
[  621.118120][T12857] device bridge_slave_0 entered promiscuous mode
[  621.129008][T12857] bridge0: port 2(bridge_slave_1) entered blocking state
[  621.135951][T12857] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.143087][T12857] device bridge_slave_1 entered promiscuous mode
[  621.193060][T12857] bridge0: port 2(bridge_slave_1) entered blocking state
[  621.199945][T12857] bridge0: port 2(bridge_slave_1) entered forwarding state
[  621.207060][T12857] bridge0: port 1(bridge_slave_0) entered blocking state
[  621.213868][T12857] bridge0: port 1(bridge_slave_0) entered forwarding state
[  621.227490][  T495] bridge0: port 1(bridge_slave_0) entered disabled state
[  621.234813][  T495] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.263838][  T495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  621.271667][  T495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  621.280863][  T495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  621.289593][  T495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  621.297791][  T495] bridge0: port 1(bridge_slave_0) entered blocking state
[  621.304666][  T495] bridge0: port 1(bridge_slave_0) entered forwarding state
[  621.337316][T12864] mmap: syz.3.3123 (12864) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  621.352180][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  621.363336][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  621.371772][ T1258] bridge0: port 2(bridge_slave_1) entered blocking state
[  621.378731][ T1258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  621.395834][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  621.404276][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  621.412608][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  621.421483][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  621.438705][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  621.447086][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  621.458434][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  621.466445][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  621.474346][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  621.481973][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  621.489931][T12857] device veth0_vlan entered promiscuous mode
[  621.503450][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  621.511537][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  621.521580][T12857] device veth1_macvtap entered promiscuous mode
[  621.531671][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  621.533338][ T9448] usb 9-1: USB disconnect, device number 10
[  621.540179][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  621.553683][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  621.574497][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  621.582842][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  621.649864][   T30] audit: type=1400 audit(1730831020.968:2664): avc:  denied  { create } for  pid=12880 comm="syz.8.3129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  621.720125][  T312] device bridge_slave_1 left promiscuous mode
[  621.736635][  T312] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.746873][  T312] device bridge_slave_0 left promiscuous mode
[  621.753001][  T312] bridge0: port 1(bridge_slave_0) entered disabled state
[  621.761501][  T312] device veth1_macvtap left promiscuous mode
[  621.769037][  T312] device veth0_vlan left promiscuous mode
[  621.895813][   T60] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  622.145834][   T60] usb 10-1: Using ep0 maxpacket: 32
[  622.295882][   T60] usb 10-1: config 0 has an invalid interface number: 67 but max is 0
[  622.304351][   T60] usb 10-1: config 0 has no interface number 0
[  622.495860][   T60] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  622.504962][   T60] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.513105][   T60] usb 10-1: Product: syz
[  622.517411][   T60] usb 10-1: Manufacturer: syz
[  622.541186][   T60] usb 10-1: SerialNumber: syz
[  622.558896][   T60] usb 10-1: config 0 descriptor??
[  622.607359][   T60] smsc95xx v2.0.0
[  622.735845][ T1259] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  622.743707][ T9448] usb 8-1: USB disconnect, device number 7
[  622.835864][ T1414] usb 9-1: new full-speed USB device number 11 using dummy_hcd
[  623.035871][   T60] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  623.037621][T12966] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  623.047282][   T60] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  623.067035][T12966] kvm: pic: level sensitive irq not supported
[  623.067084][T12966] kvm: pic: non byte read
[  623.077648][T12966] kvm: pic: level sensitive irq not supported
[  623.077731][T12966] kvm: pic: non byte read
[  623.088350][T12966] kvm: pic: level sensitive irq not supported
[  623.088404][T12966] kvm: pic: non byte read
[  623.098714][ T1259] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  623.098953][T12966] kvm: pic: level sensitive irq not supported
[  623.107667][ T1259] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.108376][ T1259] usb 4-1: config 0 descriptor??
[  623.118434][T12966] kvm: pic: non byte read
[  623.236006][ T1414] usb 9-1: unable to get BOS descriptor or descriptor too short
[  623.275888][ T1414] usb 9-1: not running at top speed; connect to a high speed hub
[  623.355907][ T1414] usb 9-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  623.368704][ T1414] usb 9-1: config 1 interface 0 has no altsetting 0
[  623.405898][ T1414] usb 9-1: language id specifier not provided by device, defaulting to English
[  623.475843][ T9448] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  623.525900][ T1414] usb 9-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.40
[  623.534861][ T1414] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.542728][ T1414] usb 9-1: Product: syz
[  623.546659][ T1414] usb 9-1: Manufacturer: ꑁ
[  623.551318][ T1414] usb 9-1: SerialNumber: syz
[  623.755951][   T60] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -32
[  623.767531][   T60] smsc95xx: probe of 10-1:0.67 failed with error -32
[  623.845920][ T9448] usb 8-1: config 0 has an invalid interface number: 117 but max is 0
[  623.854555][ T9448] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  623.864898][ T9448] usb 8-1: config 0 has no interface number 0
[  623.871251][ T9448] usb 8-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  623.882565][ T9448] usb 8-1: config 0 interface 117 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  623.894528][ T9448] usb 8-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  623.975890][ T1414] usbhid 9-1:1.0: can't add hid device: -71
[  623.981944][ T1414] usbhid: probe of 9-1:1.0 failed with error -71
[  623.989295][ T1414] usb 9-1: USB disconnect, device number 11
[  624.075886][ T9448] usb 8-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  624.085262][ T9448] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.093160][ T9448] usb 8-1: Product: syz
[  624.097137][ T9448] usb 8-1: Manufacturer: syz
[  624.101544][ T9448] usb 8-1: SerialNumber: syz
[  624.106765][ T9448] usb 8-1: config 0 descriptor??
[  624.349059][ T1414] usb 8-1: USB disconnect, device number 8
[  624.715826][   T20] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  624.753693][ T9448] usb 10-1: USB disconnect, device number 8
[  624.869055][   T30] audit: type=1400 audit(1730831024.188:2665): avc:  denied  { watch } for  pid=13006 comm="syz.7.3180" path="/18/file0" dev="tmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  624.896491][   T30] audit: type=1400 audit(1730831024.208:2666): avc:  denied  { watch_reads } for  pid=13006 comm="syz.7.3180" path="/18/file0" dev="tmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  624.965850][   T20] usb 9-1: Using ep0 maxpacket: 8
[  624.973140][   T30] audit: type=1400 audit(1730831024.288:2667): avc:  denied  { shutdown } for  pid=13008 comm="syz.7.3181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  625.018005][T13018] device vlan0 entered promiscuous mode
[  625.085905][   T20] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 13
[  625.245997][   T20] usb 9-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  625.255218][   T20] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.263308][   T20] usb 9-1: Product: syz
[  625.267379][   T20] usb 9-1: Manufacturer: syz
[  625.272316][   T20] usb 9-1: SerialNumber: syz
[  625.277934][   T20] usb 9-1: config 0 descriptor??
[  625.482665][   T20] usb 4-1: USB disconnect, device number 9
[  625.605703][T13027] kvm_set_msr_common: 20 callbacks suppressed
[  625.605718][T13027] kvm [13025]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xa00000000
[  625.805802][ T1259] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  626.055805][ T1259] usb 10-1: Using ep0 maxpacket: 16
[  626.175890][ T1259] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  626.186934][ T1259] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  626.200158][ T1259] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  626.209384][ T1259] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.219087][ T1259] usb 10-1: config 0 descriptor??
[  626.575207][   T20] usb 9-1: USB disconnect, device number 12
[  626.655903][   T60] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  626.863869][ T1259] microsoft 0003:045E:07DA.007A: unknown main item tag 0x0
[  626.871078][ T1259] microsoft 0003:045E:07DA.007A: unknown main item tag 0x0
[  626.878719][ T1259] microsoft 0003:045E:07DA.007A: unknown main item tag 0x0
[  626.885860][ T1259] microsoft 0003:045E:07DA.007A: unknown main item tag 0x0
[  626.893086][ T1259] microsoft 0003:045E:07DA.007A: unknown main item tag 0x0
[  626.900377][ T1259] hid_map_usage: 4377 callbacks suppressed
[  626.900392][ T1259] HID 045e:07da: Invalid code 65791 type 1
[  626.913481][ T1259] input: HID 045e:07da as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:045E:07DA.007A/input/input11
[  626.926364][ T1259] microsoft 0003:045E:07DA.007A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.9-1/input0
[  627.015873][   T60] usb 4-1: config 0 has no interfaces?
[  627.021256][   T60] usb 4-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00
[  627.031199][   T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.039821][   T60] usb 4-1: config 0 descriptor??
[  627.288195][ T9448] usb 4-1: USB disconnect, device number 10
[  627.409649][   T60] usb 10-1: USB disconnect, device number 9
[  627.463647][   T30] audit: type=1400 audit(1730831026.778:2668): avc:  denied  { append } for  pid=13055 comm="syz.8.3199" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  627.558798][T13062] kvm: MWAIT instruction emulated as NOP!
[  627.603410][T13073] netlink: 104 bytes leftover after parsing attributes in process `syz.8.3206'.
[  627.603422][   T30] audit: type=1400 audit(1730831026.918:2669): avc:  denied  { nlmsg_read } for  pid=13072 comm="syz.8.3206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  627.641957][T13075] loop8: detected capacity change from 0 to 1024
[  627.678127][T13075] EXT4-fs (loop8): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  627.688606][T13075] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  627.688676][T13079] loop7: detected capacity change from 0 to 1024
[  627.699835][T13075] EXT4-fs error (device loop8): ext4_get_journal_inode:5150: inode #5: comm syz.8.3207: unexpected bad inode w/o EXT4_IGET_BAD
[  627.717543][T13075] EXT4-fs (loop8): no journal found
[  627.722574][T13075] EXT4-fs (loop8): can't get journal size
[  627.728940][T13075] EXT4-fs (loop8): mounted filesystem without journal. Opts: noblock_validity,mb_optimize_scan=0x0000000000000001,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue. Quota mode: writeback.
[  627.752306][T13075] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.3207: bg 0: block 32: padding at end of block bitmap is not set
[  627.776866][T13079] EXT4-fs (loop7): Ignoring removed oldalloc option
[  627.823482][T13079] EXT4-fs (loop7): mounted filesystem without journal. Opts: stripe=0x0000000000000001,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,noauto_da_alloc,delalloc,resuid=0x0000000000000000,oldalloc,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  627.829975][T13084] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  627.867392][T13084] kvm: pic: non byte read
[  627.872085][T13084] kvm: pic: level sensitive irq not supported
[  627.874381][T13084] kvm: pic: non byte read
[  627.886676][T13084] kvm: pic: level sensitive irq not supported
[  627.886751][T13084] kvm: pic: non byte read
[  627.899240][   T10] tipc: Left network mode
[  627.918484][T13087] bridge0: port 1(bridge_slave_0) entered blocking state
[  627.931045][T13087] bridge0: port 1(bridge_slave_0) entered disabled state
[  627.949277][   T30] audit: type=1400 audit(1730831027.268:2670): avc:  denied  { connect } for  pid=13098 comm="syz.9.3215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  627.961984][T13087] device bridge_slave_0 entered promiscuous mode
[  627.981918][T13087] bridge0: port 2(bridge_slave_1) entered blocking state
[  627.988896][   T30] audit: type=1400 audit(1730831027.298:2671): avc:  denied  { write } for  pid=13098 comm="syz.9.3215" path="socket:[55031]" dev="sockfs" ino=55031 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  628.024833][T13087] bridge0: port 2(bridge_slave_1) entered disabled state
[  628.038090][T13087] device bridge_slave_1 entered promiscuous mode
[  628.038301][   T30] audit: type=1400 audit(1730831027.298:2672): avc:  denied  { read } for  pid=13098 comm="syz.9.3215" laddr=172.20.20.170 lport=2 faddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  628.082352][   T30] audit: type=1400 audit(1730831027.398:2673): avc:  denied  { write } for  pid=13114 comm="syz.7.3222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  628.099123][T13118] loop9: detected capacity change from 0 to 256
[  628.178519][T13087] bridge0: port 2(bridge_slave_1) entered blocking state
[  628.185411][T13087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  628.192535][T13087] bridge0: port 1(bridge_slave_0) entered blocking state
[  628.199072][T13121] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  628.199388][T13087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  628.215465][T13121] kvm: pic: non byte read
[  628.221764][T13121] kvm: pic: level sensitive irq not supported
[  628.221826][T13121] kvm: pic: non byte read
[  628.234289][T13121] kvm: pic: level sensitive irq not supported
[  628.234349][T13121] kvm: pic: non byte read
[  628.340376][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  628.405164][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  628.516594][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  628.563578][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  628.580003][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  628.593480][T13136] loop3: detected capacity change from 0 to 1024
[  628.616626][T13136] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  628.634738][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  628.654862][T13136] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,noquota,barrier=0x0000000000000000,jqfmt=vfsv1,block_validity,mblk_io_submit,noquota,min_batch_time=0x0000000000000008,delalloc,user_xattr,quota,,errors=continue. Quota mode: writeback.
[  628.658393][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  628.691035][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  628.698544][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  628.709029][T13087] device veth0_vlan entered promiscuous mode
[  628.743375][T13134] bridge0: port 1(bridge_slave_0) entered blocking state
[  628.750835][T13134] bridge0: port 1(bridge_slave_0) entered disabled state
[  628.758328][T13134] device bridge_slave_0 entered promiscuous mode
[  628.765688][   T10] device bridge_slave_1 left promiscuous mode
[  628.771963][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  628.780503][   T10] device bridge_slave_0 left promiscuous mode
[  628.786586][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  628.797305][   T10] device veth1_macvtap left promiscuous mode
[  628.803214][   T10] device veth0_vlan left promiscuous mode
[  628.870181][T13134] bridge0: port 2(bridge_slave_1) entered blocking state
[  628.877300][T13134] bridge0: port 2(bridge_slave_1) entered disabled state
[  628.884625][T13134] device bridge_slave_1 entered promiscuous mode
[  628.906829][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  628.923194][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  628.955594][T13087] device veth1_macvtap entered promiscuous mode
[  628.997179][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  629.004980][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  629.014169][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  629.023521][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  629.032886][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  629.051007][T13162] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  629.185803][ T9448] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  629.216700][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  629.224336][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  629.251284][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  629.266408][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  629.284739][  T312] bridge0: port 1(bridge_slave_0) entered blocking state
[  629.291629][  T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[  629.301971][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  629.310696][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  629.324765][  T312] bridge0: port 2(bridge_slave_1) entered blocking state
[  629.331749][  T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[  629.349327][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  629.357354][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  629.365256][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  629.383315][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  629.400832][T13134] device veth0_vlan entered promiscuous mode
[  629.416617][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  629.425100][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  629.444818][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  629.464714][T13134] device veth1_macvtap entered promiscuous mode
[  629.474230][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  629.493031][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  629.525237][ T1258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  629.545888][ T9448] usb 4-1: config 0 has an invalid interface number: 120 but max is 0
[  629.560024][ T9448] usb 4-1: config 0 has no interface number 0
[  629.571615][ T9448] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  629.588796][ T9448] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  629.766941][T13199] loop5: detected capacity change from 0 to 128
[  630.386104][ T9448] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice=55.58
[  630.386212][   T10] device bridge_slave_1 left promiscuous mode
[  630.401759][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  630.408974][ T9448] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.418087][ T9448] usb 4-1: Product: syz
[  630.424262][ T9448] usb 4-1: Manufacturer: syz
[  630.443282][   T10] device bridge_slave_0 left promiscuous mode
[  630.449332][ T9448] usb 4-1: SerialNumber: syz
[  630.585222][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  630.598128][ T9448] usb 4-1: config 0 descriptor??
[  630.624707][   T10] device veth1_macvtap left promiscuous mode
[  630.840230][ T9448] usb 4-1: USB disconnect, device number 11
[  630.936339][T13239] loop5: detected capacity change from 0 to 8192
[  631.024870][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  631.039193][T13239] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  631.051337][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  631.072728][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  631.218818][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  631.227071][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  631.234581][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  631.243164][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  631.251167][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.020784][T13250] loop3: detected capacity change from 0 to 128
[  632.041350][   T30] audit: type=1400 audit(1730831031.358:2674): avc:  denied  { create } for  pid=13251 comm="syz.7.3270" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  632.042788][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.070705][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.078642][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.087044][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.094577][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.102918][   T30] audit: type=1400 audit(1730831031.388:2675): avc:  denied  { mounton } for  pid=13251 comm="syz.7.3270" path="/40/file0" dev="tmpfs" ino=225 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  632.129490][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.138421][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.146242][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.153914][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.156561][   T30] audit: type=1400 audit(1730831031.428:2676): avc:  denied  { unlink } for  pid=12792 comm="syz-executor" name="file0" dev="tmpfs" ino=225 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  632.162458][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.185495][T13262] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  632.192307][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.192335][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.215565][T13250] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  632.225986][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.233148][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.238654][T13268] loop5: detected capacity change from 0 to 512
[  632.240844][T13250] ext4 filesystem being mounted at /519/mnt supports timestamps until 2038 (0x7fffffff)
[  632.256438][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.263660][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.271140][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.278899][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.286178][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.298613][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.301405][T13268] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  632.307056][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.324115][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.332697][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.340790][T13268] EXT4-fs (loop5): 1 orphan inode deleted
[  632.347196][T13268] EXT4-fs (loop5): 1 truncate cleaned up
[  632.352745][T13268] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback.
[  632.355873][ T1414] hid-generic 0000:0000:0000.007B: unknown main item tag 0x0
[  632.383563][T13268] EXT4-fs error (device loop5): ext4_search_dir:1549: inode #12: block 7: comm syz.5.3275: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0
[  632.408050][T13268] EXT4-fs (loop5): Remounting filesystem read-only
[  632.418592][T13274] loop3: detected capacity change from 0 to 2048
[  632.426061][ T1414] hid-generic 0000:0000:0000.007B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  632.488090][ T9448] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  632.505593][T13276] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3278'.
[  632.515432][T13274] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  632.548322][T13272] loop8: detected capacity change from 0 to 40427
[  632.564638][T13272] F2FS-fs (loop8): invalid crc value
[  632.588451][T13272] F2FS-fs (loop8): Found nat_bits in checkpoint
[  632.622955][T13272] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e4
[  632.667083][   T30] audit: type=1400 audit(1730831031.988:2677): avc:  denied  { remount } for  pid=13270 comm="syz.8.3277" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  632.690420][T13087] attempt to access beyond end of device
[  632.690420][T13087] loop8: rw=2049, want=45112, limit=40427
[  632.715859][    T6] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  632.735827][ T9448] usb 8-1: Using ep0 maxpacket: 8
[  632.855918][ T9448] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  632.864302][ T9448] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  632.874230][ T9448] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  632.884168][ T9448] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  632.894137][ T9448] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  632.907559][ T9448] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  632.917031][  T358] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  632.924788][ T9448] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.358760][T13294] loop8: detected capacity change from 0 to 16
[  633.906607][T13294] erofs: (device loop8): mounted with root inode @ nid 36.
[  633.930772][T13293] attempt to access beyond end of device
[  633.930772][T13293] loop8: rw=0, want=24, limit=16
[  633.944510][T13293] erofs: (device loop8): z_erofs_readahead: readahead error at page 3601 @ nid 36
[  633.953864][T13293] erofs: (device loop8): z_erofs_readahead: readahead error at page 3600 @ nid 36
[  633.963759][T13293] erofs: (device loop8): z_erofs_pcluster_readmore: readmore error at page 3601 @ nid 36
[  633.974238][T13293] erofs: (device loop8): z_erofs_pcluster_readmore: readmore error at page 3600 @ nid 36
[  633.984553][T13293] attempt to access beyond end of device
[  633.984553][T13293] loop8: rw=524288, want=32, limit=16
[  633.995585][T13293] attempt to access beyond end of device
[  633.995585][T13293] loop8: rw=524288, want=24, limit=16
[  634.011561][T13297] input: syz0 as /devices/virtual/input/input12
[  634.015884][    T6] usb 10-1: config 0 has no interfaces?
[  634.037579][   T30] audit: type=1400 audit(1730831033.358:2678): avc:  denied  { remount } for  pid=13298 comm="syz.9.3284" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  634.075896][    T6] usb 10-1: string descriptor 0 read error: -71
[  634.084534][    T6] usb 10-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice=98.00
[  634.145890][    T6] usb 10-1: New USB device strings: Mfr=18, Product=255, SerialNumber=255
[  634.157576][    T6] usb 10-1: config 0 descriptor??
[  634.176280][    T6] usb 10-1: can't set config #0, error -71
[  634.185923][    T6] usb 10-1: USB disconnect, device number 10
[  634.196273][  T358] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  634.204848][  T358] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  634.219770][  T358] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  634.229641][  T358] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  634.241401][  T358] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  634.253118][T13313] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  634.269087][   T30] audit: type=1400 audit(1730831033.588:2679): avc:  denied  { mount } for  pid=13300 comm="syz.9.3285" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  634.296335][T13310] loop8: detected capacity change from 0 to 512
[  634.303194][   T30] audit: type=1400 audit(1730831033.588:2680): avc:  denied  { unlink } for  pid=13300 comm="syz.9.3285" name="#b" dev="tmpfs" ino=167 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  634.401514][T13310] EXT4-fs error (device loop8): ext4_xattr_inode_iget:404: comm syz.8.3286: inode #1: comm syz.8.3286: iget: illegal inode #
[  634.405917][  T358] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  634.434888][  T358] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  634.454850][  T358] usb 4-1: Product: syz
[  634.459820][  T358] usb 4-1: Manufacturer: syz
[  634.460044][T13310] EXT4-fs error (device loop8): ext4_xattr_inode_iget:409: comm syz.8.3286: error while reading EA inode 1 err=-117
[  634.491578][T13310] EXT4-fs warning (device loop8): ext4_expand_extra_isize_ea:2815: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  634.516538][  T358] cdc_wdm 4-1:1.0: skipping garbage
[  634.522224][  T358] cdc_wdm 4-1:1.0: skipping garbage
[  634.536556][  T358] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  634.544035][T13310] EXT4-fs error (device loop8): ext4_xattr_inode_iget:404: comm syz.8.3286: inode #1: comm syz.8.3286: iget: illegal inode #
[  634.566656][T13310] EXT4-fs error (device loop8): ext4_xattr_inode_iget:409: comm syz.8.3286: error while reading EA inode 1 err=-117
[  634.568406][T13323] loop5: detected capacity change from 0 to 128
[  634.589395][T13310] EXT4-fs (loop8): 1 orphan inode deleted
[  634.605799][T13310] EXT4-fs (loop8): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,noquota,init_itable,usrjquota=,init_itable,,errors=continue. Quota mode: none.
[  634.657044][   T30] audit: type=1400 audit(1730831033.978:2681): avc:  denied  { rename } for  pid=13308 comm="syz.8.3286" name="file1" dev="loop8" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  634.659745][T13323] EXT4-fs (loop5): Test dummy encryption mode enabled
[  634.693059][T13323] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  634.705999][T13323] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038 (0x7fffffff)
[  634.748784][   T30] audit: type=1400 audit(1730831033.978:2682): avc:  denied  { rename } for  pid=13308 comm="syz.8.3286" name="file0" dev="loop8" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  634.775050][ T8816] usb 4-1: USB disconnect, device number 12
[  634.834647][T13328] loop8: detected capacity change from 0 to 256
[  634.862263][T13328] exfat: Deprecated parameter 'namecase'
[  634.869141][T13328] exfat: Deprecated parameter 'utf8'
[  634.880972][T13328] exfat: Deprecated parameter 'namecase'
[  634.904974][T13328] exFAT-fs (loop8): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  634.987913][   T30] audit: type=1400 audit(1730831034.308:2683): avc:  denied  { append } for  pid=13327 comm="syz.8.3292" path="/9/file0/cpu.stat" dev="loop8" ino=1048978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  635.816826][ T9448] usb 8-1: USB disconnect, device number 9
[  636.076723][T13342] loop3: detected capacity change from 0 to 1024
[  636.158940][T13342] EXT4-fs (loop3): Test dummy encryption mode enabled
[  636.182803][T13342] EXT4-fs (loop3): Ignoring removed orlov option
[  636.188346][T13351] loop7: detected capacity change from 0 to 512
[  636.289097][T13348] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  636.290804][T13342] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  636.370437][T13351] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  636.442711][T13351] EXT4-fs (loop7): 1 truncate cleaned up
[  636.458718][T13351] EXT4-fs (loop7): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,minixdf,journal_dev=0x0000000000000004,quota,. Quota mode: writeback.
[  636.757938][T13374] loop5: detected capacity change from 0 to 16
[  636.809352][T13382] loop7: detected capacity change from 0 to 512
[  636.829152][T13384] loop3: detected capacity change from 0 to 512
[  636.842538][T13374] erofs: (device loop5): mounted with root inode @ nid 36.
[  636.867017][T13374] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  636.883002][T13382] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  636.892677][T13356] loop9: detected capacity change from 0 to 40427
[  636.904785][T13374] erofs: (device loop5): z_erofs_readahead: readahead error at page 31 @ nid 36
[  636.916301][T13382] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038 (0x7fffffff)
[  636.929174][T13374] erofs: (device loop5): z_erofs_readahead: readahead error at page 22 @ nid 36
[  636.939445][T13374] attempt to access beyond end of device
[  636.939445][T13374] loop5: rw=524288, want=848, limit=16
[  636.940256][T13384] EXT4-fs (loop3): 1 truncate cleaned up
[  636.958535][T13374] attempt to access beyond end of device
[  636.958535][T13374] loop5: rw=524288, want=13478624104, limit=16
[  636.972368][T13356] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[  636.986146][T13356] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  636.997903][T13374] attempt to access beyond end of device
[  636.997903][T13374] loop5: rw=524288, want=13478624040, limit=16
[  637.014577][T13384] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none.
[  637.122943][T13384] EXT4-fs error (device loop3): ext4_add_entry:2484: inode #2: comm syz.3.3311: Directory hole found for htree leaf block 0
[  637.143458][T13356] F2FS-fs (loop9): Found nat_bits in checkpoint
[  637.145097][T13384] EXT4-fs (loop3): Remounting filesystem read-only
[  637.396031][T13403] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3315'.
[  637.398219][T13356] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  637.417890][T13356] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  637.779143][T13424] loop9: detected capacity change from 0 to 256
[  637.928300][T13424] FAT-fs (loop9): Directory bread(block 64) failed
[  637.940062][T13424] FAT-fs (loop9): Directory bread(block 65) failed
[  637.951540][T13424] FAT-fs (loop9): Directory bread(block 66) failed
[  637.958762][T13424] FAT-fs (loop9): Directory bread(block 67) failed
[  637.967610][T13424] FAT-fs (loop9): Directory bread(block 68) failed
[  637.976096][T13424] FAT-fs (loop9): Directory bread(block 69) failed
[  637.982812][T13424] FAT-fs (loop9): Directory bread(block 70) failed
[  637.990863][T13424] FAT-fs (loop9): Directory bread(block 71) failed
[  638.004118][T13424] FAT-fs (loop9): Directory bread(block 72) failed
[  638.004975][T13422] loop7: detected capacity change from 0 to 40427
[  638.011369][T13424] FAT-fs (loop9): Directory bread(block 73) failed
[  638.023012][T13430] loop3: detected capacity change from 0 to 512
[  638.039270][T13422] F2FS-fs (loop7): Unrecognized mount option "errors=continue" or missing value
[  638.072008][T13430] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,max_dir_size_kb=0x0000000000008000,minixdf,,errors=continue. Quota mode: writeback.
[  638.089866][T13430] ext4 filesystem being mounted at /529/bus supports timestamps until 2038 (0x7fffffff)
[  638.113669][T13430] capability: warning: `syz.3.3325' uses 32-bit capabilities (legacy support in use)
[  638.129007][T13436] netlink: 'syz.7.3327': attribute type 12 has an invalid length.
[  638.169421][T13439] loop9: detected capacity change from 0 to 16
[  638.256317][T13439] erofs: (device loop9): mounted with root inode @ nid 36.
[  638.269667][T13439] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop9 ino=86
[  638.284419][T13439] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop9 ino=86
[  638.291165][T13445] overlayfs: failed to clone upperpath
[  638.387547][T13451] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  638.399538][T13451] TCP: tcp_parse_options: Illegal window scaling value 26 > 14 received
[  638.445861][  T358] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  638.695857][  T358] usb 8-1: Using ep0 maxpacket: 16
[  638.816186][  T358] usb 8-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  638.850117][  T358] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.895926][ T9448] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  638.920470][  T358] usb 8-1: config 0 descriptor??
[  639.147858][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  639.147874][   T30] audit: type=1400 audit(1730831038.468:2687): avc:  denied  { setopt } for  pid=13476 comm="syz.3.3345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  639.185965][ T9448] usb 9-1: Using ep0 maxpacket: 32
[  639.274437][   T30] audit: type=1400 audit(1730831038.588:2688): avc:  denied  { unmount } for  pid=2736 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  639.316206][ T9448] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  639.333672][ T9448] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  639.350406][ T9448] usb 9-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00
[  639.360921][ T9448] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.373548][ T9448] usb 9-1: config 0 descriptor??
[  639.895885][ T9448] usbhid 9-1:0.0: can't add hid device: -71
[  639.901934][ T9448] usbhid: probe of 9-1:0.0 failed with error -71
[  639.910216][ T9448] usb 9-1: USB disconnect, device number 13
[  640.051241][T13494] loop9: detected capacity change from 0 to 256
[  640.076617][T13494] exfat: Unknown parameter 'zero_size_dir'
[  640.239495][T13499] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3354'.
[  641.873417][   T30] audit: type=1400 audit(1730831041.188:2689): avc:  denied  { create } for  pid=13511 comm="syz.9.3357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  641.910547][ T9448] usb 8-1: USB disconnect, device number 10
[  641.974130][T13525] loop7: detected capacity change from 0 to 512
[  642.013334][   T30] audit: type=1400 audit(1730831041.328:2690): avc:  denied  { bind } for  pid=13533 comm="syz.3.3366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  642.158121][T13525] EXT4-fs (loop7): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue. Quota mode: writeback.
[  642.177941][T13525] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038 (0x7fffffff)
[  642.225869][  T821] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  642.245790][  T358] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  642.485911][  T358] usb 9-1: Using ep0 maxpacket: 16
[  642.496115][  T821] usb 6-1: Using ep0 maxpacket: 32
[  642.615852][  T821] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  642.624083][  T821] usb 6-1: config 0 has no interface number 0
[  642.631762][  T821] usb 6-1: config 0 interface 12 has no altsetting 0
[  642.646017][  T358] usb 9-1: unable to get BOS descriptor or descriptor too short
[  642.726278][  T358] usb 9-1: config 8 has an invalid interface number: 160 but max is 1
[  642.737244][  T358] usb 9-1: config 8 has an invalid interface number: 248 but max is 1
[  642.750476][  T358] usb 9-1: config 8 has no interface number 0
[  642.757446][  T358] usb 9-1: config 8 has no interface number 1
[  642.764030][  T358] usb 9-1: config 8 interface 160 has no altsetting 0
[  642.796503][  T821] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  642.819471][  T821] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.124725][  T821] usb 6-1: Product: syz
[  643.131072][  T821] usb 6-1: Manufacturer: syz
[  643.136428][  T821] usb 6-1: SerialNumber: syz
[  643.141672][  T821] usb 6-1: config 0 descriptor??
[  643.235921][  T358] usb 9-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=e2.2a
[  643.283912][  T358] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.312030][  T358] usb 9-1: Product: syz
[  644.206774][  T358] usb 9-1: Manufacturer: syz
[  644.213386][  T358] usb 9-1: SerialNumber: syz
[  644.258885][T13583] overlayfs: failed to get index nlink (file1/bus, err=-61)
[  644.452308][T13597] loop3: detected capacity change from 0 to 128
[  644.614986][  T358] usb 9-1: USB disconnect, device number 14
[  644.626189][  T821] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  644.985853][  T821] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  644.999984][  T821] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  645.019036][T13603] loop8: detected capacity change from 0 to 8192
[  645.073637][T13603] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  645.165220][ T9448] usb 6-1: USB disconnect, device number 3
[  645.176756][  T821] usb 8-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  645.211919][  T821] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.223794][T13620] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3400'.
[  645.315795][  T821] usb 8-1: Product: syz
[  645.325612][  T821] usb 8-1: Manufacturer: syz
[  645.330595][  T821] usb 8-1: SerialNumber: syz
[  645.337044][  T821] usb 8-1: config 0 descriptor??
[  645.355944][T13595] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  645.363787][T13595] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  645.458350][T13643] loop8: detected capacity change from 0 to 8192
[  645.586518][T13643] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  645.647802][T13595] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  645.659872][T13595] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  645.667282][ T9448] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  645.890576][   T20] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  646.025878][ T9448] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  646.038192][ T9448] usb 6-1: config 0 has no interfaces?
[  646.043809][ T9448] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  646.081580][ T9448] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.091104][ T9448] usb 6-1: config 0 descriptor??
[  646.098414][T13648] binder: 13647:13648 unknown command 0
[  646.104363][T13648] binder: 13647:13648 ioctl c0306201 20000a80 returned -22
[  646.112189][    T6] ==================================================================
[  646.120504][    T6] BUG: KASAN: use-after-free in __list_del_entry_valid+0x2f/0x120
[  646.128270][    T6] Read of size 8 at addr ffff88811028cb88 by task kworker/0:0/6
[  646.136631][    T6] 
[  646.138986][    T6] CPU: 0 PID: 6 Comm: kworker/0:0 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0
[  646.149134][    T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  646.159897][    T6] Workqueue: events binder_deferred_func
[  646.165390][    T6] Call Trace:
[  646.169038][    T6]  <TASK>
[  646.171791][    T6]  dump_stack_lvl+0x151/0x1c0
[  646.176377][    T6]  ? io_uring_drop_tctx_refs+0x190/0x190
[  646.182105][    T6]  ? panic+0x760/0x760
[  646.186112][    T6]  ? kasan_quarantine_put+0x34/0x1a0
[  646.191601][    T6]  print_address_description+0x87/0x3b0
[  646.197327][    T6]  kasan_report+0x179/0x1c0
[  646.202178][    T6]  ? _raw_spin_lock+0xa4/0x1b0
[  646.207476][    T6]  ? __list_del_entry_valid+0x2f/0x120
[  646.213220][    T6]  ? __list_del_entry_valid+0x2f/0x120
[  646.219122][    T6]  __asan_report_load8_noabort+0x14/0x20
[  646.224760][    T6]  __list_del_entry_valid+0x2f/0x120
[  646.230200][    T6]  binder_release_work+0xcd/0x680
[  646.235616][    T6]  binder_deferred_func+0x1847/0x1bc0
[  646.241698][    T6]  ? read_word_at_a_time+0x12/0x20
[  646.247261][    T6]  process_one_work+0x6bb/0xc10
[  646.252209][    T6]  worker_thread+0xad5/0x12a0
[  646.256885][    T6]  kthread+0x421/0x510
[  646.261853][    T6]  ? worker_clr_flags+0x180/0x180
[  646.266979][    T6]  ? kthread_blkcg+0xd0/0xd0
[  646.271386][    T6]  ret_from_fork+0x1f/0x30
[  646.275832][    T6]  </TASK>
[  646.279158][    T6] 
[  646.281624][    T6] Allocated by task 13648:
[  646.286066][    T6]  ____kasan_kmalloc+0xdb/0x110
[  646.291050][    T6]  __kasan_kmalloc+0x9/0x10
[  646.295449][    T6]  kmem_cache_alloc_trace+0x115/0x210
[  646.300743][    T6]  binder_thread_write+0x9f5/0x6ec0
[  646.305903][    T6]  binder_ioctl_write_read+0x205/0x7300
[  646.311806][    T6]  binder_ioctl+0x371/0x2640
[  646.316307][    T6]  __se_sys_ioctl+0x114/0x190
[  646.321093][    T6]  __x64_sys_ioctl+0x7b/0x90
[  646.325830][    T6]  x64_sys_call+0x98/0x9a0
[  646.330294][    T6]  do_syscall_64+0x3b/0xb0
[  646.334579][    T6]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  646.340275][    T6] 
[  646.342446][    T6] Freed by task 6:
[  646.346002][    T6]  kasan_set_track+0x4b/0x70
[  646.350427][    T6]  kasan_set_free_info+0x23/0x40
[  646.355201][    T6]  ____kasan_slab_free+0x126/0x160
[  646.360175][    T6]  __kasan_slab_free+0x11/0x20
[  646.364749][    T6]  slab_free_freelist_hook+0xbd/0x190
[  646.369967][    T6]  kfree+0xc8/0x220
[  646.373649][    T6]  binder_free_ref+0x128/0x260
[  646.378375][    T6]  binder_deferred_func+0x171c/0x1bc0
[  646.383745][    T6]  process_one_work+0x6bb/0xc10
[  646.388702][    T6]  worker_thread+0xad5/0x12a0
[  646.393355][    T6]  kthread+0x421/0x510
[  646.397303][    T6]  ret_from_fork+0x1f/0x30
[  646.401771][    T6] 
[  646.403891][    T6] The buggy address belongs to the object at ffff88811028cb80
[  646.403891][    T6]  which belongs to the cache kmalloc-64 of size 64
[  646.419005][    T6] The buggy address is located 8 bytes inside of
[  646.419005][    T6]  64-byte region [ffff88811028cb80, ffff88811028cbc0)
[  646.432926][    T6] The buggy address belongs to the page:
[  646.438509][    T6] page:ffffea000440a300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11028c
[  646.451303][    T6] flags: 0x4000000000000200(slab|zone=1)
[  646.465127][    T6] raw: 4000000000000200 ffffea0004484600 0000000700000007 ffff888100042780
[  646.474781][    T6] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[  646.484220][    T6] page dumped because: kasan: bad access detected
[  646.492003][    T6] page_owner tracks the page as allocated
[  646.499988][    T6] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 314, ts 24350500817, free_ts 24348011761
[  646.518498][    T6]  post_alloc_hook+0x1a3/0x1b0
[  646.523535][    T6]  prep_new_page+0x1b/0x110
[  646.527953][    T6]  get_page_from_freelist+0x3550/0x35d0
[  646.533428][    T6]  __alloc_pages+0x27e/0x8f0
[  646.537972][    T6]  new_slab+0x9a/0x4e0
[  646.542036][    T6]  ___slab_alloc+0x39e/0x830
[  646.546890][    T6]  __slab_alloc+0x4a/0x90
[  646.551159][    T6]  __kmalloc+0x16d/0x270
[  646.555325][    T6]  kvmalloc_node+0x1f0/0x4d0
[  646.560549][    T6]  simple_xattr_alloc+0x43/0xa0
[  646.565784][    T6]  shmem_initxattrs+0x8d/0x200
[  646.570426][    T6]  security_inode_init_security+0x252/0x390
[  646.576658][    T6]  shmem_mknod+0xb8/0x1c0
[  646.581001][    T6]  shmem_create+0x2c/0x40
[  646.586044][    T6]  path_openat+0x13a8/0x2f40
[  646.591630][    T6]  do_filp_open+0x21c/0x460
[  646.597001][    T6] page last free stack trace:
[  646.601583][    T6]  free_unref_page_prepare+0x7c8/0x7d0
[  646.606953][    T6]  free_unref_page+0xe8/0x750
[  646.611684][    T6]  __free_pages+0x61/0xf0
[  646.616189][    T6]  __free_slab+0xec/0x1d0
[  646.621519][    T6]  discard_slab+0x29/0x40
[  646.625909][    T6]  __slab_free+0x205/0x290
[  646.630360][    T6]  ___cache_free+0x109/0x120
[  646.634966][    T6]  qlink_free+0x4d/0x90
[  646.639376][    T6]  qlist_free_all+0x44/0xb0
[  646.643809][    T6]  kasan_quarantine_reduce+0x15a/0x180
[  646.649708][    T6]  __kasan_slab_alloc+0x2f/0xe0
[  646.654471][    T6]  slab_post_alloc_hook+0x53/0x2c0
[  646.659416][    T6]  kmem_cache_alloc+0xf5/0x200
[  646.664027][    T6]  getname_flags+0xba/0x520
[  646.668355][    T6]  getname+0x19/0x20
[  646.672095][    T6]  do_sys_openat2+0xd7/0x820
[  646.676518][    T6] 
[  646.678688][    T6] Memory state around the buggy address:
[  646.684262][    T6]  ffff88811028ca80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  646.692157][    T6]  ffff88811028cb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  646.700065][    T6] >ffff88811028cb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  646.708122][    T6]                       ^
[  646.712599][    T6]  ffff88811028cc00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  646.720565][    T6]  ffff88811028cc80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  646.728954][    T6] ==================================================================
[  646.736895][    T6] Disabling lock debugging due to kernel taint
[  646.743530][    T6] general protection fault, probably for non-canonical address 0xf75bfc54c0000000: 0000 [#1] PREEMPT SMP KASAN
[  646.755264][    T6] KASAN: maybe wild-memory-access in range [0xbae002a600000000-0xbae002a600000007]
[  646.764567][    T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G    B             5.15.167-syzkaller-android13-5.15.167_r00 #0
[  646.778399][    T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  646.789484][    T6] Workqueue: events binder_deferred_func
[  646.795525][    T6] RIP: 0010:__list_del_entry_valid+0x75/0x120
[  646.802397][    T6] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 cc 90 48 ff 49 8b 17 4c 39 f2 75
[  646.824910][    T6] RSP: 0018:ffffc90000067c00 EFLAGS: 00010a07
[  646.831522][    T6] RAX: 175c0054c0000000 RBX: ffff888105984900 RCX: ffffffff826a1859
[  646.839600][    T6] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff88811028cb80
[  646.847829][    T6] RBP: ffffc90000067c20 R08: ffffffff8141997b R09: 0000000000000003
[  646.855979][    T6] R10: fffffbfff0e9a04c R11: dffffc0000000001 R12: dffffc0000000000
[  646.864438][    T6] R13: ffff88811028cb80 R14: ffff88811028cb80 R15: bae002a600000006
[  646.872790][    T6] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  646.883149][    T6] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  646.890120][    T6] CR2: 000000110c2e6129 CR3: 0000000006a0f000 CR4: 00000000003506b0
[  646.899095][    T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  646.907428][    T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  646.917056][    T6] Call Trace:
[  646.920613][    T6]  <TASK>
[  646.923428][    T6]  ? __die_body+0x62/0xb0
[  646.927599][    T6]  ? die_addr+0x9f/0xd0
[  646.931590][    T6]  ? exc_general_protection+0x311/0x4b0
[  646.937043][    T6]  ? check_panic_on_warn+0x65/0xb0
[  646.941998][    T6]  ? asm_exc_general_protection+0x27/0x30
[  646.948332][    T6]  ? check_panic_on_warn+0x5b/0xb0
[  646.953720][    T6]  ? __list_del_entry_valid+0x49/0x120
[  646.960103][    T6]  ? __list_del_entry_valid+0x75/0x120
[  646.965733][    T6]  binder_release_work+0xcd/0x680
[  646.971147][    T6]  binder_deferred_func+0x1847/0x1bc0
[  646.976639][    T6]  ? read_word_at_a_time+0x12/0x20
[  646.981943][    T6]  process_one_work+0x6bb/0xc10
[  646.986808][    T6]  worker_thread+0xad5/0x12a0
[  646.991441][    T6]  kthread+0x421/0x510
[  646.995323][    T6]  ? worker_clr_flags+0x180/0x180
[  647.000815][    T6]  ? kthread_blkcg+0xd0/0xd0
[  647.005660][    T6]  ret_from_fork+0x1f/0x30
[  647.009998][    T6]  </TASK>
[  647.013082][    T6] Modules linked in:
[  647.016903][    T6] ---[ end trace 56162b7ec97dfa33 ]---
[  647.022671][    T6] RIP: 0010:__list_del_entry_valid+0x75/0x120
[  647.030396][    T6] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 cc 90 48 ff 49 8b 17 4c 39 f2 75
[  647.053149][    T6] RSP: 0018:ffffc90000067c00 EFLAGS: 00010a07
[  647.061199][    T6] RAX: 175c0054c0000000 RBX: ffff888105984900 RCX: ffffffff826a1859
[  647.070818][    T6] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff88811028cb80
[  647.079288][    T6] RBP: ffffc90000067c20 R08: ffffffff8141997b R09: 0000000000000003
[  647.088566][    T6] R10: fffffbfff0e9a04c R11: dffffc0000000001 R12: dffffc0000000000
[  647.097912][    T6] R13: ffff88811028cb80 R14: ffff88811028cb80 R15: bae002a600000006
[  647.106276][    T6] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  647.115357][    T6] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  647.121922][    T6] CR2: 000000110c2e6129 CR3: 0000000006a0f000 CR4: 00000000003506b0
[  647.131071][    T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  647.141925][    T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  647.150860][    T6] Kernel panic - not syncing: Fatal exception
[  647.158090][    T6] Kernel Offset: disabled
[  647.162756][    T6] Rebooting in 86400 seconds..