last executing test programs:

6.260180344s ago: executing program 2 (id=362):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
close(r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffc, 0xa}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x0, 0x0, 0x0, {}, {}, 0x6}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_setup(0x3, &(0x7f0000000340))

5.96501875s ago: executing program 2 (id=363):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000180)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@barrier_val={'barrier', 0x3d, 0xb24}}, {@init_itable}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@inlinecrypt}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
socket$tipc(0x1e, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
clock_gettime(0xffffffc3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x0)
bind$bt_hci(r5, &(0x7f0000000140), 0x6)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)

4.887090564s ago: executing program 2 (id=365):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="48000000100005040000005f596da400008809", @ANYRES32=r2], 0x48}}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = getpid()
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x7, 0x0, 0x1, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = eventfd(0x0)
r9 = eventfd(0x0)
r10 = eventfd(0x0)
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000100)={r10, 0x0, 0x2, r9})
ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000040)={r10, 0x0, 0x2, r8})
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r11=>0xffffffffffffffff})
recvmmsg(r11, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
ptrace$setregs(0x5996661490f1bbfc, r3, 0x40, &(0x7f0000000340)="9dc426d74fdd72ab966cd487d6dad74fc580a5df5fb4f9d62eb4f2753f25ba79d0c742f68343569b2635183a6f329cb47d6b9cdb0a11f2c145cdf27c49a0f7272c152b501e10e92141cea020906f01e6362e2c25f0e990d8bd5b81ef6e9ca9f7c18c4fc6b8b5c0631cdd6b9896c62f31e4186824ffcc90d21c4c45bd3f46e3d64f6b86d1db180e7a1b520322e26c6cc3d73c73ca1a445240661df5a7e36d6e27f220757ca11ee70eab5a88308a3e6503")

3.977980273s ago: executing program 4 (id=370):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000900)=0x6) (async, rerun: 64)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r5 = accept$inet(0xffffffffffffffff, &(0x7f0000000940)={0x2, 0x0, @private}, &(0x7f0000000980)=0x10)
setsockopt$inet_mreqsrc(r5, 0x0, 0x26, &(0x7f0000000a40)={@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010100, @multicast2}, 0xc) (async)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000008c0)={r0, &(0x7f0000000780)="fb1414531b990887ba9f68970907cee4fc1e1429c1e6b6f8f07341c2474b8a4a7f54cbcf74b68863dc696e10bdbedadf6369666df4662278292b47ef9739cc0826ac6da1ca5c6814933f1df33f84c816a04f5e63e48298a384e049901e2d27d0b9c625a2e36c50df03d00d0e9fa7aca71a85459dd7a7a2bad22ef2ea6aecf7fa9375e8674b514d4a6be8c84b4053c676b2d742607fe8f4fbcb2b13c0a838c41d1db182b7f8e202b7edb85250b3a6f94a51f6aed4a522a72a1741b7aa0730d84868a8c33e18b0cbd6689efc5d97960b57610b99f73465495b13660e56a664aa071ca250aecb9feaa80a88a205c943153228b7", &(0x7f0000000880)=@tcp6=r6, 0x1}, 0x20) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (rerun: 64)
stat(&(0x7f0000000600)='./file2\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file2\x00', 0x280880f, &(0x7f0000000700)={[], [{@fowner_gt={'fowner>', r7}}, {@fsuuid={'fsuuid', 0x3d, {[0x54, 0x39, 0x39, 0x32, 0x39, 0x61, 0x36, 0x62], 0x2d, [0x33, 0x0, 0x37, 0x39], 0x2d, [0x1, 0x38, 0x6a, 0x65], 0x2d, [0x62, 0x34, 0x37, 0x66], 0x2d, [0x62, 0x61, 0x65, 0x39, 0x66, 0x33, 0x31, 0x36]}}}]}, 0x2f, 0x4fd, &(0x7f0000000100)="$eJzs3dFrW18dAPDvvW1+v3XrTKc+zIFzuEk3dGm7uq34MB2IPg3U+T5rm5XStBltuq1luA7/AEFEBUH0RV8E/4CB7E8QYaDvoqKIbvrgw/RKkpu6ZUlbXdor7ecDp/ecw7n5npM0J/fce0kCOLLORcTNiMjSLLsUEeW8Ps1TbLVTs93LF4/mmimJLLv9l5FI8rpms2b+/XzfE/luxyLiK1+M+Hrydty1jc2l2VqtupqXJxrLyass27y8uDy7UF2orkxPT12buT5zdWZyIOMci4gbn//Dd7/10y/c+MWnHvz2zp8ufqM9wLbOOAYtiZG36oYjYnU/ghWkOZ5Snr+6W+Mn+98fAAD6ax7vfzAiPh4Rl6IcQ62jOQAAAOAwyT47Gq+SiAwAAAA4tNKIGI0kreT3+45GmlYq7Xt4PxzH01p9rfHJrLx9vmAsSundxVp1Mr93YCxKSbM8ld9j2ylf6SpPR8SpiPhOeaRVrszVa/OFnvkAAACAo+NE1/r/7+X2+h8AAAA4ZMaK7gAAAACw76z/AQAA4PCz/gcAAIBD7Uu3bjVT1vn96/n7G+tL9fuX56trS5Xl9bnKXH31XmWhXl9ofWff8m6PV6vX7306VtYfTjSqa42JtY3NO8v19ZXGncXWz4EDAAAABTj1sWe/SSJi6zMjaafuvXxbisiG8vzTn/zwdDE9BPZL+t80/v3+9QM4eENFdwAozHDRHQAKUyq6A0Dh3p4H3jwy6Hvzzi93f+zkVZb9j90CAAAGaPwj29f/Wyleu/6fPC60a8A+y6//J0nRHQEOnOv/cHS5/gdHV2mnIwCLAjj00j281d/l+n+bewAAAKBoo62UpJV8HTAaaVqpRJxs/SxAKbm7WKtORsQHIuLX5dL7zfJUa8/E6QEAAAAAAAAAAAAAAAAAAAAAAAAA2KMsSyIDAAAADrWI9I9J6zzAUIyXL4x2nx94L/lHubWNiAc/uP29h7ONxupUs/6v2/WN7+f1V4o4gwEAAAB066zTO+t4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABikly8ezXXSQcb9882IGOsVfziOtbbHohQRx/+WxPBr+yURMTSA+FtPIuJ0r/hJs1sxlveiO34aESMFxz8xgPhwlD1rzj+f6/X+S+Nca9v7/Tecp3fVf/5Lt+e/oT7z38k9xjjz/OcTfeM/iTgz3Hv+6cRP+sQ/v3PYUifzta9ubvZrlP04Yrzn50/yRqyJxvK9ibWNzcuLy7ML1YXqyvT01LWZ6zNXZyYn7i7WqvnfnjG+/dGn/9pp/Mf7xB/bZfwXdh7/tn8+f/jiQ13PSXTKP8qyi+d7v/6nW9ty1h2/89n3ifxzoFke7+S32vnXnf3Zr87uNP75PuPf7fW/uMfxX/ryN3+3x6YAwAFY29hcmq3VqqsyRyYzssfG2eP2/8i7Bx2JAxzgbPyfPM/503eQYx9gpshZCQAA2A//OegvuicAAAAAAAAAAAAAAAAAAABwdO32NWAxgK8T6465VcxQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB29O8AAAD//7fE3E8=")
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00001009040000022a3e740009058bff7f000010110905", @ANYBLOB="8d"], 0x0) (async)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
clock_nanosleep(0x8, 0x0, &(0x7f0000000000)={0x0, 0x989680}, 0x0)
r8 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000a80), 0x8000, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r8, 0x9205)

3.918849549s ago: executing program 2 (id=371):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
close(r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffc, 0xa}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x0, 0x0, 0x0, {}, {}, 0x6}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_setup(0x3, &(0x7f0000000340))

3.794589189s ago: executing program 4 (id=373):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r1}, 0x10)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0)

3.79342092s ago: executing program 3 (id=374):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
mkdir(0x0, 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0)

3.771791472s ago: executing program 4 (id=376):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000540)={[{@discard}, {@noinit_itable}, {@noauto_da_alloc}, {@errors_remount}, {@block_validity}, {@dioread_nolock}]}, 0x3, 0x45b, &(0x7f00000010c0)="$eJzs281rHOUfAPDvTJL217dfYq0vfVGjVQy+JE1atQcvioIHBcFLPcYkLbXbRpoIthStIvUoBcGjeBT8CzzpRdST4FXvUijSi9XTyuzOdF+6u0nTTabNfj4w2eeZeWbn+c4zz+4z82QDGFjj2Z8kYmdE/B4Ro/Vsa4Hx+sv1axfm/rl2YS6JavWtv5Jaub+vXZgrihb77cgzE2lE+mkS+zscd+nc+VOzlcrC2Tw/tXz6vamlc+efPXl69sTCiYUzM0ePHjk8/cLzM8/1Jc57srru+3DxwN7X3r78xtyxy+/8/G1SxN8WR5+M99r4RLXa58OVa1dTOhlexQ5D61gZVi1rhqy5Rmr9fzSGotF4o/HqJ6VWDlhX1VyXzRerwCaWRNk1AMpRfNFn97/FsnGjj/Jdfal+A5TFfT1f6luGI83LjLTd3/bTeEQcu/jvV9kS6/McAgCgxffZ+OeZTuO/NO5vKvf/2FqbGxrL51J2R8S9EbEnIu6LqJV9ICIe7HSQHhMC7ZMkN49/0itrj25l2fjvxXxuq3X8V4z+Ymwoz+2qxT+SHD9ZWThUOycREzGyNctP9zjGD6/89nm3bc3jv2zJjl+MBfN6XBne2rrP/Ozy7O3E3OzqxxH7hjvFn9yYCUgiYm9E7FvjMU4+9c2BbttWjr+H1cwzraD6dcST9fa/GG3xF5Le85NT/4vKwqGp4qq42S+/Xnqz2/FvK/4+yNp/e8fr/0b8Y0nzfO3Srbx7vXdf+uOzrvc0k2u6/hsrtuSvH8wuL5+djtiSvF6vdPP6mca+Rb4on8U/cbBz/98djTOxPyKyi/ihiHg4Ih7Jo3s0Ih6LiIM9zsJPLz/+bq8zVHb7z7e1/1hrkbb2byS2RPuazomhUz9+1/qOjeTqPv+O1FIT+Zra59+XveNaTb1u9WoGAACAu1UaETsjSSdvpNN0crL+P/x7YntaWVxafvr44vtn5uu/ERiLkbR40jXa9Dx0Or+tL/IzbfnD+XPjL4a21fKTc4uV+bKDhwG3o0v/z/zpNxqw+fVhHg24S+n/MLj0fxhc+j8Mrg79f1sZ9QA2Xqfv/49KqAew8dr6v2k/GCDu/2Fw6f8wuJr7f1JiPYANtbQtVv6R/GZIVKvV6h1Qjc2TiPSOqEZ/Esk694KdZQd464myP5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6478AAAD//+Jk61o=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
membarrier(0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000080), 0xffffff85)
mknod(&(0x7f0000000100)='./bus\x00', 0x20, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r3}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000040), 0x100020000000e, 0x10500)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x6611)
write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="2b696f202b637075202b6e65745f636c73202b6370756143637400006458777b9589f65bcc6a4b701460b7c3920fb42f6a1f83ddc41f1bf15e35647df748493084eb5c9b5320673b1e6d68c700a098e60aca0f57c12b8fcfef7c70b2647b3eeefcfc0fdc7c177adafc5064c319e821b4e2039bc504e88cf30aa20cd259f89d70016b88e478320eb429168475d7981d2c583ed4fc5479aa87fdcf3a8875ff7a3db224dc9f6129b1f1"], 0x2f)
socket(0x10, 0x3, 0x0)
r4 = socket(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
getsockopt(r5, 0x1, 0x6, &(0x7f0000000080)=""/104, &(0x7f0000000100)=0x68)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$uac1(0x2, 0xa8, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x96, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc}, @input_terminal={0xc, 0x24, 0x2, 0x4}, @processing_unit={0xd, 0x24, 0x7, 0x3, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x0, 0x0, 0x2, "f6f8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x20000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
socket(0x10, 0x803, 0x0)

3.684387269s ago: executing program 2 (id=377):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, <r0=>0x0}, &(0x7f00000000c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90)
io_setup(0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000000))
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10)
syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]})

3.67211833s ago: executing program 3 (id=378):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0000900000005f7a312d9563"], 0x0, 0x0, 0x0, 0x0}, 0x0)

1.817626462s ago: executing program 2 (id=383):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, <r0=>0x0}, &(0x7f00000000c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90)
io_setup(0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000000))
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10)
syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]})

1.813834642s ago: executing program 0 (id=393):
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) (async)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000100)=""/29)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000180))
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
ioctl$int_out(r2, 0x2, &(0x7f0000000380)) (async)
ioctl$int_out(r2, 0x2, &(0x7f0000000380))
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x20, 0xda, 0xfb, 0x20, 0x499, 0x1010, 0x5f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x6f, 0x2b, 0xae, 0x0, [], [{{0x9, 0x5, 0x85, 0xe50c5d80f30f71da, 0x20}}]}}]}}]}}, 0x0)

1.783854665s ago: executing program 1 (id=385):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1000401, &(0x7f0000000000)={[{@resgid}, {@noload}, {@noblock_validity}]}, 0x84, 0x497, &(0x7f0000001540)="$eJzs3MtvG8UfAPDvrvPoO/n1Vx59QAMFEVFImrRAD0gIBFIvSEhwgGNIQ1XqtqgJEq0q2iJUjoi/ADgi8RdwggsCTiCucEdIFeqlhQMyWns3cWLXuHYdh/rzkdaZ2dfM7OxkZ3e8DmBgTWQfScS2iPglIsZq0dUrTNT+3Lx+cf7P6xfnk6hUXv1jtLrejesX54tVi+225pHJNCL9MIm9TdJdPH/h1Fy5vHAuj08vnX5nevH8hSdPnp47sXBi4czs0aNHDs888/TsU3eknFm5bux5/+y+3cfe+OTl+Uq8+f2XWX635cvry1Ez3nWaEzERlUqlkq6aO1L9fLTrvW8s2yPiSh5OhvqcGdpWioisuoar7X8sSrFSeWPx0gd9zRzQU9n1abRhbin/O5RkyzfVrQvcTRLtGgZUccXP7n+Lab36HhvBteezz4Vq+W/mU23JUGT37cl47Y691KP0t0XE65f/+jSboulzCACAO+vrrP/zRLP+Xxr31q23Ix9DGY+IgxGxMyL+HxG7IuKeiOq690XE/beZfnX86cpKvLH/89PmjgvXhqz/92w+trW6/7c8ajNeymPbq+UfTt46WV44lB+TyRgezeIzLdL45sWfP77Vsom6/l82ZekXfcE8H78PrXlAd3xuaa6bMte7diViz1Cz8ifLIwFJROyOiD0d7D87Zicf/2JfFt6xtXH5v5e/lcsd5Gi1yucRj9Xq/3KsKX8hqQ2R3Gp8cnpTlBcOTRdnRaMffrz6Sn18uC7cXfm7l9X/lqbnf17+ohkU47WLbe54ZCV49deP8n02NuVOz/+R5LVVybw3t7R0biZiZCQa58+ubFvEi/Wz8k8eiLiaDwTXt/+dEX9/lm+3NyKyk/iBiHgwIvbneX8oIh6OiAMtDsV3LzzyduuD1d/6P96q/iPGk/rx+g4CpVPfflXsbLkq838u7dX/kWpoMp/Tzv+/djN4J44hAAAAbHRpdQw6SaeWw2k6NVX7Dv+u2JKWzy4uHZyId88cr41Vj8dwWjzpGqt7HjqTPxsu4rNr4ocj4n/Vbxptrsan5s+Wt/e78DDgtt6i/Wd+69WXXoCN47be10p6lw9g/XlfEwZX2+1/uLf5ANaf6z8MLu0fBlez9n8p4mYfsgKss9u6/j/Xu3wA669V+/fID+5u7v9hcGn/MJAaX4kvfqOhkzf9VwI7j3W1+QAFSj3ac9T/aEcPApH2/dB1Hkg3Qjb254HRiGh3q0s9rdO15w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3z8BAAD//yxO2No=")
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000340)=ANY=[])
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x3fd, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', <r6=>0x0})
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000040)=0x61a4, 0x4)
setsockopt$sock_int(r7, 0x1, 0x29, &(0x7f0000000080)=0x2, 0x4)
sendmsg$can_raw(r7, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r6}, 0x10, 0x0}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000180), 0x0}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x0, <r10=>0x0}, 0x8)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{0x1, <r11=>0xffffffffffffffff}, 0x0, &(0x7f0000000680)='%pS    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x1d, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000490000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005c0000008500000006000000185000000e000000000000000000000018110000", @ANYRES32=r9], &(0x7f0000000380)='GPL\x00', 0x0, 0x1f, &(0x7f00000003c0)=""/31, 0x41100, 0x2, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f0000000700)=[r11], &(0x7f0000000740)=[{0x3, 0x1, 0x8, 0x9}, {0x3, 0x2, 0x7, 0x6}, {0x3, 0x1, 0xa, 0x4}, {0x0, 0x5, 0xc, 0x2}, {0x0, 0x5, 0x3, 0x6}], 0x10, 0xdaa}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1c, 0x1a, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @ringbuf_query, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x1, 0x3, 0x9, 0x0, 0x6, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x8, 0x91, &(0x7f00000006c0)=""/145, 0x40f00, 0xc, '\x00', r6, 0x3, r0, 0x8, &(0x7f00000003c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f00000007c0)=[r1, r4, 0xffffffffffffffff, r1], &(0x7f0000000800)=[{0x3, 0x3, 0x1, 0x9}, {0x5, 0x4, 0xf, 0x1}, {0x5, 0x3, 0xa, 0xb}, {0x0, 0x4, 0x8f, 0xc}, {0x3, 0x5, 0x3, 0x1}]}, 0x90)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)

1.621042919s ago: executing program 4 (id=386):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xffffff36}, 0x90)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180)={0x0, 0x6}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5c05}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
move_mount(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x1, 0x2002)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000380)=ANY=[@ANYBLOB="f0000002ac140400000001000000000012ac54ee553a2dd6e1644c5d1dd320ae077f6884b2882cc14ed3b8804806efab08aac98d5e25c0056b890655b5efdeb74d520ebc27a89d6068cbcde49bfdf2ca6a1400cbecbefbd82a23d6a57bd7dd4b4d3575fb6a9736760325727978103f630d64ea1ce3b9c795816f73cad1622aa278b645abb969fccf4efcf2e4e9695714685e8549210ad0f23ae9a9"], 0x10)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x40000}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x8, 0x7fe2, 0x1}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0x7}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="b52dc88df144a2ab21494d398cf49ba3e3cf893af6fd98491a7b5d803b55ebc2c4b8230c0ec384eab9e44a5a"], 0x0, 0x51, 0x20, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)

1.6103799s ago: executing program 1 (id=387):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
mkdir(0x0, 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0)

1.581140582s ago: executing program 0 (id=388):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
close(r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffc, 0xa}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x0, 0x0, 0x0, {}, {}, 0x6}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00'}, 0x10)
io_setup(0x3, &(0x7f0000000340))

1.49699984s ago: executing program 4 (id=389):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000070a00006a0a00fe0000000c850000005a000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x3, 0x401, 0x100, 0x800, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x8}, 0x48)
syz_mount_image$ext4(&(0x7f0000000ec0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8004, &(0x7f0000000100)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1}}, {@acl}, {@norecovery}, {@resuid}, {@jqfmt_vfsold}, {@usrjquota}, {@acl}, {@oldalloc}, {@errors_remount}]}, 0xdf, 0x468, &(0x7f0000000780)="$eJzs289vFFUcAPDvzG4BQdmKiIIgVTRp/NHSgsrBxGg08aCJiR7wWNtCkIUaWhMhjVZj8GhIvBuPJv4FnjwZ9WTiFY8mhoQoMQG9uGZ2Z0q77JbWbtlN9/NJBt6befve+3bmzb6dtxtA3xrK/kki7o6IyxFRaWSXFxhq/Hfj2vzk39fmJ5Oo1d78I6mXu35tfrKWK163I69zOI1IP03yRmJgabWz5y+cnqhWp8/l+dG5M++Nzp6/8PSpMxMnp09Onx0/duzokbHnnh1/pkWvf7u01jiz+K7v+3Bm/95X3770+uTxS+/8+E3W3z0HGsezONZa5+0MZYH/2fjbNB97vNONddm/tZtxJuVu94bVKkVEOR+cl6MSpbh58irxyidd7RywobJ79tb2hxdqwCaWRLd7AHRH8Uafff4ttjs09egJV19sfADK4r6Rb40j5UjzMgMb2P5QRBxf+OfLbIum5xC1Fs8NAADW67ts/vNUq/lfGnuWlNuZrw0NRsS9EbErIu6LiN0RcX9EvewDEfHgGtsfasrfOv9Mr/yvwFYpm/89n69tLZ//FbO/GCzluXvq8Q8kJ05Vpw/nf5PhGNia5cdaVV5U8fIvn7drf+n8L9uy9ou5YF7JlXLjAd22Ys/UxNxEpyalVz+O2FduFX+yuBKQRMTeiNi3tqp3FolTT3y9v12h28e/gg6sM9W+KiqZX4im+AvJyuuTo9uiOn14tLgqbvXTzxffaNf+uuLvgOz8b19+/TeVqPyVLF2vnV088MJq27j462dtP1OWV3/9L8qu/y3JW/U13S35vg8m5ubOjUVsSV6r55ftH7/52iJflM/iHz7Uevzvyl+Txf9QRGQX8YGIeDgiDubn7pGIeDQiDq0Q/w8vPfZuu2O9cP6nWt7/Fq//weXnf+2J0unvv23X/uruf0frqeF8T/3+dxvtu1PcRpuuZgAAANjE0vp345N0ZDGdpiMjje/w747taXVmdu7JEzPvn51qfId+MAbS4klXZcnz0LFkIa+xkR/PnxUXx4/kz42/KN1Vz49MzlSnuhw79LsdbcZ/5vdSt3sHbDi/14L+1Tz+0y71A7jzvP9D/zL+oX8Z/9C/Wo3/j5ry1gJgM6pVut0DoHvM/6F/Gf/Qv4x/6Evr+V3/RiXKK/x6X6JXEpH2RDd6JnGwh0ZTuQOju8s3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA75LwAA///foPki")
openat(0xffffffffffffff9c, &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x18e)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x2, &(0x7f0000000440)=0x40, 0x4)
setsockopt$inet6_int(r3, 0x29, 0x8, &(0x7f0000000000)=0xffffff80, 0x4)
getsockopt$inet6_buf(r3, 0x29, 0x6, &(0x7f0000034780)=""/102391, &(0x7f0000000180)=0x18ff7)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r5, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_group_source_req(r5, 0x0, 0x2b, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16, @ANYRES32], 0x34}}, 0x0)
arch_prctl$ARCH_REQ_XCOMP_PERM(0x1023, 0x12)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x275a, 0x0)

1.49584272s ago: executing program 1 (id=400):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1000401, &(0x7f0000000000)={[{@resgid}, {@noload}, {@noblock_validity}]}, 0x84, 0x497, &(0x7f0000001540)="$eJzs3MtvG8UfAPDvrvPoO/n1Vx59QAMFEVFImrRAD0gIBFIvSEhwgGNIQ1XqtqgJEq0q2iJUjoi/ADgi8RdwggsCTiCucEdIFeqlhQMyWns3cWLXuHYdh/rzkdaZ2dfM7OxkZ3e8DmBgTWQfScS2iPglIsZq0dUrTNT+3Lx+cf7P6xfnk6hUXv1jtLrejesX54tVi+225pHJNCL9MIm9TdJdPH/h1Fy5vHAuj08vnX5nevH8hSdPnp47sXBi4czs0aNHDs888/TsU3eknFm5bux5/+y+3cfe+OTl+Uq8+f2XWX635cvry1Ez3nWaEzERlUqlkq6aO1L9fLTrvW8s2yPiSh5OhvqcGdpWioisuoar7X8sSrFSeWPx0gd9zRzQU9n1abRhbin/O5RkyzfVrQvcTRLtGgZUccXP7n+Lab36HhvBteezz4Vq+W/mU23JUGT37cl47Y691KP0t0XE65f/+jSboulzCACAO+vrrP/zRLP+Xxr31q23Ix9DGY+IgxGxMyL+HxG7IuKeiOq690XE/beZfnX86cpKvLH/89PmjgvXhqz/92w+trW6/7c8ajNeymPbq+UfTt46WV44lB+TyRgezeIzLdL45sWfP77Vsom6/l82ZekXfcE8H78PrXlAd3xuaa6bMte7diViz1Cz8ifLIwFJROyOiD0d7D87Zicf/2JfFt6xtXH5v5e/lcsd5Gi1yucRj9Xq/3KsKX8hqQ2R3Gp8cnpTlBcOTRdnRaMffrz6Sn18uC7cXfm7l9X/lqbnf17+ohkU47WLbe54ZCV49deP8n02NuVOz/+R5LVVybw3t7R0biZiZCQa58+ubFvEi/Wz8k8eiLiaDwTXt/+dEX9/lm+3NyKyk/iBiHgwIvbneX8oIh6OiAMtDsV3LzzyduuD1d/6P96q/iPGk/rx+g4CpVPfflXsbLkq838u7dX/kWpoMp/Tzv+/djN4J44hAAAAbHRpdQw6SaeWw2k6NVX7Dv+u2JKWzy4uHZyId88cr41Vj8dwWjzpGqt7HjqTPxsu4rNr4ocj4n/Vbxptrsan5s+Wt/e78DDgtt6i/Wd+69WXXoCN47be10p6lw9g/XlfEwZX2+1/uLf5ANaf6z8MLu0fBlez9n8p4mYfsgKss9u6/j/Xu3wA669V+/fID+5u7v9hcGn/MJAaX4kvfqOhkzf9VwI7j3W1+QAFSj3ac9T/aEcPApH2/dB1Hkg3Qjb254HRiGh3q0s9rdO15w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3z8BAAD//yxO2No=")
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000340)=ANY=[])
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x3fd, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', <r6=>0x0})
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000040)=0x61a4, 0x4)
setsockopt$sock_int(r7, 0x1, 0x29, &(0x7f0000000080)=0x2, 0x4)
sendmsg$can_raw(r7, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r6}, 0x10, 0x0}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000180), 0x0}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x0, <r10=>0x0}, 0x8)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{0x1, <r11=>0xffffffffffffffff}, 0x0, &(0x7f0000000680)='%pS    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x1d, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000490000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005c0000008500000006000000185000000e000000000000000000000018110000", @ANYRES32=r9], &(0x7f0000000380)='GPL\x00', 0x0, 0x1f, &(0x7f00000003c0)=""/31, 0x41100, 0x2, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f0000000700)=[r11], &(0x7f0000000740)=[{0x3, 0x1, 0x8, 0x9}, {0x3, 0x2, 0x7, 0x6}, {0x3, 0x1, 0xa, 0x4}, {0x0, 0x5, 0xc, 0x2}, {0x0, 0x5, 0x3, 0x6}], 0x10, 0xdaa}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1c, 0x1a, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @ringbuf_query, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x1, 0x3, 0x9, 0x0, 0x6, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x8, 0x91, &(0x7f00000006c0)=""/145, 0x40f00, 0xc, '\x00', r6, 0x3, r0, 0x8, &(0x7f00000003c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f00000007c0)=[r1, r4, 0xffffffffffffffff, r1], &(0x7f0000000800)=[{0x3, 0x3, 0x1, 0x9}, {0x5, 0x4, 0xf, 0x1}, {0x5, 0x3, 0xa, 0xb}, {0x0, 0x4, 0x8f, 0xc}, {0x3, 0x5, 0x3, 0x1}]}, 0x90)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)

1.14747246s ago: executing program 1 (id=390):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8c}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00'}, 0x10)
getrlimit(0xe, &(0x7f0000000180))
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)

1.122922332s ago: executing program 0 (id=391):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000000000000000181100", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400})

942.653898ms ago: executing program 1 (id=392):
clock_gettime(0x0, 0x0)

916.26041ms ago: executing program 0 (id=394):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x2, 0x10000, 0x5, 0x0, 0x1}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)={0x0, <r0=>0x0})
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x238804}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, 0x3e9, 0x10, 0x70bd28, 0x25dfdbfe, {0x43, 0x0, 0x0, r0, 0x6, 0x80000000, 0x9b38, 0x4, 0x0, 0x7, 0x5}, ["", "", "", "", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x11)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$loop_ctrl(0xffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000c80)=0x9)
socket$netlink(0x10, 0x3, 0x4)
getpgid(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r6=>0x0}, &(0x7f0000cab000)=0xa)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
syz_emit_ethernet(0x4e, &(0x7f0000000100)=ANY=[@ANYBLOB="85a2fa90e20700000000000086dd6000000000180000fe8000000000000000000000000000bbff020000000000000000000000000001860090"], 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000002c0)={0x0, @loopback, @local}, &(0x7f00000004c0)=0xc)
setresgid(0x0, r6, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc)
sendmmsg$unix(r4, &(0x7f0000002fc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b40)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, r6}}}], 0x20}}], 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x1ff)

838.317447ms ago: executing program 1 (id=395):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, <r0=>0x0}, &(0x7f00000000c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90)
io_setup(0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000000))
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10)
syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]})

507.915826ms ago: executing program 3 (id=396):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r2 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES8=r1], 0x20}}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x10, 0x7ffc1ffb}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000740)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES8=r0, @ANYBLOB="0000000000000000b702000014000882b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095", @ANYRES8=r1, @ANYRES16=r4], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0x1}, &(0x7f0000000240), &(0x7f00000002c0)}, 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0)
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x2, &(0x7f0000ffc000/0x2000)=nil)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRESHEX, @ANYBLOB="00000000000000001800128008000100736974000c00028008000100", @ANYBLOB="08000300", @ANYRES32, @ANYBLOB], 0x40}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x15, &(0x7f00000007c0)=@raw=[@cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffb}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x5}, @generic={0x6, 0x7, 0x6, 0x4, 0xff}, @map_val={0x18, 0x2, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @map_val={0x18, 0x7, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x3}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xed}}, @map_val={0x18, 0xa, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x200}], &(0x7f0000000380)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x5e, '\x00', r7}, 0x90)
syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x2100084c, &(0x7f0000000880)=ANY=[@ANYBLOB="00f66699597632735e3c76254a1282348e814eb8673b2cf6e07772de57f4f4df76c135aa22482f8addf4b47112e2b0f3435cfb82d33abc59897deb68aa51f86731446f82a9935c5a14aa576bdc602d7da8490756f37d9fcd6fcd90187a842ebe03266f40852ad452a37a0bb7fa88389b49c60c849454545814a38ba77634ed8f2f283fd49610227f4bd5272346a0c333be63ea5437ed19c655b7aef626a20e0643e6f966d36fb0ef10b95d95f73d37ad720d2282ba04f9f8d304c46a3a0500489516a1af9efe7924dc13deaea85c48194b13dc170c799e7ac9f71b75779d59b1f3e875982327801d40535069f50297c9d591763ddfed1e5aaadba7231e"], 0x7e, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==")
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000500)=ANY=[@ANYBLOB="006370756163637420006e65745f636c7320fffffffffffffbf7a879ead664fc3ddd0b2064376f473bf437498e250689e9edfd3f25fd6a39d4af8a622990f9b457de3a33b44b6e29ae6367968eee73fff51eaac2be00000000000000"], 0x22)
mkdir(&(0x7f0000000200)='./control\x00', 0x0)
inotify_init1(0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={@local, @multicast1}, &(0x7f00000001c0)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000, 0x0, r2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000340)={0xffffffffffffffff, 0x1, 0xc7, 0x8, @vifc_lcl_ifindex=r7, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)

255.184148ms ago: executing program 4 (id=397):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000100)={[{@noinline_xattr}, {@io_bits={'io_bits', 0x3d, 0xcd}}, {@four_active_logs}, {@jqfmt_vfsv1}, {@inline_xattr}, {@user_xattr}, {@noflush_merge}, {@fsync_mode_posix}, {@noinline_dentry}, {@noextent_cache}]}, 0x21, 0x552d, &(0x7f000000abc0)="$eJzs3EtvG1UUAODjpOmbEiEW7DqoQkqk2qrTh2BXoBUP0aoqsGAFju1abmxPFDtOyIoFS8SCf4JAYsWS38CCNTvEAsQOCeS5E2gKlZDixKT5Pml85t65c+beURTpzFgO4NhazH77pRIX4kxEzEfE+Yhiv1JuhZspvBARFyNi7pGtUvb/1XEyIs5GxIVJ8pSzUh764vL40vWf3/712+9PnTj35Tc/zG7VwKy9FBH99bS/1U8x76T4sOxvjLtF7F8blzEd6K+V7TzFrfZqkWGrsTuuUcSrnTQ+X98cTuKDXqM5iZ3ug6J/fZAuOBx3dvMUJzxsbBTtVnu1iN1hXsTOTprX9k7637YzHKU8rTLfx0X6GI12Y+pvb7fTetbXitgcjMr+lDdvtbcncVzG8nLRzHutYh6r+7nT/2svvtMdbG5n4/bGsJsPsuu1+su1+o1qfSNvtUfta9VGv3XjWrbU6U2GVUftRv9mJ887vXatmfeXs6VOs1mt17OlW+3VbmOQ1eu1q7Ur1evL5d7l7I2772e9VrY0ia91B5ujbm+YPcg3snTGcrZSu/rKcnapnr1751527/7t23fuvffhrQ/uvnrnrdfLQf+YVra0cmVlpVq/Ul2pL+/vBhyp9X9aTnqK64d9qcx6AgBHj/ofmIWDq/837kccfP0f6v+pOFL173Gv/w9g/bAv6n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGPrx4Wv3ix2FlP7XNn/TNn1XNmuRMRcRPzxL+bj5J6c82WehSeMX3hsDt9VosgwucapcjsbETfL7fdnD/ouAAAAwNPr608ufp6q9fSxOOsJcZjSQ5u58x9NKV8lIhYWf5pStrnJx/NTSlb8fZ+I7SllKx5gnZ5SsvTI7cS0sv0n83vC6UdCJYW5x8+Y2moBAICZ2VsJHG4VAgAAwGH67IlH1g51HhyySuy+ytx9F1x88/7vl31nUturPwAAADi6KrOeAAAAAHDgivrf7/8BAADA0y39/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+ycy+5aQNxHID/NrjQl4qq7nuV7uAYPUKXXVYcoJfgCOQKuQBnILscIYIIj4NCRB7EY6xE3yfZgy3zmxkei5mRBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLV9VydvHv5/+2OZttO3l6AwAAAByzrpaz+sUkXX9u7n9tbn1vrouIKCPi2Nh9EB8OMgdNTvXI89WDNlxG1Am7OkbN8SkifqVjG9+6/hQAAADgXRruTqv5YppG6+k06btVtHbCd5gmbcovvzNVXURENbnOlFbu8n5kCqt/38P4mymtnsAaZwpLU27DXGkvUv/d97N243tFkYry6fdn6zsAAHBGg4PivKMQAAAAzulP3w2gCx+ffaKIu6XM/VLgKBXjgwiLfQAAAPB2FX03AAAAAOhcPf4/Zf+/6Gf/v7ix/x8AAAC8Wtr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC6tq+VsNV9M2+Zstu3k6Q0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9LCoRAEETBnPG/k77/YSVBzyBCBDQ8qqhFAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7Ny/b9xUHADwZ/t8/QGII6AbghBIDLDQ67W0dEMMoIiBPwEpSq8l9MqPNgOtKqQsbChzFwQjQkigsPUfYOqG1EpdytbhhiKxsByyz845TSUuRLEvyecjPb/vOY7f99lSlK+fEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDR6bxon2aYzieNi373Ht1ay/v4TfebOxoPFrGVxVGfSB8Mr1Q9Rt7lEAAAAODqSsr4PITxMN5eyPu7k9X9aHpPV/N8/N4nLev7Jur/sy9o/a7/9+uilrYE6k3Gyk15aHQ5O70yltX+znG/P/+cRrfzK589ekvyGxB+uvzhK8+sZfXv37vvtPDxWR7YAwP9xquyLoPx9KOv7TSYGwJHRqhTeZf2fdJrNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAOo/XwTBlHIYTF1jTO3H98a+Vp/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8GkJoavR3i+lf+XiGg0No5PrsV/DPeDze1Xcdbz7nPQVxcbPnJZ+DETT4QwkAgEMpLVpW1z9MN5eyfdFCCOMfttf/b1TiMGP9/+iT8/eqY1Xr/35tM5x/vbWrX/Su37j51urV5cuDy4PP3j7Tf6d/9sK5cxd6+bOSnicmAAAA7E27aNX6P17Yuf5/shKHGev/L7/rfz0d6Y98q/7fabro13QmAAAAR9sLr/39V/SU/VG7Hb5aXlu71p9stz6fmWwbSHXXjhWtWv8nC01nBQAAANRhtB5tW/+/WInDjOv/z/748s/VcyYhhBPF+v+plc+HF+ubzlyr48+Jm54jAAAAzTpRtOr6f5q//x9vvfIQhxDefH0SF/8GcKb6P/ngm5+qYyWV9//P1jfFuRR3J9cj77shtLrbvvx7Y4kBAABwKB0vWlbs/5luLn36y8mP2t7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjbvwEAAP//E41CoA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xf0})
fstat(r0, &(0x7f0000000340))

145.317707ms ago: executing program 3 (id=398):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000580)={@dev={0xfe, 0x80, '\x00', 0x29}}, 0x20)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000003e00250304000000000000000a"], 0x14}}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r5, 0x10, 0x70bd29, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0xbbf}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x4004896)
syz_pidfd_open(r3, 0x0)

132.439859ms ago: executing program 3 (id=399):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x8, &(0x7f00000000c0)={[{@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'iso8859-13'}}, {@fat=@fmask={'fmask', 0x3d, 0xe0}}, {@fat=@usefree}, {@numtail}, {@uni_xlate}, {@shortname_win95}, {@shortname_winnt}, {@uni_xlateno}, {@fat=@discard}]}, 0x1, 0x23c, &(0x7f0000000740)="$eJzs3b9rE28YAPAn37TfhkJJB6EIQk9cnEJbcU+RCmJAUTLoZLEtSlMLFgo6WDf/Cf0XdHQVHMTVf0AEqYKL3ToIkfba2B8XE6XnFf18lnu4931yz3t3uXAH9+bWqaXFueWVhY2N9ahUSjFQj3pslmI0/otypB5Hhu3GelYLAHDMbbbb8bWdKroWAODP6Pr7n3nTDwD8DXrd/5fSxdWstkq+pQEAOfH8HwD+Pddv3Lw83WjMXEuSSsTSk9XmajNdpu3TC3E3WjEfE1GNbxHtjjS+eKkxM5Fs+TQazaW1nfy11WZ5f/5kjOw8LziUP5mk9ucPxvBO/vvhmI+pqMaJ7O1PZeb/H2fP7Nl+Larx7nYsRyvmtovo5I/HZJJcuNI4kD+03Q8AAAAAAAAAAAAAAAAAAAAAAPJQSzoy5++p1bq1p/n9zw90cH6edqnYkQMAAAAAAAAAAAAAAAAAAMDxsfLg4eJsqzV//2fBvbfPX3fWDPablRnsvvT/m+lHGIyc/vi0W59yj/0zEDkW9mq8yN3SZ/Bm/c7Jcytj5wsrY+s0PLym66n1pRqRrtl7TH/pW9AteFHosdgddc/OY8/qsy8fffjc7yf3unKUj/hKBAAAAAAAAAAAAAAAAAAAHH4Xul9D+RQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX48f//+QVFjxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL4HAAD//xS6lRw=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)

43.423496ms ago: executing program 0 (id=401):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
mkdir(0x0, 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0)

7.82232ms ago: executing program 0 (id=402):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1000401, &(0x7f0000000000)={[{@resgid}, {@noload}, {@noblock_validity}]}, 0x84, 0x497, &(0x7f0000001540)="$eJzs3MtvG8UfAPDvrvPoO/n1Vx59QAMFEVFImrRAD0gIBFIvSEhwgGNIQ1XqtqgJEq0q2iJUjoi/ADgi8RdwggsCTiCucEdIFeqlhQMyWns3cWLXuHYdh/rzkdaZ2dfM7OxkZ3e8DmBgTWQfScS2iPglIsZq0dUrTNT+3Lx+cf7P6xfnk6hUXv1jtLrejesX54tVi+225pHJNCL9MIm9TdJdPH/h1Fy5vHAuj08vnX5nevH8hSdPnp47sXBi4czs0aNHDs888/TsU3eknFm5bux5/+y+3cfe+OTl+Uq8+f2XWX635cvry1Ez3nWaEzERlUqlkq6aO1L9fLTrvW8s2yPiSh5OhvqcGdpWioisuoar7X8sSrFSeWPx0gd9zRzQU9n1abRhbin/O5RkyzfVrQvcTRLtGgZUccXP7n+Lab36HhvBteezz4Vq+W/mU23JUGT37cl47Y691KP0t0XE65f/+jSboulzCACAO+vrrP/zRLP+Xxr31q23Ix9DGY+IgxGxMyL+HxG7IuKeiOq690XE/beZfnX86cpKvLH/89PmjgvXhqz/92w+trW6/7c8ajNeymPbq+UfTt46WV44lB+TyRgezeIzLdL45sWfP77Vsom6/l82ZekXfcE8H78PrXlAd3xuaa6bMte7diViz1Cz8ifLIwFJROyOiD0d7D87Zicf/2JfFt6xtXH5v5e/lcsd5Gi1yucRj9Xq/3KsKX8hqQ2R3Gp8cnpTlBcOTRdnRaMffrz6Sn18uC7cXfm7l9X/lqbnf17+ohkU47WLbe54ZCV49deP8n02NuVOz/+R5LVVybw3t7R0biZiZCQa58+ubFvEi/Wz8k8eiLiaDwTXt/+dEX9/lm+3NyKyk/iBiHgwIvbneX8oIh6OiAMtDsV3LzzyduuD1d/6P96q/iPGk/rx+g4CpVPfflXsbLkq838u7dX/kWpoMp/Tzv+/djN4J44hAAAAbHRpdQw6SaeWw2k6NVX7Dv+u2JKWzy4uHZyId88cr41Vj8dwWjzpGqt7HjqTPxsu4rNr4ocj4n/Vbxptrsan5s+Wt/e78DDgtt6i/Wd+69WXXoCN47be10p6lw9g/XlfEwZX2+1/uLf5ANaf6z8MLu0fBlez9n8p4mYfsgKss9u6/j/Xu3wA669V+/fID+5u7v9hcGn/MJAaX4kvfqOhkzf9VwI7j3W1+QAFSj3ac9T/aEcPApH2/dB1Hkg3Qjb254HRiGh3q0s9rdO15w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3z8BAAD//yxO2No=")
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000340)=ANY=[])
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x3fd, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', <r6=>0x0})
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000040)=0x61a4, 0x4)
setsockopt$sock_int(r7, 0x1, 0x29, &(0x7f0000000080)=0x2, 0x4)
sendmsg$can_raw(r7, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r6}, 0x10, 0x0}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000180), 0x0}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x0, <r10=>0x0}, 0x8)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{0x1, <r11=>0xffffffffffffffff}, 0x0, &(0x7f0000000680)='%pS    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x1d, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000490000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005c0000008500000006000000185000000e000000000000000000000018110000", @ANYRES32=r9], &(0x7f0000000380)='GPL\x00', 0x0, 0x1f, &(0x7f00000003c0)=""/31, 0x41100, 0x2, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f0000000700)=[r11], &(0x7f0000000740)=[{0x3, 0x1, 0x8, 0x9}, {0x3, 0x2, 0x7, 0x6}, {0x3, 0x1, 0xa, 0x4}, {0x0, 0x5, 0xc, 0x2}, {0x0, 0x5, 0x3, 0x6}], 0x10, 0xdaa}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1c, 0x17, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x1, 0x3, 0x9, 0x0, 0x6, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x8, 0x91, &(0x7f00000006c0)=""/145, 0x40f00, 0xc, '\x00', r6, 0x3, r0, 0x8, &(0x7f00000003c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f00000007c0)=[r1, r4, 0xffffffffffffffff, r1], &(0x7f0000000800)=[{0x3, 0x3, 0x1, 0x9}, {0x5, 0x4, 0xf, 0x1}, {0x5, 0x3, 0xa, 0xb}, {0x0, 0x4, 0x8f, 0xc}, {0x3, 0x5, 0x3, 0x1}]}, 0x90)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)

0s ago: executing program 3 (id=403):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='mountinfo\x00')
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000280)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x40000000004)

kernel console output (not intermixed with test programs):

x2d0
[   65.450538][ T1082]  ? __ia32_sys_read+0x90/0x90
[   65.455133][ T1082]  ? debug_smp_processor_id+0x17/0x20
[   65.460340][ T1082]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   65.466243][ T1082]  __x64_sys_bpf+0x7c/0x90
[   65.470492][ T1082]  x64_sys_call+0x87f/0x9a0
[   65.474834][ T1082]  do_syscall_64+0x3b/0xb0
[   65.479086][ T1082]  ? clear_bhb_loop+0x55/0xb0
[   65.483601][ T1082]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   65.486160][  T410] bio_check_eod: 78602 callbacks suppressed
[   65.486181][  T410] syz.3.18: attempt to access beyond end of device
[   65.486181][  T410] loop3: rw=524288, sector=89784, nr_sectors = 8 limit=40427
[   65.489324][ T1082] RIP: 0033:0x7f610d97cef9
[   65.495095][  T410] syz.3.18: attempt to access beyond end of device
[   65.495095][  T410] loop3: rw=524288, sector=89792, nr_sectors = 8 limit=40427
[   65.508592][ T1082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.508610][ T1082] RSP: 002b:00007f610e77c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   65.508629][ T1082] RAX: ffffffffffffffda RBX: 00007f610db35f80 RCX: 00007f610d97cef9
[   65.508642][ T1082] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000011
[   65.514979][  T410] syz.3.18: attempt to access beyond end of device
[   65.514979][  T410] loop3: rw=524288, sector=89800, nr_sectors = 8 limit=40427
[   65.526392][ T1082] RBP: 00007f610e77c090 R08: 0000000000000000 R09: 0000000000000000
[   65.526406][ T1082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   65.526417][ T1082] R13: 0000000000000000 R14: 00007f610db35f80 R15: 00007ffe24b943d8
[   65.526433][ T1082]  </TASK>
[   65.530819][ T1058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.163'.
[   65.546795][  T410] syz.3.18: attempt to access beyond end of device
[   65.546795][  T410] loop3: rw=524288, sector=89808, nr_sectors = 8 limit=40427
[   65.560628][ T1058] netlink: 48 bytes leftover after parsing attributes in process `syz.0.163'.
[   65.572778][  T410] syz.3.18: attempt to access beyond end of device
[   65.572778][  T410] loop3: rw=524288, sector=89816, nr_sectors = 8 limit=40427
[   65.591504][ T1087] FAULT_INJECTION: forcing a failure.
[   65.591504][ T1087] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.605327][  T410] syz.3.18: attempt to access beyond end of device
[   65.605327][  T410] loop3: rw=524288, sector=89824, nr_sectors = 8 limit=40427
[   65.607677][ T1087] CPU: 1 PID: 1087 Comm: syz.4.171 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   65.612379][  T410] syz.3.18: attempt to access beyond end of device
[   65.612379][  T410] loop3: rw=524288, sector=89832, nr_sectors = 8 limit=40427
[   65.618123][ T1087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   65.618136][ T1087] Call Trace:
[   65.618141][ T1087]  <TASK>
[   65.618147][ T1087]  dump_stack_lvl+0x151/0x1b7
[   65.618170][ T1087]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   65.728885][ T1087]  ? _parse_integer+0x2a/0x40
[   65.733394][ T1087]  dump_stack+0x15/0x1c
[   65.737379][ T1087]  should_fail_ex+0x3d0/0x520
[   65.741890][ T1087]  should_fail+0xb/0x10
[   65.745880][ T1087]  should_fail_usercopy+0x1a/0x20
[   65.750742][ T1087]  _copy_from_user+0x1e/0xc0
[   65.755168][ T1087]  iovec_from_user+0xc7/0x320
[   65.759680][ T1087]  ? kasan_set_track+0x4b/0x70
[   65.764279][ T1087]  ? kasan_save_free_info+0x2b/0x40
[   65.769317][ T1087]  __import_iovec+0x70/0x430
[   65.773743][ T1087]  import_iovec+0xe5/0x120
[   65.777996][ T1087]  copy_msghdr_from_user+0x527/0x670
[   65.783127][ T1087]  ? sendmsg_copy_msghdr+0x70/0x70
[   65.788067][ T1087]  __sys_sendmsg+0x236/0x390
[   65.792491][ T1087]  ? ____sys_sendmsg+0x9a0/0x9a0
[   65.797265][ T1087]  ? __kasan_check_write+0x14/0x20
[   65.802212][ T1087]  ? mutex_unlock+0xb2/0x260
[   65.806648][ T1087]  ? __kasan_check_write+0x14/0x20
[   65.811586][ T1087]  ? __ia32_sys_read+0x90/0x90
[   65.816186][ T1087]  ? debug_smp_processor_id+0x17/0x20
[   65.821394][ T1087]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   65.827293][ T1087]  __x64_sys_sendmsg+0x7f/0x90
[   65.831907][ T1087]  x64_sys_call+0x16a/0x9a0
[   65.836291][ T1087]  do_syscall_64+0x3b/0xb0
[   65.840484][ T1087]  ? clear_bhb_loop+0x55/0xb0
[   65.844999][ T1087]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   65.850729][ T1087] RIP: 0033:0x7f305257cef9
[   65.854994][ T1087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.874423][ T1087] RSP: 002b:00007f30532ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   65.882669][ T1087] RAX: ffffffffffffffda RBX: 00007f3052735f80 RCX: 00007f305257cef9
[   65.890478][ T1087] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[   65.898289][ T1087] RBP: 00007f30532ca090 R08: 0000000000000000 R09: 0000000000000000
[   65.906099][ T1087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   65.913916][ T1087] R13: 0000000000000000 R14: 00007f3052735f80 R15: 00007fff811d06d8
[   65.921727][ T1087]  </TASK>
[   65.927327][  T410] syz.3.18: attempt to access beyond end of device
[   65.927327][  T410] loop3: rw=524288, sector=89840, nr_sectors = 8 limit=40427
[   65.941581][  T934] snd-usb-audio: probe of 1-1:0.0 failed with error -2
[   65.948250][  T410] syz.3.18: attempt to access beyond end of device
[   65.948250][  T410] loop3: rw=524288, sector=89848, nr_sectors = 8 limit=40427
[   65.948379][  T410] syz.3.18: attempt to access beyond end of device
[   65.948379][  T410] loop3: rw=524288, sector=89856, nr_sectors = 8 limit=40427
[   65.976917][  T934] usb 1-1: USB disconnect, device number 8
[   65.986751][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   66.005482][ T1089] loop2: detected capacity change from 0 to 512
[   66.042101][ T1089] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   66.444621][ T1106] loop1: detected capacity change from 0 to 1024
[   66.453111][  T292] EXT4-fs (loop2): unmounting filesystem.
[   66.499753][ T1106] EXT4-fs: Ignoring removed orlov option
[   66.509899][ T1111] FAULT_INJECTION: forcing a failure.
[   66.509899][ T1111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   66.522787][ T1111] CPU: 1 PID: 1111 Comm: syz.4.175 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   66.532199][ T1111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   66.542123][ T1111] Call Trace:
[   66.545215][ T1111]  <TASK>
[   66.548010][ T1111]  dump_stack_lvl+0x151/0x1b7
[   66.552509][ T1111]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   66.557813][ T1111]  dump_stack+0x15/0x1c
[   66.561791][ T1111]  should_fail_ex+0x3d0/0x520
[   66.566308][ T1111]  should_fail+0xb/0x10
[   66.570297][ T1111]  should_fail_usercopy+0x1a/0x20
[   66.575189][ T1111]  _copy_from_user+0x1e/0xc0
[   66.579588][ T1111]  __se_sys_memfd_create+0x131/0x3e0
[   66.584718][ T1111]  __x64_sys_memfd_create+0x5b/0x70
[   66.589742][ T1111]  x64_sys_call+0x871/0x9a0
[   66.594079][ T1111]  do_syscall_64+0x3b/0xb0
[   66.598333][ T1111]  ? clear_bhb_loop+0x55/0xb0
[   66.602849][ T1111]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   66.608572][ T1111] RIP: 0033:0x7f305257cef9
[   66.612831][ T1111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.632267][ T1111] RSP: 002b:00007f30523fee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   66.640512][ T1111] RAX: ffffffffffffffda RBX: 00000000000002c7 RCX: 00007f305257cef9
[   66.648323][ T1111] RDX: 00007f30523feef0 RSI: 0000000000000000 RDI: 00007f30525ef839
[   66.656134][ T1111] RBP: 0000000020000a40 R08: 00007f30523febb7 R09: 00007f30523fee40
[   66.663951][ T1111] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000280
[   66.671768][ T1111] R13: 00007f30523feef0 R14: 00007f30523feeb0 R15: 0000000020000340
[   66.679621][ T1111]  </TASK>
[   66.700301][ T1106] EXT4-fs (loop1): Test dummy encryption mode enabled
[   66.747336][ T1106] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   66.856112][   T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   67.316367][ T1127] loop4: detected capacity change from 0 to 1024
[   67.322804][ T1127] EXT4-fs: Ignoring removed oldalloc option
[   67.329029][   T24] usb 1-1: Using ep0 maxpacket: 8
[   67.334097][ T1127] EXT4-fs: Mount option(s) incompatible with ext2
[   67.471149][  T291] EXT4-fs (loop1): unmounting filesystem.
[   67.506102][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   67.516892][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   67.527043][   T24] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[   67.535931][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.567508][   T24] usb 1-1: config 0 descriptor??
[   67.583490][   T28] audit: type=1400 audit(1725779826.969:225): avc:  denied  { write } for  pid=1126 comm="syz.4.180" path="socket:[19964]" dev="sockfs" ino=19964 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   67.771974][   T28] audit: type=1400 audit(1725779826.969:226): avc:  denied  { nlmsg_write } for  pid=1126 comm="syz.4.180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   67.826077][   T39] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   67.827523][ T1121] loop2: detected capacity change from 0 to 40427
[   67.862957][ T1121] F2FS-fs (loop2): invalid crc value
[   67.880217][ T1121] F2FS-fs (loop2): Found nat_bits in checkpoint
[   67.943859][ T1121] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   68.257055][   T28] audit: type=1400 audit(1725779827.629:227): avc:  denied  { write } for  pid=1133 comm="syz.3.182" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   68.316227][   T39] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   68.336119][   T24] usbhid 1-1:0.0: can't add hid device: -71
[   68.342574][   T24] usbhid: probe of 1-1:0.0 failed with error -71
[   68.447075][   T24] usb 1-1: USB disconnect, device number 9
[   68.646120][   T39] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   68.654981][   T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.676066][   T39] usb 2-1: Product: syz
[   68.680068][   T39] usb 2-1: Manufacturer: syz
[   68.684490][   T39] usb 2-1: SerialNumber: syz
[   68.686705][ T1140] loop4: detected capacity change from 0 to 40427
[   68.699897][   T39] usb 2-1: config 0 descriptor??
[   68.712681][ T1140] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   68.720381][ T1140] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   68.730567][ T1140] F2FS-fs (loop4): Found nat_bits in checkpoint
[   68.775765][ T1140] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   68.782718][ T1140] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   68.814941][   T28] audit: type=1400 audit(1725779828.199:228): avc:  denied  { create } for  pid=1139 comm="syz.4.183" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   68.964219][ T1131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.181'.
[   68.989353][ T1131] netlink: 48 bytes leftover after parsing attributes in process `syz.1.181'.
[   69.033395][   T39] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[   69.104789][   T39] usb 2-1: USB disconnect, device number 6
[   69.136459][   T28] audit: type=1400 audit(1725779828.459:229): avc:  denied  { setopt } for  pid=1159 comm="syz.0.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   69.292164][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   69.705317][   T28] audit: type=1400 audit(1725779829.089:230): avc:  denied  { read } for  pid=1139 comm="syz.4.183" name="file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   69.768487][   T28] audit: type=1400 audit(1725779829.089:231): avc:  denied  { rename } for  pid=1139 comm="syz.4.183" name="file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   70.399014][ T1181] netlink: 40 bytes leftover after parsing attributes in process `syz.3.195'.
[   70.422886][ T1183] loop2: detected capacity change from 0 to 1024
[   70.453720][ T1183] EXT4-fs: Ignoring removed orlov option
[   70.473305][ T1183] EXT4-fs (loop2): Test dummy encryption mode enabled
[   70.497290][  T410] bio_check_eod: 53306 callbacks suppressed
[   70.497304][  T410] syz.3.18: attempt to access beyond end of device
[   70.497304][  T410] loop3: rw=524288, sector=88632, nr_sectors = 8 limit=40427
[   70.517104][  T410] syz.3.18: attempt to access beyond end of device
[   70.517104][  T410] loop3: rw=524288, sector=88640, nr_sectors = 8 limit=40427
[   70.519588][ T1183] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   70.530968][  T410] syz.3.18: attempt to access beyond end of device
[   70.530968][  T410] loop3: rw=524288, sector=88648, nr_sectors = 8 limit=40427
[   70.553406][  T410] syz.3.18: attempt to access beyond end of device
[   70.553406][  T410] loop3: rw=524288, sector=88656, nr_sectors = 8 limit=40427
[   70.567880][  T410] syz.3.18: attempt to access beyond end of device
[   70.567880][  T410] loop3: rw=524288, sector=88664, nr_sectors = 8 limit=40427
[   70.581500][  T410] syz.3.18: attempt to access beyond end of device
[   70.581500][  T410] loop3: rw=524288, sector=88672, nr_sectors = 8 limit=40427
[   70.595033][  T410] syz.3.18: attempt to access beyond end of device
[   70.595033][  T410] loop3: rw=524288, sector=88680, nr_sectors = 8 limit=40427
[   70.608567][  T410] syz.3.18: attempt to access beyond end of device
[   70.608567][  T410] loop3: rw=524288, sector=88688, nr_sectors = 8 limit=40427
[   70.622500][  T410] syz.3.18: attempt to access beyond end of device
[   70.622500][  T410] loop3: rw=524288, sector=88696, nr_sectors = 8 limit=40427
[   70.649616][  T410] syz.3.18: attempt to access beyond end of device
[   70.649616][  T410] loop3: rw=524288, sector=88704, nr_sectors = 8 limit=40427
[   70.667806][ T1197] netlink: 24 bytes leftover after parsing attributes in process `syz.1.198'.
[   70.796324][  T294] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   70.854447][ T1200] loop0: detected capacity change from 0 to 1024
[   70.930271][ T1200] EXT4-fs: quotafile must be on filesystem root
[   70.996069][   T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   71.003730][ T1203] FAULT_INJECTION: forcing a failure.
[   71.003730][ T1203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   71.016945][ T1203] CPU: 1 PID: 1203 Comm: syz.3.200 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   71.026389][ T1203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   71.036284][ T1203] Call Trace:
[   71.039409][ T1203]  <TASK>
[   71.042274][ T1203]  dump_stack_lvl+0x151/0x1b7
[   71.046785][ T1203]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   71.052077][ T1203]  ? queue_work_on+0x135/0x170
[   71.056694][ T1203]  dump_stack+0x15/0x1c
[   71.060670][ T1203]  should_fail_ex+0x3d0/0x520
[   71.065207][ T1203]  should_fail+0xb/0x10
[   71.069181][ T1203]  should_fail_usercopy+0x1a/0x20
[   71.074035][ T1203]  _copy_to_user+0x1e/0x90
[   71.078291][ T1203]  simple_read_from_buffer+0xc7/0x150
[   71.083500][ T1203]  proc_fail_nth_read+0x1a3/0x210
[   71.088360][ T1203]  ? proc_fault_inject_write+0x390/0x390
[   71.093822][ T1203]  ? fsnotify_perm+0x470/0x5d0
[   71.098426][ T1203]  ? security_file_permission+0x86/0xb0
[   71.103803][ T1203]  ? proc_fault_inject_write+0x390/0x390
[   71.109277][ T1203]  vfs_read+0x26c/0xad0
[   71.113280][ T1203]  ? kernel_read+0x1f0/0x1f0
[   71.117700][ T1203]  ? mutex_lock+0xb1/0x1e0
[   71.121948][ T1203]  ? bit_wait_io_timeout+0x120/0x120
[   71.127069][ T1203]  ? __fdget_pos+0x2e2/0x390
[   71.131491][ T1203]  ? ksys_read+0x77/0x2c0
[   71.135669][ T1203]  ksys_read+0x199/0x2c0
[   71.139740][ T1203]  ? __ia32_sys_recv+0xb0/0xb0
[   71.144338][ T1203]  ? vfs_write+0xeb0/0xeb0
[   71.148593][ T1203]  ? debug_smp_processor_id+0x17/0x20
[   71.153799][ T1203]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   71.159709][ T1203]  __x64_sys_read+0x7b/0x90
[   71.164037][ T1203]  x64_sys_call+0x28/0x9a0
[   71.168289][ T1203]  do_syscall_64+0x3b/0xb0
[   71.172551][ T1203]  ? clear_bhb_loop+0x55/0xb0
[   71.177056][ T1203]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   71.182786][ T1203] RIP: 0033:0x7f2172b7b93c
[   71.187049][ T1203] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   71.206477][ T1203] RSP: 002b:00007f21738f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   71.214739][ T1203] RAX: ffffffffffffffda RBX: 00007f2172d35f80 RCX: 00007f2172b7b93c
[   71.222537][ T1203] RDX: 000000000000000f RSI: 00007f21738f70a0 RDI: 0000000000000008
[   71.230347][ T1203] RBP: 00007f21738f7090 R08: 0000000000000000 R09: 0000000000000000
[   71.238159][ T1203] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000001
[   71.245966][ T1203] R13: 0000000000000000 R14: 00007f2172d35f80 R15: 00007ffedda832d8
[   71.253986][ T1203]  </TASK>
[   71.360627][  T294] usb 5-1: Using ep0 maxpacket: 8
[   71.367400][  T292] EXT4-fs (loop2): unmounting filesystem.
[   71.407611][   T28] audit: type=1400 audit(1725779830.799:232): avc:  denied  { unlink } for  pid=1199 comm="syz.0.199" name="#9" dev="tmpfs" ino=275 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   71.447033][   T28] audit: type=1400 audit(1725779830.829:233): avc:  denied  { unmount } for  pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   71.516108][  T294] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   71.536059][  T294] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   71.546274][   T24] usb 2-1: device descriptor read/64, error -71
[   71.558373][  T294] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[   71.577444][  T294] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.595926][  T294] usb 5-1: config 0 descriptor??
[   71.666069][  T352] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   71.673399][    T6] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   71.721452][ T1209] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.728411][ T1209] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.735558][ T1209] device bridge_slave_0 entered promiscuous mode
[   71.744257][ T1209] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.751317][ T1209] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.758594][ T1209] device bridge_slave_1 entered promiscuous mode
[   71.821744][ T1209] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.828620][ T1209] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.835679][ T1209] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.842502][ T1209] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.872742][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   71.880794][  T934] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.888115][  T934] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.909675][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   71.918268][  T934] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.925207][  T934] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.933260][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   71.941108][   T24] usb 2-1: device descriptor read/64, error -71
[   71.947727][  T934] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.954555][  T934] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.961805][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   71.969657][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   71.991691][ T1209] device veth0_vlan entered promiscuous mode
[   71.998251][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   72.016848][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   72.025131][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   72.032613][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   72.036142][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   72.050390][  T352] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   72.069140][ T1209] device veth1_macvtap entered promiscuous mode
[   72.081954][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   72.098242][    T6] usb 3-1: New USB device found, idVendor=056a, idProduct=033c, bcdDevice= 0.00
[   72.115470][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.124754][  T586] device bridge_slave_1 left promiscuous mode
[   72.131451][  T586] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.139147][  T586] device bridge_slave_0 left promiscuous mode
[   72.145064][  T586] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.153222][  T586] device veth1_macvtap left promiscuous mode
[   72.159431][  T586] device veth0_vlan left promiscuous mode
[   72.166644][    T6] usb 3-1: config 0 descriptor??
[   72.226101][  T294] usbhid 5-1:0.0: can't add hid device: -71
[   72.231929][  T294] usbhid: probe of 5-1:0.0 failed with error -71
[   72.236130][  T352] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   72.256183][   T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   72.355007][  T294] usb 5-1: USB disconnect, device number 5
[   72.531451][  T352] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.539418][  T352] usb 4-1: Product: syz
[   72.543379][  T352] usb 4-1: Manufacturer: syz
[   72.547850][  T352] usb 4-1: SerialNumber: syz
[   72.554484][  T352] usb 4-1: config 0 descriptor??
[   72.586124][   T24] usb 2-1: device descriptor read/64, error -71
[   72.609395][  T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   72.618360][  T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   72.626683][  T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   72.904989][ T1205] netlink: 4 bytes leftover after parsing attributes in process `syz.3.201'.
[   72.929537][ T1205] netlink: 48 bytes leftover after parsing attributes in process `syz.3.201'.
[   73.066162][    T6] usbhid 3-1:0.0: can't add hid device: -71
[   73.077716][    T6] usbhid: probe of 3-1:0.0 failed with error -71
[   73.098006][  T352] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[   73.109786][    T6] usb 3-1: USB disconnect, device number 4
[   73.121519][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   73.137545][  T352] usb 4-1: USB disconnect, device number 5
[   73.147268][   T24] usb 2-1: device descriptor read/64, error -71
[   73.266126][   T24] usb usb2-port1: attempt power cycle
[   73.560131][  T295] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[   73.689848][   T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[   73.702308][ T1245] FAULT_INJECTION: forcing a failure.
[   73.702308][ T1245] name failslab, interval 1, probability 0, space 0, times 0
[   73.810555][ T1245] CPU: 1 PID: 1245 Comm: syz.1.214 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   73.820201][ T1245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   73.830092][ T1245] Call Trace:
[   73.833210][ T1245]  <TASK>
[   73.835985][ T1245]  dump_stack_lvl+0x151/0x1b7
[   73.840499][ T1245]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   73.845791][ T1245]  ? __wake_up_klogd+0xd5/0x110
[   73.850477][ T1245]  dump_stack+0x15/0x1c
[   73.854468][ T1245]  should_fail_ex+0x3d0/0x520
[   73.858984][ T1245]  ? cgroup_show_path+0xa8/0x350
[   73.863755][ T1245]  __should_failslab+0xaf/0xf0
[   73.868356][ T1245]  should_failslab+0x9/0x20
[   73.872698][ T1245]  __kmem_cache_alloc_node+0x3d/0x250
[   73.877917][ T1245]  ? cgroup_show_path+0xa8/0x350
[   73.882680][ T1245]  kmalloc_trace+0x2a/0xa0
[   73.886932][ T1245]  cgroup_show_path+0xa8/0x350
[   73.891528][ T1245]  ? cgroup_finalize_control+0xa80/0xa80
[   73.896998][ T1245]  kernfs_sop_show_path+0x10d/0x140
[   73.902030][ T1245]  ? kernfs_sop_show_options+0x120/0x120
[   73.907498][ T1245]  show_mountinfo+0x23d/0x7d0
[   73.912019][ T1245]  ? show_mnt_opts+0x3b0/0x3b0
[   73.916612][ T1245]  ? vm_mmap+0xb0/0xb0
[   73.920518][ T1245]  m_show+0x66/0x70
[   73.924161][ T1245]  seq_read_iter+0x916/0xd00
[   73.928592][ T1245]  vfs_read+0x771/0xad0
[   73.932583][ T1245]  ? kernel_read+0x1f0/0x1f0
[   73.937007][ T1245]  ? mutex_lock+0xb1/0x1e0
[   73.941274][ T1245]  ? bit_wait_io_timeout+0x120/0x120
[   73.946381][ T1245]  ? __fdget_pos+0x2e2/0x390
[   73.950815][ T1245]  ? ksys_read+0x77/0x2c0
[   73.954970][ T1245]  ksys_read+0x199/0x2c0
[   73.959050][ T1245]  ? save_fpregs_to_fpstate+0x220/0x220
[   73.964432][ T1245]  ? vfs_write+0xeb0/0xeb0
[   73.968684][ T1245]  ? debug_smp_processor_id+0x17/0x20
[   73.973889][ T1245]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   73.979811][ T1245]  __x64_sys_read+0x7b/0x90
[   73.984134][ T1245]  x64_sys_call+0x28/0x9a0
[   73.988385][ T1245]  do_syscall_64+0x3b/0xb0
[   73.992638][ T1245]  ? clear_bhb_loop+0x55/0xb0
[   73.997155][ T1245]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   74.002881][ T1245] RIP: 0033:0x7f62e7f7cef9
[   74.007136][ T1245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.026585][ T1245] RSP: 002b:00007f62e8dc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   74.034828][ T1245] RAX: ffffffffffffffda RBX: 00007f62e8135f80 RCX: 00007f62e7f7cef9
[   74.042632][ T1245] RDX: 0000000000002025 RSI: 0000000020002d80 RDI: 0000000000000003
[   74.050441][ T1245] RBP: 00007f62e8dc0090 R08: 0000000000000000 R09: 0000000000000000
[   74.058251][ T1245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.066065][ T1245] R13: 0000000000000000 R14: 00007f62e8135f80 R15: 00007ffff4377698
[   74.073883][ T1245]  </TASK>
[   74.077061][  T295] usb 1-1: Using ep0 maxpacket: 8
[   74.206124][  T295] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.220231][  T295] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.237385][  T295] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[   74.248905][  T295] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.259515][  T295] usb 1-1: config 0 descriptor??
[   74.280335][ T1252] loop1: detected capacity change from 0 to 1024
[   74.302818][ T1252] EXT4-fs: Ignoring removed orlov option
[   74.309570][ T1252] EXT4-fs (loop1): Test dummy encryption mode enabled
[   74.316314][   T24] usb 2-1: device not accepting address 9, error -71
[   74.334974][ T1252] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   75.158313][  T295] kone 0003:1E7D:2CED.0008: collection stack underflow
[   75.160741][  T291] EXT4-fs (loop1): unmounting filesystem.
[   75.165128][  T295] kone 0003:1E7D:2CED.0008: item 0 1 0 12 parsing failed
[   75.178871][  T295] kone 0003:1E7D:2CED.0008: parse failed
[   75.185131][  T295] kone: probe of 0003:1E7D:2CED.0008 failed with error -22
[   75.194901][ T1264] loop2: detected capacity change from 0 to 512
[   75.224453][ T1266] loop1: detected capacity change from 0 to 1024
[   75.243224][ T1266] EXT4-fs: quotafile must be on filesystem root
[   75.250463][ T1264] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   75.422276][  T292] EXT4-fs (loop2): unmounting filesystem.
[   75.506894][  T410] bio_check_eod: 105912 callbacks suppressed
[   75.506913][  T410] syz.3.18: attempt to access beyond end of device
[   75.506913][  T410] loop3: rw=524288, sector=88568, nr_sectors = 8 limit=40427
[   75.535106][  T410] syz.3.18: attempt to access beyond end of device
[   75.535106][  T410] loop3: rw=524288, sector=88576, nr_sectors = 8 limit=40427
[   75.549131][  T410] syz.3.18: attempt to access beyond end of device
[   75.549131][  T410] loop3: rw=524288, sector=88584, nr_sectors = 8 limit=40427
[   75.562975][  T410] syz.3.18: attempt to access beyond end of device
[   75.562975][  T410] loop3: rw=524288, sector=88592, nr_sectors = 8 limit=40427
[   75.577301][  T410] syz.3.18: attempt to access beyond end of device
[   75.577301][  T410] loop3: rw=524288, sector=88600, nr_sectors = 8 limit=40427
[   75.592768][  T410] syz.3.18: attempt to access beyond end of device
[   75.592768][  T410] loop3: rw=524288, sector=88608, nr_sectors = 8 limit=40427
[   75.596462][   T28] audit: type=1400 audit(1725779834.989:234): avc:  denied  { write } for  pid=1279 comm="syz.3.221" name="raw6" dev="proc" ino=4026533155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   75.606519][  T410] syz.3.18: attempt to access beyond end of device
[   75.606519][  T410] loop3: rw=524288, sector=88616, nr_sectors = 8 limit=40427
[   75.629425][   T28] audit: type=1400 audit(1725779835.019:235): avc:  denied  { mounton } for  pid=1279 comm="syz.3.221" path="/12/file0" dev="tmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[   75.664665][  T410] syz.3.18: attempt to access beyond end of device
[   75.664665][  T410] loop3: rw=524288, sector=88624, nr_sectors = 8 limit=40427
[   75.679494][  T410] syz.3.18: attempt to access beyond end of device
[   75.679494][  T410] loop3: rw=524288, sector=88632, nr_sectors = 8 limit=40427
[   75.693405][  T410] syz.3.18: attempt to access beyond end of device
[   75.693405][  T410] loop3: rw=524288, sector=88640, nr_sectors = 8 limit=40427
[   75.806069][  T294] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   75.865649][ T1286] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.873197][ T1286] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.880675][ T1286] device bridge_slave_0 entered promiscuous mode
[   75.891286][ T1286] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.898328][ T1286] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.905487][ T1286] device bridge_slave_1 entered promiscuous mode
[   75.973609][ T1286] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.980479][ T1286] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.987588][ T1286] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.994347][ T1286] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.018681][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.025922][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.041077][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   76.049250][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   76.056568][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   76.064725][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   76.072963][  T523] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.079864][  T523] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.095522][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   76.104176][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   76.112234][  T523] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.119089][  T523] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.126317][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   76.134177][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   76.157749][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   76.165620][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   76.173926][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   76.182208][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   76.191208][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   76.199148][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   76.207845][ T1286] device veth0_vlan entered promiscuous mode
[   76.218032][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   76.225240][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   76.237124][ T1286] device veth1_macvtap entered promiscuous mode
[   76.249000][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   76.257222][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   76.265383][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   76.273355][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   76.281456][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   76.336191][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   76.344231][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   76.371325][ T1294] loop1: detected capacity change from 0 to 16
[   76.382772][ T1294] erofs: (device loop1): mounted with root inode @ nid 36.
[   76.397377][  T531] device bridge_slave_1 left promiscuous mode
[   76.404609][  T531] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.412273][  T531] device bridge_slave_0 left promiscuous mode
[   76.424783][  T531] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.434434][  T352] usb 1-1: USB disconnect, device number 10
[   76.449619][  T531] device veth1_macvtap left promiscuous mode
[   76.455515][  T531] device veth0_vlan left promiscuous mode
[   76.596130][    T6] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   76.633979][ T1295] input: syz0 as /devices/virtual/input/input7
[   76.966079][    T6] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   77.046590][   T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[   77.136122][    T6] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   77.145054][    T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.153048][    T6] usb 3-1: Product: syz
[   77.157165][    T6] usb 3-1: Manufacturer: syz
[   77.161572][    T6] usb 3-1: SerialNumber: syz
[   77.176255][    T6] usb 3-1: config 0 descriptor??
[   77.262084][ T1301] loop1: detected capacity change from 0 to 1024
[   77.271372][ T1301] EXT4-fs: Ignoring removed orlov option
[   77.277678][ T1301] EXT4-fs (loop1): Test dummy encryption mode enabled
[   77.287513][ T1301] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   77.417217][ T1292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.224'.
[   77.446343][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   77.676502][   T24] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   77.687568][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.699459][   T24] usb 1-1: Product: syz
[   77.699467][    T6] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[   77.700226][    T6] usb 3-1: USB disconnect, device number 5
[   77.710463][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   77.731622][   T24] usb 1-1: Manufacturer: syz
[   77.736504][   T24] usb 1-1: SerialNumber: syz
[   77.744959][   T24] usb 1-1: config 0 descriptor??
[   77.998357][ T1298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.225'.
[   78.007891][ T1298] netlink: 48 bytes leftover after parsing attributes in process `syz.0.225'.
[   78.037785][   T24] snd-usb-audio: probe of 1-1:0.0 failed with error -2
[   78.047790][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   78.063654][   T24] usb 1-1: USB disconnect, device number 11
[   78.127335][ T1286] EXT4-fs (loop1): unmounting filesystem.
[   78.141601][   T28] audit: type=1400 audit(1725779837.529:236): avc:  denied  { getopt } for  pid=1308 comm="syz.1.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   78.545852][ T1317] loop0: detected capacity change from 0 to 128
[   78.581854][ T1317] EXT4-fs: Ignoring removed i_version option
[   78.605207][ T1317] EXT4-fs: Ignoring removed orlov option
[   78.626181][ T1317] ext2: Unknown parameter 'func'
[   78.683012][   T28] audit: type=1400 audit(1725779838.069:237): avc:  denied  { mount } for  pid=1316 comm="syz.0.230" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[   78.709877][ T1317] loop0: detected capacity change from 0 to 1
[   78.719614][   T28] audit: type=1400 audit(1725779838.099:238): avc:  denied  { remount } for  pid=1316 comm="syz.0.230" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[   78.760084][   T28] audit: type=1400 audit(1725779838.139:239): avc:  denied  { unmount } for  pid=1209 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[   78.783764][ T1320] loop0: detected capacity change from 0 to 512
[   78.830669][ T1320] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   79.078406][ T1209] EXT4-fs (loop0): unmounting filesystem.
[   79.660259][ T1344] netlink: 40 bytes leftover after parsing attributes in process `syz.2.235'.
[   80.516097][  T410] bio_check_eod: 161308 callbacks suppressed
[   80.516116][  T410] syz.3.18: attempt to access beyond end of device
[   80.516116][  T410] loop3: rw=524288, sector=88152, nr_sectors = 8 limit=40427
[   80.535551][  T410] syz.3.18: attempt to access beyond end of device
[   80.535551][  T410] loop3: rw=524288, sector=88160, nr_sectors = 8 limit=40427
[   80.549041][  T410] syz.3.18: attempt to access beyond end of device
[   80.549041][  T410] loop3: rw=524288, sector=88168, nr_sectors = 8 limit=40427
[   80.562593][  T410] syz.3.18: attempt to access beyond end of device
[   80.562593][  T410] loop3: rw=524288, sector=88176, nr_sectors = 8 limit=40427
[   80.576330][  T410] syz.3.18: attempt to access beyond end of device
[   80.576330][  T410] loop3: rw=524288, sector=88184, nr_sectors = 8 limit=40427
[   80.576468][  T294] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[   80.589986][  T352] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[   80.597401][  T410] syz.3.18: attempt to access beyond end of device
[   80.597401][  T410] loop3: rw=524288, sector=88192, nr_sectors = 8 limit=40427
[   80.618364][  T410] syz.3.18: attempt to access beyond end of device
[   80.618364][  T410] loop3: rw=524288, sector=88200, nr_sectors = 8 limit=40427
[   80.632134][  T410] syz.3.18: attempt to access beyond end of device
[   80.632134][  T410] loop3: rw=524288, sector=88208, nr_sectors = 8 limit=40427
[   80.645929][  T410] syz.3.18: attempt to access beyond end of device
[   80.645929][  T410] loop3: rw=524288, sector=88216, nr_sectors = 8 limit=40427
[   80.660971][  T410] syz.3.18: attempt to access beyond end of device
[   80.660971][  T410] loop3: rw=524288, sector=88224, nr_sectors = 8 limit=40427
[   80.700295][ T1358] loop2: detected capacity change from 0 to 1024
[   80.706868][ T1358] EXT4-fs: Ignoring removed orlov option
[   80.712971][ T1358] EXT4-fs (loop2): Test dummy encryption mode enabled
[   80.722233][ T1358] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   81.186084][  T294] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   81.226076][  T352] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   81.366688][  T294] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   81.375747][  T294] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.383745][  T294] usb 1-1: Product: syz
[   81.387913][  T294] usb 1-1: Manufacturer: syz
[   81.392317][  T294] usb 1-1: SerialNumber: syz
[   81.396097][  T352] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   81.401585][  T294] usb 1-1: config 0 descriptor??
[   81.409761][  T352] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.418274][  T352] usb 2-1: Product: syz
[   81.422210][  T352] usb 2-1: Manufacturer: syz
[   81.426803][  T352] usb 2-1: SerialNumber: syz
[   81.438570][  T352] usb 2-1: config 0 descriptor??
[   81.575159][  T292] EXT4-fs (loop2): unmounting filesystem.
[   81.658659][ T1353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.237'.
[   81.676323][ T1353] netlink: 48 bytes leftover after parsing attributes in process `syz.0.237'.
[   81.696103][ T1356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.239'.
[   81.715720][ T1356] netlink: 48 bytes leftover after parsing attributes in process `syz.1.239'.
[   81.729382][  T294] snd-usb-audio: probe of 1-1:0.0 failed with error -2
[   81.743821][  T318] udevd[318]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   81.760787][  T352] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[   81.760997][  T294] usb 1-1: USB disconnect, device number 12
[   81.778096][  T352] usb 2-1: USB disconnect, device number 11
[   81.797640][  T318] udevd[318]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   81.875577][ T1365] loop2: detected capacity change from 0 to 40427
[   81.900202][ T1365] F2FS-fs (loop2): invalid crc value
[   81.906555][ T1365] F2FS-fs (loop2): Found nat_bits in checkpoint
[   81.950174][ T1365] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   82.269591][ T1372] loop1: detected capacity change from 0 to 512
[   82.286087][  T352] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   82.299649][ T1372] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   82.366878][ T1286] EXT4-fs (loop1): unmounting filesystem.
[   82.566072][  T294] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[   82.716095][  T352] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   82.736039][  T352] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   82.745589][  T352] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[   82.766050][  T352] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.782886][ T1390] loop1: detected capacity change from 0 to 512
[   82.803782][ T1390] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz.1.246: casefold flag without casefold feature
[   82.806469][  T352] usb 3-1: config 0 descriptor??
[   82.820998][ T1390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.246: missing EA_INODE flag
[   82.832951][ T1390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.246: error while reading EA inode 12 err=-117
[   82.845058][ T1390] EXT4-fs (loop1): 1 orphan inode deleted
[   82.850622][ T1390] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   83.016111][  T294] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   83.206355][  T294] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   83.226310][  T294] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.234175][  T294] usb 1-1: Product: syz
[   83.248391][  T294] usb 1-1: Manufacturer: syz
[   83.252800][  T294] usb 1-1: SerialNumber: syz
[   83.258025][  T294] usb 1-1: config 0 descriptor??
[   83.318742][ T1286] EXT4-fs (loop1): unmounting filesystem.
[   83.497783][ T1375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.244'.
[   83.506672][ T1375] netlink: 48 bytes leftover after parsing attributes in process `syz.0.244'.
[   83.547543][  T294] snd-usb-audio: probe of 1-1:0.0 failed with error -2
[   83.562434][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   83.566107][  T352] hid-led: probe of 0003:27B8:01ED.0009 failed with error -71
[   83.578303][  T294] usb 1-1: USB disconnect, device number 13
[   83.594829][  T352] usb 3-1: USB disconnect, device number 6
[   83.874818][ T1400] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.883064][ T1400] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.890664][ T1400] device bridge_slave_0 entered promiscuous mode
[   83.898449][ T1400] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.905361][ T1400] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.912768][ T1400] device bridge_slave_1 entered promiscuous mode
[   83.984091][ T1400] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.990969][ T1400] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.998055][ T1400] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.004827][ T1400] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.038506][ T1406] syz.0.250[1406] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   84.038608][ T1406] syz.0.250[1406] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   84.058866][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   84.095208][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.106563][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.140551][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   84.156457][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.163313][  T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.213356][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   84.222055][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.228945][  T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.237499][   T28] audit: type=1400 audit(1725779843.629:240): avc:  denied  { nlmsg_read } for  pid=1409 comm="syz.1.252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   84.258630][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   84.278716][ T1410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.252'.
[   84.289291][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   84.304028][ T1400] device veth0_vlan entered promiscuous mode
[   84.326890][  T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   84.337346][  T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   84.344632][  T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   84.359528][  T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   84.375388][ T1400] device veth1_macvtap entered promiscuous mode
[   84.384402][ T1418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.254'.
[   84.395902][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   84.413053][ T1418] FAULT_INJECTION: forcing a failure.
[   84.413053][ T1418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   84.426355][ T1418] CPU: 0 PID: 1418 Comm: syz.1.254 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   84.435798][ T1418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   84.445689][ T1418] Call Trace:
[   84.448813][ T1418]  <TASK>
[   84.451593][ T1418]  dump_stack_lvl+0x151/0x1b7
[   84.456105][ T1418]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   84.461407][ T1418]  ? _parse_integer+0x2a/0x40
[   84.465913][ T1418]  dump_stack+0x15/0x1c
[   84.469904][ T1418]  should_fail_ex+0x3d0/0x520
[   84.474422][ T1418]  should_fail+0xb/0x10
[   84.478411][ T1418]  should_fail_usercopy+0x1a/0x20
[   84.483273][ T1418]  _copy_from_user+0x1e/0xc0
[   84.487699][ T1418]  iovec_from_user+0xc7/0x320
[   84.492213][ T1418]  ? kasan_set_track+0x4b/0x70
[   84.496917][ T1418]  ? kasan_save_free_info+0x2b/0x40
[   84.501955][ T1418]  __import_iovec+0x70/0x430
[   84.506381][ T1418]  import_iovec+0xe5/0x120
[   84.510634][ T1418]  copy_msghdr_from_user+0x527/0x670
[   84.515753][ T1418]  ? sendmsg_copy_msghdr+0x70/0x70
[   84.520704][ T1418]  __sys_sendmsg+0x236/0x390
[   84.525125][ T1418]  ? ____sys_sendmsg+0x9a0/0x9a0
[   84.529902][ T1418]  ? __kasan_check_write+0x14/0x20
[   84.534845][ T1418]  ? mutex_unlock+0xb2/0x260
[   84.539275][ T1418]  ? __kasan_check_write+0x14/0x20
[   84.544223][ T1418]  ? __ia32_sys_read+0x90/0x90
[   84.548821][ T1418]  ? debug_smp_processor_id+0x17/0x20
[   84.554026][ T1418]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   84.559929][ T1418]  __x64_sys_sendmsg+0x7f/0x90
[   84.564530][ T1418]  x64_sys_call+0x16a/0x9a0
[   84.568870][ T1418]  do_syscall_64+0x3b/0xb0
[   84.573123][ T1418]  ? clear_bhb_loop+0x55/0xb0
[   84.577638][ T1418]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   84.583364][ T1418] RIP: 0033:0x7fc420d7cef9
[   84.587617][ T1418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.607059][ T1418] RSP: 002b:00007fc420bff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.615305][ T1418] RAX: ffffffffffffffda RBX: 00007fc420f35f80 RCX: 00007fc420d7cef9
[   84.623115][ T1418] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[   84.630927][ T1418] RBP: 00007fc420bff090 R08: 0000000000000000 R09: 0000000000000000
[   84.638734][ T1418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   84.646550][ T1418] R13: 0000000000000000 R14: 00007fc420f35f80 R15: 00007fffe17b94d8
[   84.654360][ T1418]  </TASK>
[   84.702892][ T1422] netlink: 40 bytes leftover after parsing attributes in process `syz.2.256'.
[   84.738859][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   84.755802][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   84.770138][ T1429] netlink: 40 bytes leftover after parsing attributes in process `syz.0.258'.
[   84.892463][ T1439] FAULT_INJECTION: forcing a failure.
[   84.892463][ T1439] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   84.914735][ T1425] loop4: detected capacity change from 0 to 40427
[   84.922225][ T1425] F2FS-fs (loop4): invalid crc value
[   84.926901][ T1439] CPU: 1 PID: 1439 Comm: syz.2.259 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   84.936788][ T1439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   84.946683][ T1439] Call Trace:
[   84.949807][ T1439]  <TASK>
[   84.952584][ T1439]  dump_stack_lvl+0x151/0x1b7
[   84.957103][ T1439]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   84.962391][ T1439]  ? fsnotify_perm+0x6a/0x5d0
[   84.966907][ T1439]  dump_stack+0x15/0x1c
[   84.970895][ T1439]  should_fail_ex+0x3d0/0x520
[   84.975413][ T1439]  should_fail+0xb/0x10
[   84.979400][ T1439]  should_fail_usercopy+0x1a/0x20
[   84.984265][ T1439]  _copy_from_user+0x1e/0xc0
[   84.988689][ T1439]  get_itimerspec64+0x267/0x450
[   84.993379][ T1439]  ? __kasan_check_write+0x14/0x20
[   84.998324][ T1439]  ? put_old_timespec32+0x230/0x230
[   85.003358][ T1439]  __x64_sys_timerfd_settime+0x129/0x220
[   85.008826][ T1439]  ? __ia32_sys_timerfd_create+0x70/0x70
[   85.014296][ T1439]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   85.020199][ T1439]  ? exit_to_user_mode_prepare+0x39/0xa0
[   85.025671][ T1439]  x64_sys_call+0x78a/0x9a0
[   85.030000][ T1439]  do_syscall_64+0x3b/0xb0
[   85.034254][ T1439]  ? clear_bhb_loop+0x55/0xb0
[   85.038767][ T1439]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   85.044496][ T1439] RIP: 0033:0x7f610d97cef9
[   85.048753][ T1439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.068190][ T1439] RSP: 002b:00007f610e75a038 EFLAGS: 00000246 ORIG_RAX: 000000000000011e
[   85.076438][ T1439] RAX: ffffffffffffffda RBX: 00007f610db36058 RCX: 00007f610d97cef9
[   85.084247][ T1439] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000003
[   85.092056][ T1439] RBP: 00007f610e75a090 R08: 0000000000000000 R09: 0000000000000000
[   85.099869][ T1439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.107680][ T1439] R13: 0000000000000001 R14: 00007f610db36058 R15: 00007ffe24b943d8
[   85.115497][ T1439]  </TASK>
[   85.120860][ T1425] F2FS-fs (loop4): Found nat_bits in checkpoint
[   85.127386][  T586] device bridge_slave_1 left promiscuous mode
[   85.136352][  T586] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.153546][  T586] device bridge_slave_0 left promiscuous mode
[   85.159506][  T295] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[   85.172565][  T586] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.189583][  T586] device dummy0 left promiscuous mode
[   85.200135][  T586] device veth1_macvtap left promiscuous mode
[   85.206447][  T586] device veth0_vlan left promiscuous mode
[   85.212229][ T1425] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   85.237019][   T28] audit: type=1326 audit(1725779844.629:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000
[   85.271105][   T28] audit: type=1326 audit(1725779844.659:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000
[   85.294362][   T28] audit: type=1326 audit(1725779844.659:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000
[   85.319946][   T28] audit: type=1326 audit(1725779844.659:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000
[   85.374989][   T28] audit: type=1326 audit(1725779844.659:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000
[   85.420515][   T28] audit: type=1326 audit(1725779844.659:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcf8ff7b890 code=0x7ffc0000
[   85.447025][   T28] audit: type=1326 audit(1725779844.659:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000
[   85.448850][ T1443] loop4: detected capacity change from 0 to 1024
[   85.470431][   T28] audit: type=1326 audit(1725779844.659:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000
[   85.499471][   T28] audit: type=1326 audit(1725779844.659:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000
[   85.516463][ T1443] EXT4-fs: Ignoring removed orlov option
[   85.526047][  T410] bio_check_eod: 177608 callbacks suppressed
[   85.526061][  T410] syz.3.18: attempt to access beyond end of device
[   85.526061][  T410] loop3: rw=0, sector=87456, nr_sectors = 8 limit=40427
[   85.535996][ T1443] EXT4-fs (loop4): Test dummy encryption mode enabled
[   85.547096][  T410] syz.3.18: attempt to access beyond end of device
[   85.547096][  T410] loop3: rw=0, sector=87464, nr_sectors = 8 limit=40427
[   85.555797][ T1443] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   85.566930][  T410] syz.3.18: attempt to access beyond end of device
[   85.566930][  T410] loop3: rw=0, sector=87472, nr_sectors = 8 limit=40427
[   85.588562][  T295] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   85.589906][  T410] syz.3.18: attempt to access beyond end of device
[   85.589906][  T410] loop3: rw=0, sector=87480, nr_sectors = 8 limit=40427
[   85.612030][  T410] syz.3.18: attempt to access beyond end of device
[   85.612030][  T410] loop3: rw=0, sector=87488, nr_sectors = 8 limit=40427
[   85.628138][  T410] syz.3.18: attempt to access beyond end of device
[   85.628138][  T410] loop3: rw=0, sector=87496, nr_sectors = 8 limit=40427
[   85.641758][  T410] syz.3.18: attempt to access beyond end of device
[   85.641758][  T410] loop3: rw=0, sector=87504, nr_sectors = 8 limit=40427
[   85.655361][  T410] syz.3.18: attempt to access beyond end of device
[   85.655361][  T410] loop3: rw=0, sector=87512, nr_sectors = 8 limit=40427
[   85.669021][  T410] syz.3.18: attempt to access beyond end of device
[   85.669021][  T410] loop3: rw=0, sector=87520, nr_sectors = 8 limit=40427
[   85.682389][  T410] syz.3.18: attempt to access beyond end of device
[   85.682389][  T410] loop3: rw=0, sector=87528, nr_sectors = 8 limit=40427
[   86.030450][  T295] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   86.042730][  T295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.050631][  T295] usb 2-1: Product: syz
[   86.054559][  T295] usb 2-1: Manufacturer: syz
[   86.059333][  T295] usb 2-1: SerialNumber: syz
[   86.087727][  T295] usb 2-1: config 0 descriptor??
[   86.137188][ T1454] loop0: detected capacity change from 0 to 2048
[   86.169863][ T1454] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   86.180379][ T1454] ext4 filesystem being mounted at /12/bus supports timestamps until 2038 (0x7fffffff)
[   86.204529][ T1454] fs-verity: sha512 using implementation "sha512-avx2"
[   86.232944][ T1454] syz.0.264 (1454) used greatest stack depth: 20176 bytes left
[   86.244107][ T1209] EXT4-fs (loop0): unmounting filesystem.
[   86.290842][ T1400] EXT4-fs (loop4): unmounting filesystem.
[   86.337091][ T1438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.260'.
[   86.349401][ T1438] netlink: 48 bytes leftover after parsing attributes in process `syz.1.260'.
[   86.377018][ T1457] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.383859][ T1457] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.393316][ T1457] device bridge_slave_0 entered promiscuous mode
[   86.407006][ T1457] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.416952][ T1457] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.424189][ T1457] device bridge_slave_1 entered promiscuous mode
[   86.428031][  T295] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[   86.443311][  T295] usb 2-1: USB disconnect, device number 12
[   86.448597][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   86.479799][ T1472] netlink: 40 bytes leftover after parsing attributes in process `syz.0.269'.
[   86.568217][ T1457] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.575088][ T1457] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.582222][ T1457] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.589063][ T1457] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.606088][  T352] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   86.630496][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   86.638227][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.645326][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.663779][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   86.671910][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.678773][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.694252][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   86.702339][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.709207][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.716150][ T1477] loop0: detected capacity change from 0 to 2048
[   86.716951][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   86.740447][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   86.748910][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   86.763120][ T1457] device veth0_vlan entered promiscuous mode
[   86.770821][  T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   86.786708][ T1477] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   86.795014][ T1477] ext4 filesystem being mounted at /18/bus supports timestamps until 2038 (0x7fffffff)
[   86.808941][  T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   86.816264][  T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   86.843182][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   86.854649][ T1457] device veth1_macvtap entered promiscuous mode
[   86.856159][  T352] usb 5-1: Using ep0 maxpacket: 16
[   86.874615][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.884784][ T1209] EXT4-fs (loop0): unmounting filesystem.
[   86.897537][  T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.970630][ T1486] loop1: detected capacity change from 0 to 1024
[   86.979595][ T1486] EXT4-fs: Ignoring removed orlov option
[   86.985699][ T1486] EXT4-fs (loop1): Test dummy encryption mode enabled
[   86.992606][  T352] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[   87.002499][  T586] device bridge_slave_1 left promiscuous mode
[   87.006113][  T352] usb 5-1: config 0 interface 0 has no altsetting 0
[   87.015095][  T352] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[   87.016396][  T586] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.031608][  T586] device bridge_slave_0 left promiscuous mode
[   87.033018][ T1486] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   87.037777][  T586] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.049586][  T352] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.063840][  T586] device veth1_macvtap left promiscuous mode
[   87.069983][  T586] device veth0_vlan left promiscuous mode
[   87.078822][  T352] usb 5-1: config 0 descriptor??
[   87.132735][  T934] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   88.419980][ T1286] EXT4-fs (loop1): unmounting filesystem.
[   88.496606][ T1501] FAULT_INJECTION: forcing a failure.
[   88.496606][ T1501] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   88.530889][ T1501] CPU: 0 PID: 1501 Comm: syz.3.278 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   88.540348][ T1501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   88.550240][ T1501] Call Trace:
[   88.553367][ T1501]  <TASK>
[   88.556143][ T1501]  dump_stack_lvl+0x151/0x1b7
[   88.560655][ T1501]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   88.565948][ T1501]  ? from_kuid+0x18d/0x6f0
[   88.570204][ T1501]  dump_stack+0x15/0x1c
[   88.574195][ T1501]  should_fail_ex+0x3d0/0x520
[   88.578720][ T1501]  should_fail+0xb/0x10
[   88.582699][ T1501]  should_fail_usercopy+0x1a/0x20
[   88.587562][ T1501]  _copy_to_user+0x1e/0x90
[   88.591814][ T1501]  bpf_prog_test_run_raw_tp+0x52e/0x6d0
[   88.597195][ T1501]  ? bpf_prog_test_run_tracing+0x760/0x760
[   88.602838][ T1501]  ? __kasan_check_write+0x14/0x20
[   88.607782][ T1501]  ? fput+0x15b/0x1b0
[   88.611603][ T1501]  ? bpf_prog_test_run_tracing+0x760/0x760
[   88.617354][ T1501]  bpf_prog_test_run+0x3b0/0x630
[   88.622149][ T1501]  ? bpf_prog_query+0x260/0x260
[   88.626809][ T1501]  ? selinux_bpf+0xd2/0x100
[   88.631150][ T1501]  ? security_bpf+0x82/0xb0
[   88.635491][ T1501]  __sys_bpf+0x59f/0x7f0
[   88.639569][ T1501]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[   88.644782][ T1501]  ? __ia32_sys_read+0x90/0x90
[   88.649378][ T1501]  ? debug_smp_processor_id+0x17/0x20
[   88.654584][ T1501]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   88.660485][ T1501]  __x64_sys_bpf+0x7c/0x90
[   88.664736][ T1501]  x64_sys_call+0x87f/0x9a0
[   88.669077][ T1501]  do_syscall_64+0x3b/0xb0
[   88.673334][ T1501]  ? clear_bhb_loop+0x55/0xb0
[   88.677846][ T1501]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   88.683569][ T1501] RIP: 0033:0x7f32aa97cef9
[   88.686171][  T934] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   88.687821][ T1501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.717162][ T1501] RSP: 002b:00007f32ab85c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   88.725405][ T1501] RAX: ffffffffffffffda RBX: 00007f32aab35f80 RCX: 00007f32aa97cef9
[   88.733216][ T1501] RDX: 000000000000000c RSI: 00000000200002c0 RDI: 000000000000000a
[   88.741026][ T1501] RBP: 00007f32ab85c090 R08: 0000000000000000 R09: 0000000000000000
[   88.748836][ T1501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.756646][ T1501] R13: 0000000000000000 R14: 00007f32aab35f80 R15: 00007ffd5face9e8
[   88.764549][ T1501]  </TASK>
[   88.812755][ T1505] netlink: 40 bytes leftover after parsing attributes in process `syz.0.280'.
[   88.856480][ T1508] loop1: detected capacity change from 0 to 16
[   88.863745][ T1508] erofs: Unknown parameter '/sys/kernel/profiling'
[   88.916237][  T934] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   89.001651][  T934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.017430][  T352] kye 0003:0458:0138.000A: unknown main item tag 0x0
[   89.023936][  T352] kye 0003:0458:0138.000A: unknown main item tag 0x0
[   89.030486][  T352] kye 0003:0458:0138.000A: unexpected long global item
[   89.037564][  T352] kye 0003:0458:0138.000A: parse failed
[   89.042958][  T352] kye: probe of 0003:0458:0138.000A failed with error -22
[   89.042967][  T934] usb 3-1: Product: syz
[   89.042983][  T934] usb 3-1: Manufacturer: syz
[   89.066475][  T934] usb 3-1: SerialNumber: syz
[   89.142244][  T934] usb 3-1: config 0 descriptor??
[   89.147284][ T1495] usb 5-1: USB disconnect, device number 6
[   89.325740][ T1525] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[   89.351969][ T1529] FAULT_INJECTION: forcing a failure.
[   89.351969][ T1529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   89.365219][ T1529] CPU: 1 PID: 1529 Comm: syz.1.286 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   89.374658][ T1529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   89.384552][ T1529] Call Trace:
[   89.387675][ T1529]  <TASK>
[   89.390454][ T1529]  dump_stack_lvl+0x151/0x1b7
[   89.394970][ T1529]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   89.400263][ T1529]  ? avc_has_perm_noaudit+0x430/0x430
[   89.405469][ T1529]  dump_stack+0x15/0x1c
[   89.409460][ T1529]  should_fail_ex+0x3d0/0x520
[   89.413977][ T1529]  should_fail+0xb/0x10
[   89.417967][ T1529]  should_fail_usercopy+0x1a/0x20
[   89.422827][ T1529]  _copy_to_user+0x1e/0x90
[   89.427080][ T1529]  simple_read_from_buffer+0xc7/0x150
[   89.432292][ T1529]  proc_fail_nth_read+0x1a3/0x210
[   89.437150][ T1529]  ? proc_fault_inject_write+0x390/0x390
[   89.442615][ T1529]  ? fsnotify_perm+0x470/0x5d0
[   89.447219][ T1529]  ? security_file_permission+0x86/0xb0
[   89.452597][ T1529]  ? proc_fault_inject_write+0x390/0x390
[   89.458064][ T1529]  vfs_read+0x26c/0xad0
[   89.462059][ T1529]  ? kernel_read+0x1f0/0x1f0
[   89.466488][ T1529]  ? mutex_lock+0xb1/0x1e0
[   89.470737][ T1529]  ? bit_wait_io_timeout+0x120/0x120
[   89.475860][ T1529]  ? __fdget_pos+0x2e2/0x390
[   89.480283][ T1529]  ? ksys_read+0x77/0x2c0
[   89.484449][ T1529]  ksys_read+0x199/0x2c0
[   89.488529][ T1529]  ? vfs_write+0xeb0/0xeb0
[   89.492782][ T1529]  ? debug_smp_processor_id+0x17/0x20
[   89.497986][ T1529]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   89.503890][ T1529]  __x64_sys_read+0x7b/0x90
[   89.508234][ T1529]  x64_sys_call+0x28/0x9a0
[   89.512496][ T1529]  do_syscall_64+0x3b/0xb0
[   89.516735][ T1529]  ? clear_bhb_loop+0x55/0xb0
[   89.521296][ T1529]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   89.526976][ T1529] RIP: 0033:0x7fc420d7b93c
[   89.531229][ T1529] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   89.550673][ T1529] RSP: 002b:00007fc420bff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   89.558915][ T1529] RAX: ffffffffffffffda RBX: 00007fc420f35f80 RCX: 00007fc420d7b93c
[   89.566730][ T1529] RDX: 000000000000000f RSI: 00007fc420bff0a0 RDI: 0000000000000004
[   89.574536][ T1529] RBP: 00007fc420bff090 R08: 0000000000000000 R09: 0000000000000000
[   89.582351][ T1529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   89.590160][ T1529] R13: 0000000000000000 R14: 00007fc420f35f80 R15: 00007fffe17b94d8
[   89.597978][ T1529]  </TASK>
[   89.606357][ T1481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.272'.
[   89.618784][ T1481] netlink: 48 bytes leftover after parsing attributes in process `syz.2.272'.
[   89.644691][ T1531] loop1: detected capacity change from 0 to 1024
[   89.659412][  T934] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[   89.667106][ T1531] EXT4-fs: Ignoring removed orlov option
[   89.673230][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   89.676382][  T934] usb 3-1: USB disconnect, device number 7
[   89.689746][ T1531] EXT4-fs (loop1): Test dummy encryption mode enabled
[   89.708978][ T1531] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   89.783475][   T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[   90.167339][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   90.182741][ T1540] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[   90.196139][  T934] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   90.240442][ T1544] netlink: 40 bytes leftover after parsing attributes in process `syz.3.291'.
[   90.366080][   T24] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   90.377027][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.391020][   T24] usb 1-1: Product: syz
[   90.398131][   T24] usb 1-1: Manufacturer: syz
[   90.404636][   T24] usb 1-1: SerialNumber: syz
[   90.411812][   T24] usb 1-1: config 0 descriptor??
[   90.509823][ T1286] EXT4-fs (loop1): unmounting filesystem.
[   90.536321][  T410] bio_check_eod: 87872 callbacks suppressed
[   90.536346][  T410] syz.3.18: attempt to access beyond end of device
[   90.536346][  T410] loop3: rw=524288, sector=89592, nr_sectors = 8 limit=40427
[   90.556153][  T410] syz.3.18: attempt to access beyond end of device
[   90.556153][  T410] loop3: rw=524288, sector=89600, nr_sectors = 8 limit=40427
[   90.569975][  T410] syz.3.18: attempt to access beyond end of device
[   90.569975][  T410] loop3: rw=524288, sector=89608, nr_sectors = 8 limit=40427
[   90.584004][  T410] syz.3.18: attempt to access beyond end of device
[   90.584004][  T410] loop3: rw=524288, sector=89616, nr_sectors = 8 limit=40427
[   90.597836][  T410] syz.3.18: attempt to access beyond end of device
[   90.597836][  T410] loop3: rw=524288, sector=89624, nr_sectors = 8 limit=40427
[   90.619488][  T410] syz.3.18: attempt to access beyond end of device
[   90.619488][  T410] loop3: rw=524288, sector=89632, nr_sectors = 8 limit=40427
[   90.626112][  T934] usb 5-1: config index 0 descriptor too short (expected 61732, got 36)
[   90.649927][  T934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.655372][  T410] syz.3.18: attempt to access beyond end of device
[   90.655372][  T410] loop3: rw=524288, sector=89640, nr_sectors = 8 limit=40427
[   90.670992][  T934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.684763][  T934] usb 5-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00
[   90.693803][  T934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.702205][ T1527] netlink: 4 bytes leftover after parsing attributes in process `syz.0.285'.
[   90.713768][  T410] syz.3.18: attempt to access beyond end of device
[   90.713768][  T410] loop3: rw=524288, sector=89648, nr_sectors = 8 limit=40427
[   90.716477][  T934] usb 5-1: config 0 descriptor??
[   90.734740][ T1527] netlink: 48 bytes leftover after parsing attributes in process `syz.0.285'.
[   90.747315][  T410] syz.3.18: attempt to access beyond end of device
[   90.747315][  T410] loop3: rw=524288, sector=89656, nr_sectors = 8 limit=40427
[   90.762773][   T24] snd-usb-audio: probe of 1-1:0.0 failed with error -2
[   90.770087][  T410] syz.3.18: attempt to access beyond end of device
[   90.770087][  T410] loop3: rw=524288, sector=89664, nr_sectors = 8 limit=40427
[   90.792630][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   90.809485][   T24] usb 1-1: USB disconnect, device number 14
[   91.077157][   T28] kauditd_printk_skb: 33 callbacks suppressed
[   91.077173][   T28] audit: type=1400 audit(1725779850.469:283): avc:  denied  { bind } for  pid=1559 comm="syz.1.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   91.110860][ T1560] FAULT_INJECTION: forcing a failure.
[   91.110860][ T1560] name failslab, interval 1, probability 0, space 0, times 0
[   91.124003][ T1560] CPU: 0 PID: 1560 Comm: syz.1.296 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   91.133442][ T1560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   91.143338][ T1560] Call Trace:
[   91.146460][ T1560]  <TASK>
[   91.149249][ T1560]  dump_stack_lvl+0x151/0x1b7
[   91.153750][ T1560]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   91.159044][ T1560]  ? __find_rr_leaf+0x862/0xb70
[   91.163733][ T1560]  dump_stack+0x15/0x1c
[   91.167725][ T1560]  should_fail_ex+0x3d0/0x520
[   91.172240][ T1560]  ? xfrm_state_alloc+0x26/0x2d0
[   91.177010][ T1560]  __should_failslab+0xaf/0xf0
[   91.181612][ T1560]  should_failslab+0x9/0x20
[   91.185951][ T1560]  kmem_cache_alloc+0x3b/0x2c0
[   91.190553][ T1560]  xfrm_state_alloc+0x26/0x2d0
[   91.195150][ T1560]  xfrm_state_find+0x2009/0x2fd0
[   91.199923][ T1560]  ? __rt6_find_exception_rcu+0x25b/0x340
[   91.205479][ T1560]  ? fib6_select_path+0x13c/0x5b0
[   91.210337][ T1560]  ? security_inode_alloc+0x29/0x120
[   91.215461][ T1560]  ? xfrm_sad_getinfo+0x170/0x170
[   91.220320][ T1560]  ? ip6_pol_route+0x100e/0x14a0
[   91.225091][ T1560]  ? ip6_pol_route+0x583/0x14a0
[   91.227161][  T934] microsoft 0003:045E:009D.000B: unbalanced delimiter at end of report description
[   91.229781][ T1560]  ? fib6_table_lookup+0xa80/0xa80
[   91.243841][ T1560]  ? avc_has_perm_noaudit+0x2dd/0x430
[   91.246214][  T934] microsoft 0003:045E:009D.000B: parse failed
[   91.249134][ T1560]  xfrm_resolve_and_create_bundle+0x606/0x2c40
[   91.261033][ T1560]  ? ipv6_dev_get_saddr+0x431/0x580
[   91.266060][ T1560]  ? xfrm_sk_policy_lookup+0x5b0/0x5b0
[   91.271355][ T1560]  ? ipv6_dev_get_saddr+0x444/0x580
[   91.276387][ T1560]  ? xfrm_sk_policy_lookup+0x567/0x5b0
[   91.281683][ T1560]  xfrm_lookup_with_ifid+0x98b/0x22b0
[   91.286888][ T1560]  ? __xfrm_sk_clone_policy+0x970/0x970
[   91.292267][ T1560]  ? avc_has_perm_noaudit+0x2dd/0x430
[   91.297478][ T1560]  ? avc_denied+0x1b0/0x1b0
[   91.301815][ T1560]  xfrm_lookup_route+0x3b/0x160
[   91.306506][ T1560]  ip6_dst_lookup_flow+0x13a/0x170
[   91.311448][ T1560]  ? ip6_dst_lookup_tail+0x12e0/0x12e0
[   91.316751][ T1560]  ? avc_has_perm+0x16f/0x260
[   91.321256][ T1560]  ? ip6_datagram_dst_update+0x2db/0xbc0
[   91.326723][ T1560]  ? fl6_update_dst+0xbb/0x160
[   91.331323][ T1560]  ip6_datagram_dst_update+0x618/0xbc0
[   91.336621][ T1560]  ? dst_discard+0x50/0x50
[   91.340872][ T1560]  ? selinux_socket_connect_helper+0x44d/0x9d0
[   91.346860][ T1560]  ? __ip6_datagram_connect+0xb93/0x1230
[   91.352327][ T1560]  ? memcpy+0x56/0x70
[   91.356148][ T1560]  __ip6_datagram_connect+0xbf0/0x1230
[   91.361450][ T1560]  ? _raw_spin_unlock_bh+0x50/0x60
[   91.366389][ T1560]  ? ip6_datagram_release_cb+0x2a0/0x2a0
[   91.371854][ T1560]  ? vfs_write+0xbb3/0xeb0
[   91.376110][ T1560]  ip6_datagram_connect_v6_only+0x65/0xa0
[   91.381665][ T1560]  inet_dgram_connect+0x1e7/0x410
[   91.386525][ T1560]  ? security_socket_connect+0x82/0xb0
[   91.391821][ T1560]  ? sk_dst_reset+0xa0/0xa0
[   91.396158][ T1560]  __sys_connect+0x2c9/0x300
[   91.400586][ T1560]  ? __sys_connect_file+0x170/0x170
[   91.405622][ T1560]  ? debug_smp_processor_id+0x17/0x20
[   91.410825][ T1560]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   91.416729][ T1560]  __x64_sys_connect+0x7a/0x90
[   91.421326][ T1560]  x64_sys_call+0x14e/0x9a0
[   91.425666][ T1560]  do_syscall_64+0x3b/0xb0
[   91.429922][ T1560]  ? clear_bhb_loop+0x55/0xb0
[   91.434431][ T1560]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   91.440162][ T1560] RIP: 0033:0x7fc420d7cef9
[   91.444413][ T1560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.463854][ T1560] RSP: 002b:00007fc420bff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   91.472115][ T1560] RAX: ffffffffffffffda RBX: 00007fc420f35f80 RCX: 00007fc420d7cef9
[   91.479919][ T1560] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000004
[   91.487723][ T1560] RBP: 00007fc420bff090 R08: 0000000000000000 R09: 0000000000000000
[   91.495536][ T1560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.503346][ T1560] R13: 0000000000000000 R14: 00007fc420f35f80 R15: 00007fffe17b94d8
[   91.511159][ T1560]  </TASK>
[   91.514845][  T934] microsoft: probe of 0003:045E:009D.000B failed with error -22
[   91.526196][ T1563] FAULT_INJECTION: forcing a failure.
[   91.526196][ T1563] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   91.539699][ T1563] CPU: 1 PID: 1563 Comm: syz.0.297 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   91.549143][ T1563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   91.559032][ T1563] Call Trace:
[   91.562155][ T1563]  <TASK>
[   91.564934][ T1563]  dump_stack_lvl+0x151/0x1b7
[   91.569448][ T1563]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   91.574737][ T1563]  ? mutex_unlock+0xb2/0x260
[   91.579167][ T1563]  dump_stack+0x15/0x1c
[   91.583158][ T1563]  should_fail_ex+0x3d0/0x520
[   91.587673][ T1563]  should_fail+0xb/0x10
[   91.591664][ T1563]  should_fail_usercopy+0x1a/0x20
[   91.596522][ T1563]  _copy_to_user+0x1e/0x90
[   91.600778][ T1563]  simple_read_from_buffer+0xc7/0x150
[   91.605984][ T1563]  proc_fail_nth_read+0x1a3/0x210
[   91.610845][ T1563]  ? proc_fault_inject_write+0x390/0x390
[   91.616324][ T1563]  ? fsnotify_perm+0x470/0x5d0
[   91.620921][ T1563]  ? security_file_permission+0x86/0xb0
[   91.626294][ T1563]  ? proc_fault_inject_write+0x390/0x390
[   91.631764][ T1563]  vfs_read+0x26c/0xad0
[   91.635756][ T1563]  ? kernel_read+0x1f0/0x1f0
[   91.640179][ T1563]  ? mutex_lock+0xb1/0x1e0
[   91.644432][ T1563]  ? bit_wait_io_timeout+0x120/0x120
[   91.649557][ T1563]  ? __fdget_pos+0x2e2/0x390
[   91.654079][ T1563]  ? ksys_read+0x77/0x2c0
[   91.658248][ T1563]  ksys_read+0x199/0x2c0
[   91.662326][ T1563]  ? vfs_write+0xeb0/0xeb0
[   91.666581][ T1563]  ? debug_smp_processor_id+0x17/0x20
[   91.671792][ T1563]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   91.677691][ T1563]  __x64_sys_read+0x7b/0x90
[   91.682028][ T1563]  x64_sys_call+0x28/0x9a0
[   91.686280][ T1563]  do_syscall_64+0x3b/0xb0
[   91.690535][ T1563]  ? clear_bhb_loop+0x55/0xb0
[   91.695047][ T1563]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   91.700776][ T1563] RIP: 0033:0x7fb31b97b93c
[   91.705028][ T1563] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   91.724524][ T1563] RSP: 002b:00007fb31c828030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   91.732715][ T1563] RAX: ffffffffffffffda RBX: 00007fb31bb35f80 RCX: 00007fb31b97b93c
[   91.740527][ T1563] RDX: 000000000000000f RSI: 00007fb31c8280a0 RDI: 000000000000000a
[   91.748339][ T1563] RBP: 00007fb31c828090 R08: 0000000000000000 R09: 0000000000000000
[   91.756149][ T1563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.763959][ T1563] R13: 0000000000000000 R14: 00007fb31bb35f80 R15: 00007ffdb4d3ea48
[   91.771777][ T1563]  </TASK>
[   91.845308][ T1567] loop2: detected capacity change from 0 to 512
[   91.857415][ T1567] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz.2.299: corrupted in-inode xattr
[   91.869302][ T1567] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.299: couldn't read orphan inode 15 (err -117)
[   91.870971][ T1565] loop0: detected capacity change from 0 to 8192
[   91.887407][ T1567] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   91.907523][ T1565] FAT-fs (loop0): Unrecognized mount option "џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџcqЄ(^&w1u‡Еw§ІСfЄ;{WƒЄ€”Ц{8Х!П5yдс" or missing value
[   92.071561][ T1576] xt_hashlimit: size too large, truncated to 1048576
[   92.213919][ T1573] loop1: detected capacity change from 0 to 40427
[   92.225339][ T1573] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[   92.239175][ T1573] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   92.254472][ T1573] F2FS-fs (loop1): invalid crc value
[   92.272458][ T1573] F2FS-fs (loop1): Found nat_bits in checkpoint
[   92.343465][ T1573] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   92.350449][ T1573] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   92.490891][ T1587] loop1: detected capacity change from 0 to 512
[   92.517352][ T1587] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   92.681180][  T292] EXT4-fs (loop2): unmounting filesystem.
[   92.778223][ T1600] netlink: 40 bytes leftover after parsing attributes in process `syz.0.304'.
[   92.818083][ T1286] EXT4-fs (loop1): unmounting filesystem.
[   92.932244][   T28] audit: type=1400 audit(1725779852.319:284): avc:  denied  { create } for  pid=1604 comm="syz.2.306" name="file5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   92.962427][   T28] audit: type=1400 audit(1725779852.339:285): avc:  denied  { read append } for  pid=1604 comm="syz.2.306" name="file5" dev="tmpfs" ino=409 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   92.985518][   T28] audit: type=1400 audit(1725779852.339:286): avc:  denied  { open } for  pid=1604 comm="syz.2.306" path="/72/file5" dev="tmpfs" ino=409 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   93.008433][   T28] audit: type=1400 audit(1725779852.339:287): avc:  denied  { ioctl } for  pid=1604 comm="syz.2.306" path="/72/file5" dev="tmpfs" ino=409 ioctlcmd=0x70ca scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   93.009271][ T1605] kvm: emulating exchange as write
[   93.124407][   T28] audit: type=1400 audit(1725779852.509:288): avc:  denied  { unlink } for  pid=292 comm="syz-executor" name="file5" dev="tmpfs" ino=409 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   93.196051][   T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[   93.566105][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   93.793058][   T24] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   93.812631][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.820690][   T24] usb 2-1: Product: syz
[   93.826081][   T24] usb 2-1: Manufacturer: syz
[   93.830511][   T24] usb 2-1: SerialNumber: syz
[   93.845691][   T24] usb 2-1: config 0 descriptor??
[   94.160044][ T1610] netlink: 4 bytes leftover after parsing attributes in process `syz.1.307'.
[   94.168845][  T445] Bluetooth: hci0: command 0x1003 tx timeout
[   94.174847][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   94.216139][  T934] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[   94.261907][ T1628] netlink: 48 bytes leftover after parsing attributes in process `syz.1.307'.
[   94.470191][   T24] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[   94.496111][  T934] usb 1-1: Using ep0 maxpacket: 16
[   94.503638][   T24] usb 2-1: USB disconnect, device number 13
[   94.515647][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   95.266403][  T934] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   95.309910][  T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.423614][  T934] usb 1-1: Product: syz
[   95.428894][ T1642] netlink: 40 bytes leftover after parsing attributes in process `syz.1.315'.
[   95.437682][  T934] usb 1-1: Manufacturer: syz
[   95.442194][  T934] usb 1-1: SerialNumber: syz
[   95.450555][  T934] r8152-cfgselector 1-1: config 0 descriptor??
[   95.460250][   T24] usb 5-1: USB disconnect, device number 7
[   95.552952][  T410] bio_check_eod: 73442 callbacks suppressed
[   95.552969][  T410] syz.3.18: attempt to access beyond end of device
[   95.552969][  T410] loop3: rw=0, sector=87168, nr_sectors = 8 limit=40427
[   95.556487][ T1645] loop2: detected capacity change from 0 to 512
[   95.559198][  T410] syz.3.18: attempt to access beyond end of device
[   95.559198][  T410] loop3: rw=0, sector=87176, nr_sectors = 8 limit=40427
[   95.573113][ T1647] netlink: 40 bytes leftover after parsing attributes in process `syz.1.317'.
[   95.578173][  T410] syz.3.18: attempt to access beyond end of device
[   95.578173][  T410] loop3: rw=0, sector=87184, nr_sectors = 8 limit=40427
[   95.613573][  T410] syz.3.18: attempt to access beyond end of device
[   95.613573][  T410] loop3: rw=0, sector=87192, nr_sectors = 8 limit=40427
[   95.626886][  T410] syz.3.18: attempt to access beyond end of device
[   95.626886][  T410] loop3: rw=0, sector=87200, nr_sectors = 8 limit=40427
[   95.627627][ T1645] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   95.642453][  T410] syz.3.18: attempt to access beyond end of device
[   95.642453][  T410] loop3: rw=0, sector=87208, nr_sectors = 8 limit=40427
[   95.661827][  T410] syz.3.18: attempt to access beyond end of device
[   95.661827][  T410] loop3: rw=0, sector=87216, nr_sectors = 8 limit=40427
[   95.675563][  T410] syz.3.18: attempt to access beyond end of device
[   95.675563][  T410] loop3: rw=0, sector=87224, nr_sectors = 8 limit=40427
[   95.689037][  T410] syz.3.18: attempt to access beyond end of device
[   95.689037][  T410] loop3: rw=0, sector=87232, nr_sectors = 8 limit=40427
[   95.702791][  T410] syz.3.18: attempt to access beyond end of device
[   95.702791][  T410] loop3: rw=0, sector=87240, nr_sectors = 8 limit=40427
[   95.736125][  T934] r8152-cfgselector 1-1: Unknown version 0x0000
[   95.753288][  T292] EXT4-fs (loop2): unmounting filesystem.
[   95.798731][ T1661] loop1: detected capacity change from 0 to 1024
[   95.811803][ T1661] EXT4-fs: Ignoring removed orlov option
[   95.819499][ T1661] EXT4-fs (loop1): Test dummy encryption mode enabled
[   95.828685][ T1661] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   95.928912][   T28] audit: type=1400 audit(1725779855.319:289): avc:  denied  { ioctl } for  pid=1667 comm="syz.2.320" path="socket:[22787]" dev="sockfs" ino=22787 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   96.257296][ T1495] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[   96.671398][ T1286] EXT4-fs (loop1): unmounting filesystem.
[   96.686321][ T1495] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   96.705230][ T1495] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   96.716125][ T1495] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[   96.716139][ T1673] netlink: 40 bytes leftover after parsing attributes in process `syz.1.321'.
[   96.734128][ T1495] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.742995][ T1495] usb 3-1: config 0 descriptor??
[   97.023308][  T934] r8152-cfgselector 1-1: Unknown version 0x0000
[   97.038803][  T934] r8152-cfgselector 1-1: USB disconnect, device number 15
[   97.206670][  T555] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   97.267580][ T1495] hid-led 0003:1D34:000A.000C: unknown main item tag 0x0
[   97.506154][ T1668] loop2: detected capacity change from 0 to 512
[   97.621115][ T1668] EXT4-fs: Ignoring removed nobh option
[   97.701785][ T1668] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[   97.719439][ T1668] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.320: attempt to clear invalid blocks 2 len 1
[   97.784005][ T1668] EXT4-fs (loop2): Remounting filesystem read-only
[   97.808970][ T1668] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[   97.864858][ T1668] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.320: invalid indirect mapped block 1819239214 (level 0)
[   97.916250][ T1668] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.320: invalid indirect mapped block 1819239214 (level 1)
[   97.950458][ T1668] EXT4-fs (loop2): 1 truncate cleaned up
[   97.964014][ T1668] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   97.976063][   T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[   98.006816][ T1495] hid-led 0003:1D34:000A.000C: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.2-1/input0
[   98.024705][ T1495] hid-led 0003:1D34:000A.000C: Dream Cheeky Webmail Notifier initialized
[   98.211653][    T6] usb 3-1: USB disconnect, device number 8
[   98.386247][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   98.617088][   T24] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   98.626148][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.633977][   T24] usb 2-1: Product: syz
[   98.638398][   T24] usb 2-1: Manufacturer: syz
[   98.642876][   T24] usb 2-1: SerialNumber: syz
[   98.651543][   T24] usb 2-1: config 0 descriptor??
[   98.750203][  T292] EXT4-fs (loop2): unmounting filesystem.
[   98.784767][ T1698] FAULT_INJECTION: forcing a failure.
[   98.784767][ T1698] name failslab, interval 1, probability 0, space 0, times 0
[   98.797341][ T1698] CPU: 1 PID: 1698 Comm: syz.2.327 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[   98.806723][ T1698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   98.816616][ T1698] Call Trace:
[   98.819829][ T1698]  <TASK>
[   98.822608][ T1698]  dump_stack_lvl+0x151/0x1b7
[   98.827120][ T1698]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   98.832414][ T1698]  ? _parse_integer+0x2a/0x40
[   98.836927][ T1698]  ? kstrtoull+0x1cd/0x2e0
[   98.841275][ T1698]  dump_stack+0x15/0x1c
[   98.845272][ T1698]  should_fail_ex+0x3d0/0x520
[   98.849773][ T1698]  ? bpf_test_init+0xf1/0x190
[   98.854286][ T1698]  __should_failslab+0xaf/0xf0
[   98.858886][ T1698]  should_failslab+0x9/0x20
[   98.863226][ T1698]  __kmem_cache_alloc_node+0x3d/0x250
[   98.868434][ T1698]  ? kasan_save_free_info+0x2b/0x40
[   98.873470][ T1698]  ? bpf_test_init+0xf1/0x190
[   98.878153][ T1698]  __kmalloc+0xa3/0x1e0
[   98.882158][ T1698]  bpf_test_init+0xf1/0x190
[   98.886571][ T1698]  bpf_prog_test_run_xdp+0x414/0x1130
[   98.891788][ T1698]  ? avc_denied+0x1b0/0x1b0
[   98.896123][ T1698]  ? dev_put+0x80/0x80
[   98.900033][ T1698]  ? __kasan_check_write+0x14/0x20
[   98.904971][ T1698]  ? fput+0x15b/0x1b0
[   98.908789][ T1698]  ? dev_put+0x80/0x80
[   98.912697][ T1698]  bpf_prog_test_run+0x3b0/0x630
[   98.917470][ T1698]  ? bpf_prog_query+0x260/0x260
[   98.922156][ T1698]  ? selinux_bpf+0xd2/0x100
[   98.926500][ T1698]  ? security_bpf+0x82/0xb0
[   98.930842][ T1698]  __sys_bpf+0x59f/0x7f0
[   98.934919][ T1698]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[   98.940127][ T1698]  ? __ia32_sys_read+0x90/0x90
[   98.944721][ T1698]  ? debug_smp_processor_id+0x17/0x20
[   98.949930][ T1698]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   98.955834][ T1698]  __x64_sys_bpf+0x7c/0x90
[   98.960086][ T1698]  x64_sys_call+0x87f/0x9a0
[   98.964422][ T1698]  do_syscall_64+0x3b/0xb0
[   98.968675][ T1698]  ? clear_bhb_loop+0x55/0xb0
[   98.973207][ T1698]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   98.979442][ T1698] RIP: 0033:0x7f610d97cef9
[   98.983693][ T1698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.003134][ T1698] RSP: 002b:00007f610e77c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   99.011376][ T1698] RAX: ffffffffffffffda RBX: 00007f610db35f80 RCX: 00007f610d97cef9
[   99.019189][ T1698] RDX: 0000000000000069 RSI: 00000000200002c0 RDI: 000000000000000a
[   99.027000][ T1698] RBP: 00007f610e77c090 R08: 0000000000000000 R09: 0000000000000000
[   99.034821][ T1698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.042624][ T1698] R13: 0000000000000000 R14: 00007f610db35f80 R15: 00007ffe24b943d8
[   99.050439][ T1698]  </TASK>
[   99.055171][ T1689] netlink: 4 bytes leftover after parsing attributes in process `syz.1.325'.
[   99.086707][ T1689] netlink: 48 bytes leftover after parsing attributes in process `syz.1.325'.
[   99.137347][   T24] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[   99.151491][ T1702] loop2: detected capacity change from 0 to 512
[   99.158764][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   99.175353][   T24] usb 2-1: USB disconnect, device number 14
[   99.190021][ T1702] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   99.292071][  T292] EXT4-fs (loop2): unmounting filesystem.
[   99.366140][  T555] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   99.366168][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[   99.645586][ T1727] loop1: detected capacity change from 0 to 512
[   99.656575][ T1727] EXT4-fs: Ignoring removed oldalloc option
[   99.664328][ T1727] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #12: comm syz.1.334: inline data xattr refers to an external xattr inode
[   99.679147][ T1727] EXT4-fs (loop1): Remounting filesystem read-only
[   99.685529][ T1727] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.334: couldn't read orphan inode 12 (err -117)
[   99.697401][ T1727] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   99.808594][   T28] audit: type=1400 audit(1725779859.199:290): avc:  denied  { write } for  pid=1726 comm="syz.1.334" laddr=172.20.20.10 lport=256 faddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   99.876081][  T443] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[   99.916320][   T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  100.176254][  T443] usb 3-1: device descriptor read/64, error -71
[  100.406388][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  102.611963][  T410] bio_check_eod: 111221 callbacks suppressed
[  102.611988][  T410] syz.3.18: attempt to access beyond end of device
[  102.611988][  T410] loop3: rw=524288, sector=86016, nr_sectors = 8 limit=40427
[  102.634109][   T28] audit: type=1400 audit(1725779862.019:291): avc:  denied  { unlink } for  pid=83 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  102.642474][  T410] syz.3.18: attempt to access beyond end of device
[  102.642474][  T410] loop3: rw=524288, sector=86024, nr_sectors = 8 limit=40427
[  102.686168][   T24] usb 1-1: string descriptor 0 read error: -71
[  102.695395][  T410] syz.3.18: attempt to access beyond end of device
[  102.695395][  T410] loop3: rw=524288, sector=86032, nr_sectors = 8 limit=40427
[  102.702811][   T24] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  102.717206][  T410] syz.3.18: attempt to access beyond end of device
[  102.717206][  T410] loop3: rw=524288, sector=86040, nr_sectors = 8 limit=40427
[  102.766228][  T410] syz.3.18: attempt to access beyond end of device
[  102.766228][  T410] loop3: rw=524288, sector=86048, nr_sectors = 8 limit=40427
[  102.788732][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.803299][ T1286] EXT4-fs (loop1): unmounting filesystem.
[  102.809136][  T410] syz.3.18: attempt to access beyond end of device
[  102.809136][  T410] loop3: rw=524288, sector=86056, nr_sectors = 8 limit=40427
[  102.839901][  T410] syz.3.18: attempt to access beyond end of device
[  102.839901][  T410] loop3: rw=524288, sector=86064, nr_sectors = 8 limit=40427
[  102.857138][   T24] usb 1-1: config 0 descriptor??
[  102.861725][  T410] syz.3.18: attempt to access beyond end of device
[  102.861725][  T410] loop3: rw=524288, sector=86072, nr_sectors = 8 limit=40427
[  102.876102][   T24] usb 1-1: can't set config #0, error -71
[  102.885043][ T1751] loop1: detected capacity change from 0 to 256
[  102.891659][ T1751] FAT-fs (loop1): Unrecognized mount option "subj_type=cp437" or missing value
[  102.893074][ T1745] loop2: detected capacity change from 0 to 8192
[  102.900862][  T410] syz.3.18: attempt to access beyond end of device
[  102.900862][  T410] loop3: rw=524288, sector=86080, nr_sectors = 8 limit=40427
[  102.906689][   T24] usb 1-1: USB disconnect, device number 16
[  102.922434][   T28] audit: type=1400 audit(1725779862.319:292): avc:  denied  { connect } for  pid=1750 comm="syz.1.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  102.934809][ T1745] FAT-fs (loop2): Unrecognized mount option "џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџcqЄ(^&w1u‡Еw§ІСfЄ;{WƒЄ€”Ц{8Х!П5yдс" or missing value
[  102.957937][  T410] syz.3.18: attempt to access beyond end of device
[  102.957937][  T410] loop3: rw=524288, sector=86088, nr_sectors = 8 limit=40427
[  103.022041][ T1759] loop1: detected capacity change from 0 to 512
[  103.055525][ T1759] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  103.068827][ T1738] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.072653][ T1762] xt_hashlimit: size too large, truncated to 1048576
[  103.089968][ T1738] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.098039][ T1738] device bridge_slave_0 entered promiscuous mode
[  103.118480][ T1738] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.135477][ T1738] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.143489][ T1738] device bridge_slave_1 entered promiscuous mode
[  103.265450][ T1775] netlink: 40 bytes leftover after parsing attributes in process `syz.3.344'.
[  103.290631][ T1286] EXT4-fs (loop1): unmounting filesystem.
[  103.296351][   T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  103.346631][ T1738] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.353499][ T1738] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.360589][ T1738] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.367385][ T1738] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.405864][  T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  103.414809][  T934] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.433967][  T934] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.446285][  T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.454270][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.461120][  T294] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.468940][  T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.476932][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.483771][  T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.491758][ T1491] device bridge_slave_1 left promiscuous mode
[  103.498063][ T1491] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.505494][ T1491] device bridge_slave_0 left promiscuous mode
[  103.515381][ T1491] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.539506][ T1491] device veth1_macvtap left promiscuous mode
[  103.545376][ T1491] device veth0_vlan left promiscuous mode
[  103.662418][ T1784] loop2: detected capacity change from 0 to 1024
[  103.710039][ T1784] EXT4-fs: Ignoring removed orlov option
[  103.720140][ T1784] EXT4-fs (loop2): Test dummy encryption mode enabled
[  103.783410][   T24] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  103.850951][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  103.912505][    T6] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  103.930197][ T1784] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  103.947309][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.037143][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  104.077583][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.085362][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  104.100876][ T1738] device veth0_vlan entered promiscuous mode
[  104.108221][ T1495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  104.121439][ T1495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  104.131241][ T1495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  104.141369][ T1495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  104.156483][   T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  104.298088][   T24] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  104.308088][   T24] usb 1-1: Manufacturer: syz
[  104.345976][ T1738] device veth1_macvtap entered promiscuous mode
[  104.365184][   T24] usb 1-1: config 0 descriptor??
[  104.376684][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  104.387100][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  104.394537][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  104.403404][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  104.412406][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  104.416101][    T6] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  104.420094][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  104.437795][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  104.445937][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  104.454317][  T443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  104.596081][    T6] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  104.605111][    T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.613076][    T6] usb 2-1: Product: syz
[  104.617171][    T6] usb 2-1: Manufacturer: syz
[  104.621573][    T6] usb 2-1: SerialNumber: syz
[  104.639973][    T6] usb 2-1: config 0 descriptor??
[  104.837001][   T24] appleir 0003:05AC:8243.000D: unknown main item tag 0x0
[  104.845456][   T24] appleir 0003:05AC:8243.000D: No inputs registered, leaving
[  104.861397][   T24] appleir 0003:05AC:8243.000D: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  104.935962][ T1779] netlink: 4 bytes leftover after parsing attributes in process `syz.1.345'.
[  105.095365][ T1779] netlink: 48 bytes leftover after parsing attributes in process `syz.1.345'.
[  105.118972][    T6] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[  105.126604][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  105.142579][    T6] usb 2-1: USB disconnect, device number 15
[  105.187423][ T1743] loop0: detected capacity change from 0 to 16384
[  105.297118][  T352] usb 1-1: USB disconnect, device number 17
[  105.829973][ T1807] loop1: detected capacity change from 0 to 512
[  105.846113][  T555] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  105.885256][  T352] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  105.910752][ T1807] EXT4-fs (loop1): fragment/cluster size (2048) != block size (1024)
[  105.930558][ T1812] loop0: detected capacity change from 0 to 512
[  105.938264][ T1812] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  105.966846][ T1807] loop1: detected capacity change from 0 to 128
[  105.995233][ T1824] netlink: 40 bytes leftover after parsing attributes in process `syz.1.356'.
[  106.069148][ T1209] EXT4-fs (loop0): unmounting filesystem.
[  106.150026][ T1831] loop1: detected capacity change from 0 to 8192
[  106.159632][ T1831] FAT-fs (loop1): Unrecognized mount option "џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџcqЄ(^&w1u‡Еw§ІСfЄ;{WƒЄ€”Ц{8Х!П5yдс" or missing value
[  106.186069][  T352] usb 5-1: device descriptor read/64, error -71
[  106.296070][  T934] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  106.315173][ T1834] xt_hashlimit: size too large, truncated to 1048576
[  106.326312][   T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  106.364059][  T292] EXT4-fs (loop2): unmounting filesystem.
[  106.581651][  T352] usb 5-1: device descriptor read/64, error -71
[  106.676069][   T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  106.715028][ T1846] loop2: detected capacity change from 0 to 1024
[  106.721732][ T1846] EXT4-fs: Ignoring removed orlov option
[  106.727769][ T1846] EXT4-fs (loop2): Test dummy encryption mode enabled
[  106.737786][  T934] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  106.747838][ T1846] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  106.856046][  T352] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  106.966348][  T934] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  107.091297][  T934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.126352][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.147727][  T934] usb 4-1: Product: syz
[  107.165398][  T934] usb 4-1: Manufacturer: syz
[  107.170219][  T934] usb 4-1: SerialNumber: syz
[  107.178415][  T934] usb 4-1: config 0 descriptor??
[  107.326051][  T352] usb 5-1: device descriptor read/64, error -71
[  107.346496][   T24] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  107.364604][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.735397][ T1827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.357'.
[  107.745258][  T410] bio_check_eod: 131798 callbacks suppressed
[  107.745274][  T410] syz.3.18: attempt to access beyond end of device
[  107.745274][  T410] loop3: rw=524288, sector=87120, nr_sectors = 8 limit=40427
[  107.761321][   T24] usb 1-1: Product: syz
[  107.769092][  T410] syz.3.18: attempt to access beyond end of device
[  107.769092][  T410] loop3: rw=524288, sector=87128, nr_sectors = 8 limit=40427
[  107.769969][  T292] EXT4-fs (loop2): unmounting filesystem.
[  107.783516][   T24] usb 1-1: Manufacturer: syz
[  107.790707][  T410] syz.3.18: attempt to access beyond end of device
[  107.790707][  T410] loop3: rw=524288, sector=87136, nr_sectors = 8 limit=40427
[  107.793845][   T24] usb 1-1: SerialNumber: syz
[  107.811033][  T410] syz.3.18: attempt to access beyond end of device
[  107.811033][  T410] loop3: rw=524288, sector=87144, nr_sectors = 8 limit=40427
[  107.815930][ T1856] netlink: 48 bytes leftover after parsing attributes in process `syz.3.357'.
[  107.824915][  T410] syz.3.18: attempt to access beyond end of device
[  107.824915][  T410] loop3: rw=524288, sector=87152, nr_sectors = 8 limit=40427
[  107.833845][   T24] usb 1-1: config 0 descriptor??
[  107.847148][  T410] syz.3.18: attempt to access beyond end of device
[  107.847148][  T410] loop3: rw=524288, sector=87160, nr_sectors = 8 limit=40427
[  107.865447][  T410] syz.3.18: attempt to access beyond end of device
[  107.865447][  T410] loop3: rw=524288, sector=87168, nr_sectors = 8 limit=40427
[  107.872301][ T1858] netlink: 40 bytes leftover after parsing attributes in process `syz.2.365'.
[  107.879202][  T410] syz.3.18: attempt to access beyond end of device
[  107.879202][  T410] loop3: rw=524288, sector=87176, nr_sectors = 8 limit=40427
[  107.901514][  T410] syz.3.18: attempt to access beyond end of device
[  107.901514][  T410] loop3: rw=524288, sector=87184, nr_sectors = 8 limit=40427
[  107.913305][  T934] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[  107.915162][  T410] syz.3.18: attempt to access beyond end of device
[  107.915162][  T410] loop3: rw=524288, sector=87192, nr_sectors = 8 limit=40427
[  107.923491][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  107.953939][  T934] usb 4-1: USB disconnect, device number 7
[  108.048506][  T352] usb 5-1: device descriptor read/64, error -71
[  108.108982][ T1838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.361'.
[  108.122830][ T1838] netlink: 48 bytes leftover after parsing attributes in process `syz.0.361'.
[  108.137505][   T24] snd-usb-audio: probe of 1-1:0.0 failed with error -2
[  108.149003][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  108.165937][   T24] usb 1-1: USB disconnect, device number 18
[  108.166366][  T352] usb usb5-port1: attempt power cycle
[  108.415664][ T1864] FAULT_INJECTION: forcing a failure.
[  108.415664][ T1864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.428678][ T1864] CPU: 0 PID: 1864 Comm: syz.3.367 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[  108.438118][ T1864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  108.448012][ T1864] Call Trace:
[  108.451135][ T1864]  <TASK>
[  108.453934][ T1864]  dump_stack_lvl+0x151/0x1b7
[  108.458432][ T1864]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  108.463720][ T1864]  ? kstrtouint+0xf6/0x180
[  108.467984][ T1864]  ? _kstrtol+0x150/0x150
[  108.472154][ T1864]  dump_stack+0x15/0x1c
[  108.476134][ T1864]  should_fail_ex+0x3d0/0x520
[  108.480654][ T1864]  should_fail+0xb/0x10
[  108.484640][ T1864]  should_fail_usercopy+0x1a/0x20
[  108.489520][ T1864]  _copy_from_user+0x1e/0xc0
[  108.493939][ T1864]  copy_msghdr_from_user+0xaa/0x670
[  108.498963][ T1864]  ? sendmsg_copy_msghdr+0x70/0x70
[  108.503921][ T1864]  __sys_sendmsg+0x236/0x390
[  108.508335][ T1864]  ? ____sys_sendmsg+0x9a0/0x9a0
[  108.513111][ T1864]  ? __kasan_check_write+0x14/0x20
[  108.518055][ T1864]  ? mutex_unlock+0xb2/0x260
[  108.522486][ T1864]  ? __kasan_check_write+0x14/0x20
[  108.527449][ T1864]  ? __ia32_sys_read+0x90/0x90
[  108.532026][ T1864]  ? debug_smp_processor_id+0x17/0x20
[  108.537233][ T1864]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  108.543139][ T1864]  __x64_sys_sendmsg+0x7f/0x90
[  108.547735][ T1864]  x64_sys_call+0x16a/0x9a0
[  108.552077][ T1864]  do_syscall_64+0x3b/0xb0
[  108.556326][ T1864]  ? clear_bhb_loop+0x55/0xb0
[  108.560861][ T1864]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  108.566578][ T1864] RIP: 0033:0x7f32aa97cef9
[  108.570824][ T1864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.590266][ T1864] RSP: 002b:00007f32ab85c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  108.598512][ T1864] RAX: ffffffffffffffda RBX: 00007f32aab35f80 RCX: 00007f32aa97cef9
[  108.606321][ T1864] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
[  108.614130][ T1864] RBP: 00007f32ab85c090 R08: 0000000000000000 R09: 0000000000000000
[  108.621943][ T1864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.629755][ T1864] R13: 0000000000000000 R14: 00007f32aab35f80 R15: 00007ffd5face9e8
[  108.637573][ T1864]  </TASK>
[  108.706048][  T352] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  108.918245][ T1895] loop4: detected capacity change from 0 to 512
[  108.927853][ T1892] device syzkaller0 entered promiscuous mode
[  108.975199][ T1895] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  109.016881][ T1895] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  109.060312][ T1895] EXT4-fs (loop4): 1 orphan inode deleted
[  109.065863][ T1895] EXT4-fs (loop4): 1 truncate cleaned up
[  109.076026][ T1895] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  109.097646][ T1895] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  109.127618][ T1895] EXT4-fs (loop4): Remounting filesystem read-only
[  109.206049][  T352] usb 5-1: device not accepting address 10, error -71
[  109.256094][  T934] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  109.276165][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  109.307466][ T1906] loop0: detected capacity change from 0 to 512
[  109.320185][ T1906] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  109.331465][ T1906] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  109.343381][ T1906] EXT4-fs (loop0): 1 orphan inode deleted
[  109.349160][ T1906] EXT4-fs (loop0): 1 truncate cleaned up
[  109.354661][ T1906] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  109.372282][ T1906] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  109.387944][ T1906] EXT4-fs (loop0): Remounting filesystem read-only
[  109.399861][ T1209] EXT4-fs (loop0): unmounting filesystem.
[  109.500104][ T1911] loop0: detected capacity change from 0 to 512
[  109.520097][ T1911] EXT4-fs: Ignoring removed nomblk_io_submit option
[  109.526664][ T1911] EXT4-fs: Ignoring removed i_version option
[  109.532843][ T1911] EXT4-fs (loop0): Test dummy encryption mode enabled
[  109.539586][ T1911] EXT4-fs (loop0): can't mount with commit=129, fs mounted w/o journal
[  109.576058][  T352] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  109.576079][   T24] usb 4-1: device descriptor read/64, error -71
[  109.696296][  T934] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  109.766055][   T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  109.791651][ T1914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.381'.
[  109.802818][  T352] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  109.811654][  T352] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  109.824325][  T352] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  109.897079][ T1914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.381'.
[  109.927955][  T934] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  109.937136][  T934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.944967][  T934] usb 3-1: Product: syz
[  109.950526][  T934] usb 3-1: Manufacturer: syz
[  109.954973][  T934] usb 3-1: SerialNumber: syz
[  109.966836][  T934] usb 3-1: config 0 descriptor??
[  110.022752][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  110.046210][   T24] usb 4-1: device descriptor read/64, error -71
[  110.187765][  T352] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  110.196676][  T352] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.204447][  T352] usb 5-1: Product: syz
[  110.208464][  T352] usb 5-1: Manufacturer: syz
[  110.212878][  T352] usb 5-1: SerialNumber: syz
[  110.287916][ T1899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.377'.
[  110.312214][ T1899] netlink: 48 bytes leftover after parsing attributes in process `syz.2.377'.
[  110.321002][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  110.349014][  T934] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  110.371562][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  110.387461][  T934] usb 3-1: USB disconnect, device number 10
[  110.526184][  T352] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  110.534485][  T352] usb 5-1: found format II with max.bitrate = 0, frame size=0
[  110.541980][  T352] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  110.569130][  T352] usb 5-1: USB disconnect, device number 11
[  110.606094][   T24] usb 4-1: device descriptor read/64, error -71
[  110.905352][ T1929] loop1: detected capacity change from 0 to 512
[  110.936616][ T1929] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  111.005862][ T1738] EXT4-fs (loop4): unmounting filesystem.
[  111.011543][   T24] usb 4-1: device descriptor read/64, error -71
[  111.061254][ T1286] EXT4-fs (loop1): unmounting filesystem.
[  111.137836][  T352] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  111.153485][ T1947] loop4: detected capacity change from 0 to 512
[  111.160045][   T24] usb usb4-port1: attempt power cycle
[  111.179567][ T1947] EXT4-fs: Ignoring removed oldalloc option
[  111.198347][ T1951] loop1: detected capacity change from 0 to 512
[  111.226680][ T1947] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz.4.389: inline data xattr refers to an external xattr inode
[  111.246102][ T1951] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  111.261865][ T1947] EXT4-fs (loop4): Remounting filesystem read-only
[  111.268491][ T1947] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.389: couldn't read orphan inode 12 (err -117)
[  111.280528][ T1947] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  111.507596][  T352] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  111.536746][ T1286] EXT4-fs (loop1): unmounting filesystem.
[  111.566082][   T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  111.777488][  T352] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  111.787435][  T352] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.795731][  T352] usb 3-1: Product: syz
[  111.806089][  T352] usb 3-1: Manufacturer: syz
[  111.811504][  T352] usb 3-1: SerialNumber: syz
[  111.826636][   T24] usb 4-1: device descriptor read/8, error -71
[  111.838019][  T352] usb 3-1: config 0 descriptor??
[  112.088524][ T1926] netlink: 4 bytes leftover after parsing attributes in process `syz.2.383'.
[  112.179732][   T28] audit: type=1326 audit(1725779871.569:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.186201][ T1926] netlink: 48 bytes leftover after parsing attributes in process `syz.2.383'.
[  112.266086][   T24] usb 4-1: device descriptor read/8, error -71
[  112.316087][ T1495] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  112.356327][ T1981] netlink: 32 bytes leftover after parsing attributes in process `syz.3.396'.
[  112.365188][   T28] audit: type=1326 audit(1725779871.599:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.390163][   T28] audit: type=1326 audit(1725779871.599:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.416688][ T1738] EXT4-fs (loop4): unmounting filesystem.
[  112.416931][  T352] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  112.436990][  T352] usb 3-1: USB disconnect, device number 11
[  112.440923][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  112.444677][   T28] audit: type=1326 audit(1725779871.599:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.484430][   T28] audit: type=1326 audit(1725779871.599:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.515427][   T28] audit: type=1326 audit(1725779871.599:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.539199][   T28] audit: type=1326 audit(1725779871.599:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.564001][   T28] audit: type=1326 audit(1725779871.599:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.587811][   T28] audit: type=1326 audit(1725779871.599:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.629653][   T28] audit: type=1326 audit(1725779871.599:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000
[  112.675803][ T1994] loop0: detected capacity change from 0 to 512
[  112.700437][ T1994] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  112.761028][  T410] bio_check_eod: 136419 callbacks suppressed
[  112.761045][  T410] syz.3.18: attempt to access beyond end of device
[  112.761045][  T410] loop3: rw=0, sector=89552, nr_sectors = 8 limit=40427
[  112.783056][  T410] syz.3.18: attempt to access beyond end of device
[  112.783056][  T410] loop3: rw=0, sector=89560, nr_sectors = 8 limit=40427
[  112.783996][ T1986] loop4: detected capacity change from 0 to 40427
[  112.796825][ T1495] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.803332][  T410] syz.3.18: attempt to access beyond end of device
[  112.803332][  T410] loop3: rw=0, sector=89568, nr_sectors = 8 limit=40427
[  112.825698][ T1986] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[  112.832568][ T1986] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  112.840898][  T410] syz.3.18: attempt to access beyond end of device
[  112.840898][  T410] loop3: rw=0, sector=89576, nr_sectors = 8 limit=40427
[  112.846149][ T1986] ================================================================================
[  112.854219][  T410] syz.3.18: attempt to access beyond end of device
[  112.854219][  T410] loop3: rw=0, sector=89584, nr_sectors = 8 limit=40427
[  112.876192][ T1986] UBSAN: shift-out-of-bounds in fs/f2fs/super.c:911:5
[  112.876458][  T410] syz.3.18: attempt to access beyond end of device
[  112.876458][  T410] loop3: rw=0, sector=89592, nr_sectors = 8 limit=40427
[  112.910719][  T410] syz.3.18: attempt to access beyond end of device
[  112.910719][  T410] loop3: rw=0, sector=89600, nr_sectors = 8 limit=40427
[  112.913530][ T1986] shift exponent 133 is too large for 64-bit type 'unsigned long'
[  112.933081][ T1986] CPU: 1 PID: 1986 Comm: syz.4.397 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[  112.938605][  T410] syz.3.18: attempt to access beyond end of device
[  112.938605][  T410] loop3: rw=0, sector=89608, nr_sectors = 8 limit=40427
[  112.942611][ T1986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  112.942626][ T1986] Call Trace:
[  112.942632][ T1986]  <TASK>
[  112.942640][ T1986]  dump_stack_lvl+0x151/0x1b7
[  112.955897][  T410] syz.3.18: attempt to access beyond end of device
[  112.955897][  T410] loop3: rw=0, sector=89616, nr_sectors = 8 limit=40427
[  112.965614][ T1986]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  112.965641][ T1986]  dump_stack+0x15/0x1c
[  112.969006][  T410] syz.3.18: attempt to access beyond end of device
[  112.969006][  T410] loop3: rw=0, sector=89624, nr_sectors = 8 limit=40427
[  112.971515][ T1986]  __ubsan_handle_shift_out_of_bounds+0x3e1/0x440
[  113.017783][ T1986]  parse_options+0x4b90/0x4ba0
[  113.022379][ T1986]  ? mount_bdev+0x282/0x3b0
[  113.026717][ T1986]  ? f2fs_mount+0x34/0x40
[  113.030892][ T1986]  ? default_options+0xc80/0xc80
[  113.035688][ T1986]  ? kstrdup+0x54/0x70
[  113.039564][ T1986]  ? memcpy+0x56/0x70
[  113.043380][ T1986]  f2fs_fill_super+0x23bc/0x6dc0
[  113.048167][ T1986]  ? kill_f2fs_super+0x3c0/0x3c0
[  113.052930][ T1986]  ? set_blocksize+0x1cb/0x360
[  113.057544][ T1986]  ? sb_set_blocksize+0xa8/0xf0
[  113.062215][ T1986]  mount_bdev+0x282/0x3b0
[  113.066389][ T1986]  ? kill_f2fs_super+0x3c0/0x3c0
[  113.071154][ T1986]  f2fs_mount+0x34/0x40
[  113.075148][ T1986]  legacy_get_tree+0xf1/0x190
[  113.079658][ T1986]  ? trace_raw_output_f2fs__rw_end+0x110/0x110
[  113.085664][ T1986]  vfs_get_tree+0x88/0x290
[  113.089903][ T1986]  do_new_mount+0x2ba/0xb30
[  113.094242][ T1986]  ? do_move_mount_old+0x160/0x160
[  113.099188][ T1986]  ? security_capable+0x87/0xb0
[  113.103886][ T1986]  ? ns_capable+0x89/0xe0
[  113.108040][ T1986]  path_mount+0x671/0x1070
[  113.112293][ T1986]  ? user_path_at_empty+0x14e/0x1a0
[  113.117331][ T1986]  __se_sys_mount+0x2c4/0x3b0
[  113.121844][ T1986]  ? __x64_sys_mount+0xd0/0xd0
[  113.126440][ T1986]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  113.132345][ T1986]  __x64_sys_mount+0xbf/0xd0
[  113.136779][ T1986]  x64_sys_call+0x49d/0x9a0
[  113.141107][ T1986]  do_syscall_64+0x3b/0xb0
[  113.145361][ T1986]  ? clear_bhb_loop+0x55/0xb0
[  113.149875][ T1986]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  113.155610][ T1986] RIP: 0033:0x7faff117e69a
[  113.159855][ T1986] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.179298][ T1986] RSP: 002b:00007faff203fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  113.187539][ T1986] RAX: ffffffffffffffda RBX: 00007faff203fef0 RCX: 00007faff117e69a
[  113.195353][ T1986] RDX: 0000000020000040 RSI: 00000000200000c0 RDI: 00007faff203feb0
[  113.203168][ T1986] RBP: 0000000020000040 R08: 00007faff203fef0 R09: 0000000000000000
[  113.210975][ T1986] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200000c0
[  113.218786][ T1986] R13: 00007faff203feb0 R14: 000000000000552d R15: 0000000020000100
[  113.226604][ T1986]  </TASK>
[  113.287798][ T1986] ================================================================================
[  113.297285][ T1986] F2FS-fs (loop4): Not support 32, larger than 256
[  113.297717][ T1209] EXT4-fs (loop0): unmounting filesystem.
[  113.316123][ T1495] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  113.358893][ T1495] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.382984][ T1495] usb 2-1: Product: syz
[  113.394691][ T1495] usb 2-1: Manufacturer: syz
[  113.407787][ T1495] usb 2-1: SerialNumber: syz
[  113.426853][ T1495] usb 2-1: config 0 descriptor??
[  113.697429][ T1977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.395'.
[  113.720694][ T1977] netlink: 48 bytes leftover after parsing attributes in process `syz.1.395'.
[  113.762855][ T1495] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[  113.772481][ T1495] usb 2-1: USB disconnect, device number 16
[  113.788698][  T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  114.966072][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  117.766125][  T410] bio_check_eod: 225008 callbacks suppressed
[  117.766143][  T410] syz.3.18: attempt to access beyond end of device
[  117.766143][  T410] loop3: rw=524288, sector=87896, nr_sectors = 8 limit=40427
[  117.785559][  T410] syz.3.18: attempt to access beyond end of device
[  117.785559][  T410] loop3: rw=524288, sector=87904, nr_sectors = 8 limit=40427
[  117.799233][  T410] syz.3.18: attempt to access beyond end of device
[  117.799233][  T410] loop3: rw=524288, sector=87912, nr_sectors = 8 limit=40427
[  117.812766][  T410] syz.3.18: attempt to access beyond end of device
[  117.812766][  T410] loop3: rw=524288, sector=87920, nr_sectors = 8 limit=40427
[  117.826314][  T410] syz.3.18: attempt to access beyond end of device
[  117.826314][  T410] loop3: rw=524288, sector=87928, nr_sectors = 8 limit=40427
[  117.839842][  T410] syz.3.18: attempt to access beyond end of device
[  117.839842][  T410] loop3: rw=524288, sector=87936, nr_sectors = 8 limit=40427
[  117.853445][  T410] syz.3.18: attempt to access beyond end of device
[  117.853445][  T410] loop3: rw=524288, sector=87944, nr_sectors = 8 limit=40427
[  117.867091][  T410] syz.3.18: attempt to access beyond end of device
[  117.867091][  T410] loop3: rw=524288, sector=87952, nr_sectors = 8 limit=40427
[  117.880683][  T410] syz.3.18: attempt to access beyond end of device
[  117.880683][  T410] loop3: rw=524288, sector=87960, nr_sectors = 8 limit=40427
[  117.894727][  T410] syz.3.18: attempt to access beyond end of device
[  117.894727][  T410] loop3: rw=524288, sector=87968, nr_sectors = 8 limit=40427
[  122.776017][  T410] bio_check_eod: 314984 callbacks suppressed
[  122.776036][  T410] syz.3.18: attempt to access beyond end of device
[  122.776036][  T410] loop3: rw=524288, sector=89288, nr_sectors = 8 limit=40427
[  122.795731][  T410] syz.3.18: attempt to access beyond end of device
[  122.795731][  T410] loop3: rw=524288, sector=89296, nr_sectors = 8 limit=40427
[  122.809246][  T410] syz.3.18: attempt to access beyond end of device
[  122.809246][  T410] loop3: rw=524288, sector=89304, nr_sectors = 8 limit=40427
[  122.822836][  T410] syz.3.18: attempt to access beyond end of device
[  122.822836][  T410] loop3: rw=524288, sector=89312, nr_sectors = 8 limit=40427
[  122.836430][  T410] syz.3.18: attempt to access beyond end of device
[  122.836430][  T410] loop3: rw=524288, sector=89320, nr_sectors = 8 limit=40427
[  122.849978][  T410] syz.3.18: attempt to access beyond end of device
[  122.849978][  T410] loop3: rw=524288, sector=89328, nr_sectors = 8 limit=40427
[  122.863606][  T410] syz.3.18: attempt to access beyond end of device