last executing test programs:

9.059929916s ago: executing program 3 (id=1067):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000401e04012810000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000f0000000f0"], 0x0, 0x0, 0x0, 0x0}, 0x0)

8.425012014s ago: executing program 1 (id=1073):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x83f42, 0x0)
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x21d, &(0x7f0000000b40)="$eJzsmL9rFEEUx78zu7e5FRFtUthYGDCi2cvuoaQ5NIJgJULir0oPs4Z4m5xcVjAHgsHGRjsLwcbCf8AiRSoLO/8BQQsVBAuvsLCxGZmd2b1JJnGPNVa+TzF8Z9978+a9233FgSCI/5Yvn39+enJuZv4kgP2YwJh+/s0BGFOaG/4fn9878ax1/sXrD6/erhx4sLn9PBkixNYH9T/kdwG8mXWQFpmK6F9STOjNPHihL4PjuNZXwRBofRMcV7SOwXBd6zuG7kr/ILi9lMTBrW6yIMW0XEK5RHJpbr/fYJ1hQe+FEIIZ9tW1fqedJHHPEK627WCqJIpknXGrfzV4GMxytIz7yS5ee/xoXe7z3kwb/QvBEeoimmCY089nMJb3RrXEqP+wOzzfserfsVrpKg1lRdaVaP3Yk2aZ4tBUtfBJWc5Z23QQVa6BrVE1DE2yk3tbsvXqZMItfxfP6B+0Qq6Lo1bx1Afwjyo1RaUqcjE+2Hxnm76WhQtWnoKN/v7UR71z/iFW75iPfof/Tcd2u9j7DTU/xEuGY8Z8co350UiX7zZW1/pTS8vtxXgxXomi5mkGPDwVNbJBpFZr7g3ns5/Np33G+bVdfD3u4X47TXuhWj3mwUea9qJsHxmfzdxG9/sNHZbiAoCjaiPHplec6Fg5mKd8eOYr1aTtRBAEQRAEQRAEQRAEQRAEUYkjYNm/oCVElzLv3wEAAP//0Ixjlw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
getdents64(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000440)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
creat(&(0x7f0000000280)='./bus\x00', 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

7.627270948s ago: executing program 0 (id=1079):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
syz_emit_ethernet(0x9a, &(0x7f00000006c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb01dd60ee527e00643c0000000000000000000000000000000000ff0200000000000000000000000000010002000000000000c910ff010000000000000000000087824d7ebbb64c473235000000010000000000000420880b0000000000000800000086dd080088be00000000100000000100000000000000080022ea68f3a21e06405e34eb00000000200000000200"/164], 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

7.528185667s ago: executing program 1 (id=1080):
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffffed7a000008003950323030302e4c"], 0x15)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020641700000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000740)=ANY=[@ANYBLOB="5001"], 0x150)
getresuid(&(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000180)=<r5=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',privport,access=', @ANYRESDEC=r5])
chdir(&(0x7f0000000080)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)

7.411016448s ago: executing program 1 (id=1081):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x172f, 0x501, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, '\v\tt1'}]}}, 0x0}, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x2ec})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='fsi_master_write\x00', r3}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r5, 0x12b084226d2dad07, 0x0, 0x0, {{}, {}, {0x0, 0x13, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000080000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/diskstats\x00', 0x0, 0x0)
read$char_usb(r8, &(0x7f0000001840)=""/4090, 0xffa)
preadv(r8, &(0x7f0000000040)=[{&(0x7f0000000180)=""/128, 0x80}], 0x1, 0xffffffff, 0x0)
bind$packet(r7, &(0x7f0000000180)={0x11, 0x4, 0x0, 0x1, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

6.84369252s ago: executing program 4 (id=1078):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000401e04012810000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000f0000000f0"], 0x0, 0x0, 0x0, 0x0}, 0x0)

6.742659299s ago: executing program 3 (id=1083):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0xe1, @mcast1, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000029000000370000007c"], 0x18}}], 0x1, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)={0x20, r6, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x20}}, 0x0)

6.700068393s ago: executing program 0 (id=1084):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r4 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.874137379s ago: executing program 3 (id=1086):
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x20040, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff092403f3ff00", @ANYRES8=r0, @ANYBLOB="05"], 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6a3, 0x621, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f00000001c0)='./file1\x00', 0xa1000a, &(0x7f00000003c0)=ANY=[], 0x21, 0x1517, &(0x7f0000003040)="$eJzs3AuYjtX6MPD7Xms9DElvkxyGtdb98KbBMiTJIUkOSZJsSXJKCE2SJCTGWdKQhBwnyWEIyWEak8b5fMg5SZImSUJCkvVds7c+e+/6//v23n35vv/cv+ta17vu53nu9aw198y8z/PM9c43PUbVaVa3ZhMigv8I/u0lCQBiAGAYAFwHAAEAVIytGJu9P4/EpP/sJOzfhr+18aHUP38i7P8dXP+cjeufs3H9czauf87G9c/ZuP45G9c/Z+P6M5aTbZ9T5Po/veWCP/+c3H6z8fP/nIzf//8HySo7+YuNZW/s+S+kcP1zNq5/zsb1z9m4/jkb1z9n4/rnbFz/nI3rz1hO9u8/O75Kfzvg9oe2q/39xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsZzjvr1AA8Ev/as+LMcYYY4wxxhhjfxyf+2rPgDHGGGOMMcYYY//3IQiQoCCAXJAbYiAP5IVrIB9cC/nhOojA9RALN0ABuBEKQiEoDEUgDopCMdBgwAJBCMWhBEThJigJN0M8lILSUAYclIUEKAfl4RaoALdCRbgNKsHtUBmqQFWoBndAdbgTasBdUBPuhlpQG+pAXbgH6sG9UB/ugwZwPzSEB6ARPAiN4S/QBB6CpvAwNINHoDk8Ci2gJbSC1tDm38p/AfrAi9AX+kES9IcBMBAGwWAYAkNhGLwEw+FlGAGvQDKMhFHwKoyG12AMvA5jYRyMhzdgAkyESTAZpsBUSIE3YRq8BdPhbZgBM2EWzIZUmANz4R2YB/NhAbwLC+E9WASLYQkshTR4H9JhGWTAB7AcPoRMWAErYRWshjWwFtbBetgAG2ETbIYtsBW2wXb4CHbATtgFu2EP7IV98DHsh0/gAHwKB+GzfzH/3D/l90RAQIECFSrMhbkwBmMwL+bFfJgP82N+jGAEYzEWC2ABLIgFsTAWxjiMw2JYDA0aJCQsjsUxilEsiSUxHuOxNJZGhw4TMAHL4y1YAStgRayIlbASVsYqWAWrYTWsjtWxBtbAmlgTa2EtrIN18B68B+/F+lgfG2ADbIgNsRE2wsbYGJtgE2yKTbEZNsPm2BxbYAtsha2wDbbBttgW22E77IAdsCN2xM7YGRMxEbtgF+yKXbEbdsPu2B17YA/sib2wF76AL+CL+CL2w1qiPw7AATgIB+EQHIpD8SUcji/jy/gKJuNIHIWv4qv4Go7BszgWx+F4HI/VxUSchJORxFRMwRSchtNwOk7HGTgTZ+JsTMU5OBfn4jycj/PxXVyI7+F7uBgX41JMwzRMx2WYgRm4HM9hJq7AlbgKV+MaXI3rcD2uw424CTfiFtyC23AbfoQf4U7cibtxN+5FBYAf4yf4CSbjQTyIh/AQHsbDeASPYBZm4VE8isfwGB7H43gCT+BJPIWn8RSewTN4Fs/heTyPF/ACXsTn4r5qurfUhmQQ2ZRQIpfIJWJEjMgr8op8Ip/IL/KLiIiIWBErCogCoqAoKAqLwiJOxIliopgwwggSoSguiouoiIqSoqSIF/GitCgtnHAiQSSI8qK8qCAqiIriNlFJ3C4qiyqivasmqonqooOrIe4SNUVNUUvUFnVEXVFX1BP1RH1RXzQQDURD0VA0Eg+KxqI/DsGHRHZlmomR2FyMwhaipWglWovX8DHRVozBdqK96CCeEONwLHYWbV2ieEp0EZOwq3hGTMZnRXcxFXuI50VP0Uv0Fi+IPqKd6yv6iRnYXwwQs3GQGCyGiKFiHtYW2RWrI14RyWKkGCVeFUvxNTFGvC7GinFivHhDTBATxSQxWUwRU0WKeFNME2+J6eJtMUPMFLPEbJEq5oi54h0xT8wXC8S7YqF4TywSi8USsVSkifdFulgmMsQHYrn4UGSKFWKlWCVWizVirVgn1osNYqPYJDaLLWKr2Ca2i4/EDrFT7BK7xR6xV+wTH4v94hNxQHwqDorPxCHxuTgsvhBHxJciS3wljoqvxTHxjTguvhUnxHfipDglTovvxRnxgzgrzonz4kdxQfwkLoqfxSXhBUiUQkqpZCBzydwyRuaReeU1Mp+8VuaX18mIvF7GyhtkAXmjLCgLycKyiIyTRWUxqaWRVpIMZXFZQkblTbKkvFnGy1KytCwjnSwrE2Q5WV7eIivIW2VFeZusJG+XlWUVWVVWk3fI6vJOWUPeJWvKu2UtWVvWkXXlPbKevFfWl/fJBvJ+2VA+IBvJB+Uvz6ibyodlM/mIbC4flS1kS9lKtpZt5GOyrXxctpPtZQf5hOwoO8nO8kmZKJ+SXeTTsqt8RnaTz8ru8jnZQz4ve8pesrf8WV6SXvaV/WSS7C8HyIFykBwsh8ihcph8SQ6XL8sR8hWZLEfKUfJVOVq+JsfI1+VYOU6Ol2/ICXKinCQnyylyqkyRb8pp8i05Xb4tZ8iZcpacLVPlHDnk8kgL/g/y3/qN/BF/Pfs2uV1+JHfInXKX3C33yL1yn9wn98v98oA8IA/Kg/KQPCQPy8PyiDwis2SWPCqPymPymDwuj8sT8oQ8KU/JH+X38oz8QZ6V5+Q5+aO8IC/Ii5e/BqBQCSWVUoHKpXKrGJVH5VXXqHzqWpVfXaci6noVq25QBdSNqqAqpAqrIipOFVXFlFZGWUUqVMVVCRVVN+HlCwpVWpVRTpVVCarcv5KvSqqbVbwq9Q/5vze/NqqNaqvaqnaqneqgOqiOqqPqrDqrRJWouqguqqvqqrqpbqq76q56qB6qp+qpeqveqo/qo/qqvipJJakBaqAapAarIWqoGqZeUsPVcDVCjVDJKlmNUqPUaDVajVFj1Fg1Vo1X49UENUFNUpPUFDVFpagUNU1NU9PVdDVDzVCz1CyVqlLVXDVXzVPz1AK1QC1UC9UitUgtUUtUmkpT6SpdZagMtVwtV5lqhVqhVqlVao1ao9apdWqD2qA2qU1qi9qiMtV2tV3tUDvULrVL7VF71D61T+1X+9UBdUAdVAfVIXVIHVaH1RF1RGWpLHVUHVXH1DF1XB1XJ9QJdVKdVKfVaXVGnVFn1Vl1Xp1XF9QFdVFdVJfUpezLvkAEIlCBCnIFuYKYICbIG+QN8gX5gvxB/iASRILYIDYoENwYFAwKBYWDIkFcUDQoFujABDagIAyKByWCaHBTUDK4OYgPSgWlgzKBC8oGCUG5oHxwS1AhuDWoGNwWVApuDyoHVYKqQbXgjqB6cGdQI7grqBncHdQKagd1grrBPUG94N6gfnBf0CC4P2gYPBA0Ch4MGgd/CZoEDwVNg4eDZsEjQfPg0aBF0DJoFbQO2lweX/0h43t/ttDjrq/up5N0fz1AD9SD9GA9RA/Vw/RLerh+WY/Qr+hkPVKP0q/q0fo1PUa/rsfqcXq8fkNP0BP1JD1ZT9FTdYp+U0/Tb+np+m09Q8/Us/Rsnarn6Ln6HT1Pz9cL9Lt6oX5PL9KL9RK9VKfp93W6XqYz9Ad6uf5QZ+oVeqVepVfrNXqtXqfX6w16o96kN+steqveprfrj/QOvVPv0rv1Hr1X79Mf6/36E31Af6oP6s/0If25Pqy/0Ef0lzpLf6WP6q/1Mf2NPq6/1Sf0d/qkPqVP6+/1Gf2DPqvP6fP6R31B/6Qv6p/1Je2zL+6z396NMsrkMrlMjIkxeU1ek8/kM/lNfhMxERNrYk0BU8AUNAVNYVPYxJk4U8wUM9nIkCluipuoiZqSpqSJN/GmtCltnHEmwSSY8qa8qWAqmIqmoqlkKpnKprKpaqqaO8wd5k5zp7nL3GXuNneb2qa2qWvqmnqmnqlv6psGpoFpaBqaRqaRaWwamyamiWlqmppmpplpbpqbFqaFaWVamTamjWlr2pp2pp3pYDqYjqaj6Ww6m0STaLqYLqar6Wq6mW6mu+luepgepqfpaXqb3qaP6WP6mr4mySSZAWaAGWQGmSFmiBlmhpnhZrgZYUaYZJNsRplRZrQZbcaYMWasGWfGmzfMBDPRTDKTzRQz1aSYFDPNTDPTzXQzw8wws8wsk2pSzVwz18wz88wCs8AsNAvNIrPILDFLTJpJM+km3WSYDLPcLDeZJtOsNCvNarParDVrzXqz3mw0G81ms9lsNVvNdrPd7DA7zC6zy+wxe8w+s8/sN/vNAXPAHDQHzSFzyCOAOWKOmCyTZY6ao+aYOWaOm+PmhDlhTpqT5rQ5bc6YM+asOWvOm/PmgvnJXDQ/m0vGmxibx+a119h89lqb315n/zkubIvYOFvUFrPaFrSF/iE21tp4W8qW/uUW05az8THZr2Wss2Vtgi1nK9sqtqqtZu+w1e2dtsav4nr2Xlvf3mcb2PttXXvPP8QN7QO2kX3ENraP2ia2pW1qW9tm9hHb3D5qW9iWtpVtbTvaTrazfdIm2qdsF/v0r+J0u8yutxvsRrvJ7ref2PP2R3vMfmMv2J9sX9vPDrMv2eH2ZTvCvmKT7chfxePtG3aCnWgn2cl2ip36q3iWnW1T7Rw7175j59n5v4rT7Pt2oc2wi+xiu8Qu/WucPacM+4Fdbj+0mXaFXWlX2dV2jV1r1/3vua6yW+xWu83usx/bHXan3WV32z1271/j7HUcsJ/ag/Yze9R+bQ/bL+wRe9xm2a/+Gmev77j91p6w39mT9pQ9bb+3Z+wP9qw9l71+n7327+3P9pL1FghJkCRFAeWi3BRDeSgvXUP56FrKT9dRhK6nWLqBCtCNVJAKUWEqQnFUlIqRJkOWiEIqTiUoSjdRSbqZ4qkUlaYy5KgsJVA5Kk+3UAW6lSrSbVSJbqfKVIWqUjW6g6rTnVSD7qKadDfVotpUh+rSPVSP7qX6dB81oPupIT1AjehBakx/oSb0EDWlh6kZPULN6VFqQS2pFbWmNvQYtaXHqR21pw70BHWkTtSZnqREeoq60NPUlZ6hbvQsdafnqAc9Tz2pF/WmF6gPvUh9qR8lUX8aQANpEA2mITSUhtFLNJxephH0CiXTSBpFr9Joeo3G0Os0lsbReHqDJtBEmkSTaQpNpRR6k6bRWzSd3qYZNJNm0WxKpTk0l96heTSfFtC7tJDeo0W0mJbQUkqj9ymdllEGfUDL6UPKpBW0klbRalpDa2kdracNtJE20WbaQltpG22nj2gH7aRdtJv20F7aRx/Tfspz+QfuMzpEn9Nh+oKO0JeURV/RUfqajtE3dJy+pRP0HZ2kU3Savqcz9AOdpXN0nn6kC/QTXaSf6RJ5ghBDEcpQhUGYK8wdxoR5wrzhNWG+8Nowf3hdGAmvD2PDG8IC4Y1hwbBQWDgsEsaFRcNioQ5NaEMKw7B4WCKMhjeFJcObw/iwVFg6LBO6sGyYEJYLy4e3hBXCW8OK4W1hpfD2sHJYJXzk/mrhHWH18M6wRnhXWDO8O6wV1g7rhHXDe8J64b1h/fC+sEF4f1ghfCBsFD4YwuXPqzQNHw6bhY+EzcNHwxZhy7BV2DpsEz4Wtg0fD9uF7cMO4RNhx7BT2Dl8MkwMnwq7hE//7v6ksH84IBwYDgy9v08uiS6NpkXfj6ZHl0Uzoh9El0c/jGZGV0RXRldFV0fXRNdG10XXRzdEN0Y3RTdHt0S3RrdFva+bGxw64aRTLnC5XG4X4/K4vO4al89d6/K761zEXe9i3Q2ugLvRFXSFXGFXxMW5oq6Y084468iFrrgr4aLuJlfS3eziXSlX2pVxzpV1Ca61a+PauLbucdfOtXcd3BPuCdfJdXJPuifdU66Le9p1dc+4bu5Z1909555zz7uerpfr7V5wfdyLrq/r55JckhvgBrhBbpAb4oa4YW6YG+6GuxFuhEt2yW6UG+VGu9FujBvjxrqxbrwb7ya4CW6Sm+SmuCkuxaW4aW6am+6muwAAZrlZLtWlurlurpvn5rkFboFbGL/QLXKL3BK3xKW5NJfu0l2Gy3DL3XKX6TLdSrfSrXar3Vq31q13691Gt9FtdpvdVrfVbXfb3Q63w+1yu9wet8ftc/vcfrffHXAH3EF30B1yh9xhd9gdcV+6LPeVO+q+dsfcN+64+9adcN+5k+6UO+2+d2fcD+6sO+fOux/dBfeTu+h+dpecdymRNyPTIm9FpkfejsyIzIzMisyOpEbmROZG3onMi8yPLIi8G1kYeS+yKLI4siSyNJIWeT+SHlkWyYh8EFke+TCSGVkRWRlZFVkdWaPAF90R+uK+hI/6m3xJf7OP96V8aV/GO1/WJ/hyvry/xVfwt/qK/jZfyd/uK/sqvqp/1LfwLX0r39q38Y/5tv5x38639x38E76j7+Q7+yd9on/Kd/FP+67+Gd/NP+u7++d8D/+87+l7+d7+Bd/Hv+j7+n4+yff3A/xAP8gP9kP8UD/Mv+SH+5f9CP+KT/Yj/Sj/qh/tX/Nj/Ot+rB/nx/s3/AQ/0U/yk/0UP9Wn+Df9NP+Wn+7f9jP8TD/Lz/apfo6f69/x8/x8v8C/6xf69/wiv9gv8Ut9mn/fp/tlPkOAX+4/9Jl+hV/pV/nVfo1f69f59X6D3+g3+c1+i9/qt/nt/iO/w+/0u/xuv8fv9fv8x36//8Qf8J/6g/4zf8h/7g/7L/wR/6XP8l/5o/5rf8x/44/7b/0J/50/6U/50/57f8b/4M/6c/68/9Ff8D/5i/5nf+lf/Mxa7T/s+TljjDHG2P9fBv7O/v6/sU0BgLjc/8l7f+3OIll/v18CwOaCf+sPFnEdIwDwVL8eD/3SatVKSkq6fGymhKDEYgCI/NMJLscroAN0gkRoD+V/c36DRa8L9DvjR28DyPt3OTFwJb4y/uf/xfiPPTE+vVJ4Pva/GX8xQHyJKznZd+G/xCugQ/ZqoD1U+C/GL9T2d+af54sUgHZ/l5MPANrl+ef5J8Dj8DQk/sORjDHGGGOMMcbY3wwWVbv93v1z9v15nLqSkxuuxL93f84YY4wxxhhjjLGr79levZ98LDGxfTfucIc7OazT6b855mr/ZmKMMcYYY4z90a5c9F/ZludqTogxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMuB/oz/NHa118gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xdbf8rAAD///PANII=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x0, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x3)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x5, {0x5, 0x0, "a7ea31"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_control_io$uac1(r1, &(0x7f0000000280)={0x14, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0003040000002203"]}, 0x0)
syz_usb_control_io$uac1(r1, &(0x7f0000000680)={0x14, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00032a0000002a03"]}, 0x0)

5.556924968s ago: executing program 2 (id=1088):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
epoll_create(0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2000003, &(0x7f0000000000), 0x1, 0x4f3, &(0x7f0000000bc0)="$eJzs3d9rXFkdAPDvvcnspt2sk0WRteDuYivp6nYm2bi7QaRWEH0qWOt7jMkkhEwyITOpzVA0xVdBEFHBJ598EfwDBOmfIEJB30WLItrqgw/aKzNzp03TmSQlP8adfD5wes+55977PWeauT/mHu4N4Mx6KyKuRcRIRLwdEcV8fpqnuVZhp7Pco4d3FlopiSy7+fckknxed1ut8mhEvNJZJcYi4utfjfhW8nzc+nZzdb5arWzm5XJjbaNc325eWVmbX64sV9ZnZqbfn/1g9r3ZqSx3pH5eiIirX37w4x/84itXf/POt/8499fL32k16wsf77Q7IhaOFKCPzrY/887u5rc+o82TCDYAI3l/CnsrbgymPQAA7K91jn8xIj7VPv8vxkj7bA4AAAAYJtkXx+M/SUQGAAAADK00IsYjSUv5WIDxSNNSqTOG92NxPq3W6o3PLtW21hdbdRETUUiXVqqVqXys8EQUklZ5up1/Wn53T3kmIl6LiB8Vz7XLpYVadXHQP34AAADAGfHKm89e//+rmLbzAAAAwJCZ6FsAAAAAhoVLfgAAABh+rv8BAABgqH3t+vVWyrrv8V68tb21Wrt1ZbFSXy2tbS2UFmqbG6XlWm25/cy+tT6b+X43U63VNj4X61u3y41KvVGubzfn1mpb6425lfbrwAEAAIABeO3Ne39IImLn8+faKfLnAAI848+DbgBwnEYG3QBgYEYH3QBgYAoHLjH6AssCH0bJAfV9B+/89vjbAgAAnIzJTzx///+lvM71Pgw3Y30A4Oxx/x/OroIRgHDmXepMXu5Xf/T7/1n2wo0CAACO1Xg7JWkpvxc4HmlaKkW82n4tQCFZWqlWpiLiIxHx+2Lh5VZ5ur1mcuCYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAIChFpH+JWk/zT9isnhpfO/vAy8l/y7Gg7zws5s/uT3faGxOt+b/o9iuj4jGT/P572ZeCQAAAAD/BzrX6fl0etCtAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDYPHp4Z6GbTjPu374UERO94o/GWHs6FoWIOP/PJEZ3rZdExMgxxN+5GxGv746fPYnwOMuyibwVveKfO5H43f4nrY8l9sQf666XHkNsOOvutfY/13p9/9J4qz3t/f0fzdNR9d//pU/2fyN99j+vHjLGhfu/KveNfzfiwmjv/U83ftIn/sVDxv/mN5rNfnXZzyMmex5/kmdilRtrG+X6dvPKytr8cmW5sj4zM/3+7Aez781OlZdWqpX8354xfvjJXz/er//n+8SfOKD/lw7Z///ev/3wo51soVf8yxd7H39f7xM/zY99n87zrfrJbn6nk9/tjV/+7o39+r/Yp/8H/f9fPmT/377xvT8dclEA4BTUt5ur89VqZXOfzNghlpGROUom+27n7/Fo24nNkWNtWDboj6W+3eyedZ929EHulQAAgJPw9KR/0C0BAAAAAAAAAAAAAAAAAACAs+s0Hie2N+bOYLoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCv/wUAAP//WIjdwA==")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x16, &(0x7f00000004c0)=ANY=[@ANYBLOB="18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa207020000f8ffffffb703000008000000b7040000002000008500000082000000"], &(0x7f0000000280)='GPL\x00', 0x16, 0x6f, &(0x7f0000000580)=""/111, 0x40f00, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000640)={0x1, 0xd, 0x6, 0x4}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000680)=[r0, r0, r0, r0, r0, r0], &(0x7f00000006c0)=[{0x5, 0x4, 0xa, 0x1}, {0x3, 0x1, 0xa, 0xc}, {0x4, 0x5, 0x1, 0x9}, {0x1, 0x5, 0x10, 0x7}, {0x4, 0x5, 0x0, 0xc}], 0x10, 0x1, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000200)=',$:@^@,\x00', 0xffffffffffffffff)
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, 0x0, &(0x7f0000000180))
socket$inet_tcp(0x2, 0x1, 0x0)

5.346598128s ago: executing program 0 (id=1089):
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640)=[{0x0}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000feff17110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000380)={0x0, r0}, 0x8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x3, &(0x7f0000000340)=ANY=[@ANYRES32=r2], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r3, r5, 0x1, 0x0, @void}, 0x10)
r6 = socket(0x2, 0x3, 0xff)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r6, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r6, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1}}], 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0x4)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
openat$binder_debug(0xffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
write(r7, &(0x7f0000000000)="fa", 0xfffffdef)
openat$dir(0xffffff9c, &(0x7f0000000240)='./file0\x00', 0x80, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000000), 0x208e24b)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

5.2064505s ago: executing program 0 (id=1090):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x2000040, &(0x7f00000007c0)={[{@errors_remount}, {@nodiscard}, {@noquota}, {@init_itable}, {@stripe={'stripe', 0x3d, 0x79}}, {@resgid}, {@sysvgroups}, {@delalloc}, {@usrquota}]}, 0x10, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000600)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x10)
pipe(&(0x7f0000000d00)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r8], 0x20}}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000240), 0xfffffecc)
splice(r2, 0x0, r4, 0x0, 0x7151, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r9 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa51ee000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x19)

4.55953884s ago: executing program 2 (id=1091):
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107242, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x187842, 0x147)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
io_setup(0xfb, &(0x7f0000000140))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
flock(r4, 0x5)
r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r5, 0x2)

4.539749932s ago: executing program 4 (id=1092):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x4)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0xfcffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
fchmodat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0)

4.277754936s ago: executing program 0 (id=1093):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
pipe(&(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0)
vmsplice(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b32373b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5d31300d106d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510b00", 0x1000}}, 0x1006)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x17, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0)
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000200)={'full', 0x20, 0x8a, 0x20, 0x5}, 0x2f)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x75, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x63, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0x1}, [@dmm={0x7, 0x24, 0x14, 0xfffc}]}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000006800000000000000000022000a00000000"], 0x1c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0)
inotify_add_watch(r1, &(0x7f0000000480)='./file0\x00', 0x40000d80)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
fsopen(&(0x7f00000001c0)='cpuset\x00', 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xc003, 0x0, "ec28a144f13d7607"})
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x17)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

3.90369778s ago: executing program 1 (id=1094):
r0 = creat(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8", &(0x7f0000000380), 0x9, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x38d, 0x0, 0x0, 0x0, 0x63e852772321a39d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value=r0}, 0x94)
ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000380))
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
syz_emit_ethernet(0xa2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x2, 0x0)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close(r6)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000800)={'ip6_vti0\x00', &(0x7f0000000780)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @empty}})
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
syz_mount_image$erofs(&(0x7f0000000280), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES32], 0x1, 0x220, &(0x7f00000005c0)="$eJzsmL9rFEEUx78zt7e5FRFtUtgoGDCi2cvuoaQ5NIJgJULir0oPs4Z4m5xcVjAHgsHGRjsLwcbCf8AiRSoLO/8BQQsVBAuvsLCxGZmd2b25TM4N63W+TzF8Z9978+a9233FgSCI/5avX359fnp+bvEUgP2YwoR+/r0CMKY0N/w/vbh/8nnzwss3H1+/WzvwcHvneTJEiOEHtb/kdwC8na8gyTPl0b+lmNKbRfBcXwHHCa2vgcHX+hY4rmodgeGG1ncN3ZH+vn9nJY782514SYpZuQRyCeXS2Hm//ibDkt4LIQQz7OsbvXYrjqOuIRxt28VUSuTJ2pNW/6pw0Z/naBr3k128/uTxptxnvZk1+heAI9BFNMCwoJ/PYSLrjWqJUf9hZ3B+xap/12qlqzQUFVlTovlzLM0yxaGZcuHTspxztukgylwDw1FVDEyyk8POR8fbBCAVTvG7eFb/oCVyXbKqGCGeeQDG/ivbolQVmZjsb7+3Td+KwgUrTsH2/v7U9nrn7EMs3zEPvTb/l46NutiHLTU/xCuG48Z8coz5UU9W79XXN3ozK6ut5Wg5WgvDxhkGPDod1tNBpFZr7g3ms5fOp33G+dURvi538aCVJN1ArS5z4SFJumG6D43PZmGr8+OmDktwEcAxtZFj081PrFg5mKt8eOor1bTtRBAEQRAEQRAEQRAEQRAEUYojYOm/oAWEl1PvPwEAAP//p1NjTA==")

3.647341694s ago: executing program 4 (id=1095):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="000000001500000828bd7000fcdbdf25260020ff375eac04e493890fd9b6a3c4c3934ed6cd9a7abf83ea7193ae67cb5c55f64ec469bb56e8cbd8c638aca6fc64f3a85f8e070ae3ee51f335bba7eb8edbbfe239e009883509a4e099988223e47f40417c302bc4820658c667b79bd5bdae3f6575c69085c7ee1904bf144c0900bb7f7f77bbc750a0a73b342cd2165ff7fe16ccaa14a1279cb9211a4fda82cea0b598a44f73d5a10825e32d0e98e2e7c6d29b779c00c0e9682da641", @ANYRES32=r6, @ANYBLOB="00000200fe80000000000000000000000000002e"], 0x28}, 0x1, 0x0, 0x0, 0x4004000}, 0x24040010)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000005c0)={'gre0\x00', &(0x7f0000000740)={'sit0\x00', 0x0, 0x700, 0x700, 0xce35, 0xa0b, {{0x1a, 0x4, 0x1, 0x26, 0x68, 0x66, 0x0, 0xff, 0x2f, 0x0, @multicast1, @local, {[@ra={0x94, 0x4}, @ssrr={0x89, 0x1b, 0xec, [@loopback, @rand_addr=0x64010101, @local, @dev={0xac, 0x14, 0x14, 0x41}, @loopback, @loopback]}, @generic={0x44, 0x12, "0da2328f75c1623fdbaf104175492e40"}, @end, @cipso={0x86, 0x6, 0x3}, @ssrr={0x89, 0x1b, 0x6b, [@dev={0xac, 0x14, 0x14, 0x19}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @remote, @remote, @local]}]}}}}})
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000640)={&(0x7f00000000c0), 0xc, &(0x7f0000000600)={&(0x7f0000000840)={0x9c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x6}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x9ade}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x4}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x3}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES={0x8, 0x7, 0x2}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x8}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0xa42a}]}, 0x9c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000280)='./file0\x00', 0x2182842, 0x0, 0x0, 0x0, &(0x7f0000000380))
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
chdir(&(0x7f00000001c0)='./file0\x00')
openat(0xffffffffffffff9c, 0x0, 0x42000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x20142, 0x0)
sendmsg$netlink(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="380000002e000100000000000000000008000000", @ANYRES32, @ANYBLOB="0b000080976b6408686030001400018099"], 0x38}], 0x1}, 0x0)

3.559709282s ago: executing program 2 (id=1096):
r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540), 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r3=>r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000001c0)='sched_switch\x00', r2}, 0x10)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0))
ioctl$BINDER_THREAD_EXIT(r5, 0x40046208, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYRES32, @ANYRESDEC=r5, @ANYRES64=r3, @ANYRES16=r5, @ANYBLOB='\x00'/28, @ANYBLOB="787d013d18f3f565fead6d036bac81ef3477eab48e498d8c16546da733be5cb4c23f559edcc6e295af95a85be3f83103cf8da035c451b8aaa3cfb30d3d9e2838ae1a08dfb4b6158f30a23fe0153b7b50444662a6d611ff9d715a8c3fcb66f69e6eb6235fd242b3e2e092e739f37369cdaf3998b7ce27d083bc6bc6888b2dbb14d5daae2cdee4577b", @ANYRESDEC=r6, @ANYRESDEC=r3, @ANYRES8=r2, @ANYRES8, @ANYRESDEC=r5, @ANYRESHEX=r0, @ANYRES8=r0, @ANYRESHEX=r4, @ANYRES32=0x0], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b8000000190005090000000000000000e00000010000000000000000000000002001000000000000000000000000000100000000000000000200"], 0xb8}}, 0x24048094)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r11=>0xffffffffffffffff})
connect$unix(r11, &(0x7f000057eff8)=@abs, 0x6e)

2.701727061s ago: executing program 2 (id=1097):
r0 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x0)
fgetxattr(r0, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)

2.700971431s ago: executing program 4 (id=1098):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet(r0, &(0x7f0000006040)=[{{0x0, 0x0, &(0x7f0000005e40)=[{&(0x7f0000005b40)="16574d", 0x3}], 0x1}}, {{&(0x7f0000005e80)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000006000)=[{&(0x7f0000005ec0)="8ca0aa4d", 0x4}, {0x0}], 0x2}}], 0x2, 0x4880) (fail_nth: 9)

2.697907721s ago: executing program 1 (id=1099):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r4 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.434503595s ago: executing program 3 (id=1100):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
openat$selinux_policy(0xffffff9c, &(0x7f0000000180), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2006, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x3, 0x8, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES16=r0], 0x4c}}, 0x0)
futex(&(0x7f0000004000), 0x1, 0x0, 0x0, &(0x7f0000004000)=0x3, 0x82020000)

2.38091877s ago: executing program 4 (id=1101):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
openat$selinux_policy(0xffffff9c, &(0x7f0000000180), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2006, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)={0xf4, r7, 0xfc5, 0x0, 0x0, {{0x11}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0xd8, 0x2a, [@perr={0x84, 0xd2, {0x0, 0x10, [{}, {}, {{}, @device_a, 0x20}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}}]}]}, 0xf4}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES16=r0], 0x4c}}, 0x0)

2.364604392s ago: executing program 2 (id=1102):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r4, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)

329.778989ms ago: executing program 3 (id=1103):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000000)="656641f947000f380a262e400f0118c93600004b0fc7ad6f53fafc440f32c7442400d8000000c7442402ce000000ff2c24c46231ae280101440f09b906020000430f01cbba010000000f3064f3430f09c4223ccb5ae2", 0x56}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
sched_getattr(0x0, &(0x7f0000000000)={0x38}, 0x38, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000040)="0fa26667f046836b0876650fc71a66ba4100edb9800000c00f3235001000000f30420f017805450f0866b8af008ed86446d8e4b8010000000f01d9", 0x3b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000880)=ANY=[@ANYBLOB="0100000000000000000000000000c0"])
ioctl$KVM_RUN(r7, 0xae80, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x1018e58, &(0x7f0000000000), 0x6, 0x5fd, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvzCYxaaNpRcQWxYCHFqRpUotVL7b1YA8FC/Yg4qGhSWro9gdNCrYWTMGDgoKIV5Fe/Ae8S+/eRFBvnoUqUlFQ6crszrabZDfdttmdNPP5wGTnvZnd9747eZn3dvJ2Aiit8exHGrEj4taJJGKsZdtoNDaO5/vd/OPKyWxJolZ78/ckkjyvuX+SP27NE8MR8f3hiMcrq8tduHT59HS11vBBxN7FM+f3Lly6vGf+zPSp2VOzZ6f2vbT/wOTLU/un1iXOrfnjkaNvPP3ph+++OPdDdU8SB+P44PszsSKO9TIe43ErD7E1fyAiDmQrbd6Xh80mCKHUKvnv42BEPBljUamnGsZi/pNCKwf0VK0SUQNKKtH+oaSa/YDm2L67cfDxHvdK+ufGocYAaHX8A43PRmK4PjbacjNpGRk1PtvYtg7lZ2X8d2Xnl9kSyz6H+Pv20RlYh3I6WboaEU+1iz+p121bPdIs/nTZWD+JiMmIGMrr99oD1CFpWe/F5zBruZf4W49DGhEH88cs//B9lj++It3v+AEop+uH8hP5Upa6c/7L+h7N/k+06f+Mtjl33Y+iz3+d+3/N8/1wvd+TruiHZX2WY+1fcnBlxi8fH/m8U/mt/b9sycpv9gX74cbViJ0r4v8oCzbv/2TxJ22Of7bLiYPdlfH6j78d6bSt6Phr1yJ2tR3/3OmVZmtrXJ/cOzdfnZ1s/GxbxrffvfN1p/KLjj87/ls6xN9y/NOVz8vek/NdlvHNsWtnOm0bvWv86a9DSWO8OZTnvDe9uHhhKmIoOZrv0pK/b+26NPdpvkYW/+7n2rf/Zb//V5e/zkjzT2YXzr91+manbfdz/FsuJt+qdVmHTrL4Z+5+/Fe1/yzvsy7L+Ovti8902rZW/CMPEhgAAAAAAACUUFq/BpukE7fX03RiojFf9onYklbPLSw+P3fu4tmZiN31/4ccTJtXusca6SRLT+X/D9tM71uRfiEitkfEF5WRenri5LnqTNHBAwAAAAAAAAAAAAAAAAAAwAaxNZ//37xP9Z+Vxvx/oCR6eYM5YGPT/qG86u1/1S2egDJw/ofy0v6hvLR/KC/tH8pL+4fy0v6hvLR/KC/tHwAAAAA2pe3PXv85iYilV0bqS2Yo32ZGEGxug0VXAChMpegKAIW5felfZx9Kp6v+/z/5lwP2vjpAAZJ2mfXOQW3txn+97TMBAAAAAAAAAAAAgB7YtaPz/H9zg2FzM+0PyusB5v/76gB4yPnqfygvY3zgbrP4hzttMP8fAAAAAAAAAAAAAPpmtL4k6UQ+F3g00nRiIuLRiNgWg8ncfHV2MiIei4ifKoOPZOmpoisNAAAAAAAAAAAAAAAAAAAAm8zCpcunp6vV2QutK/+uytncK827oPahrFfjHp8VSf/flpGIKPyg9GxloCUniVjKjvyGqNiFhdgY1aivFPyHCQAAAAAAAAAAAAAAAAAASqhl7nF7O7/qc40AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoP/u3P+/dytFxwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJz+DwAA///LLUAr")

256.089336ms ago: executing program 0 (id=1104):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x172f, 0x501, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, '\v\tt1'}]}}, 0x0}, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x2ec})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='fsi_master_write\x00', r3}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r5, 0x12b084226d2dad07, 0x0, 0x0, {{}, {}, {0x0, 0x13, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000080000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/diskstats\x00', 0x0, 0x0)
read$char_usb(r8, &(0x7f0000001840)=""/4090, 0xffa)
preadv(r8, &(0x7f0000000040)=[{&(0x7f0000000180)=""/128, 0x80}], 0x1, 0xffffffff, 0x0)
bind$packet(r7, &(0x7f0000000180)={0x11, 0x4, 0x0, 0x1, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

255.191146ms ago: executing program 4 (id=1105):
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008000, &(0x7f0000000240)={[{@debug}, {@orlov}, {@nomblk_io_submit}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@lazytime}, {@usrquota}, {@usrquota}]}, 0x1, 0x5ba, &(0x7f0000001bc0)="$eJzs3c1vVFUbAPDnTD8olPdtIUbFhTQxBhKlpQUMMS5gTxr8iBs3VloIUqChNVo0sSS4MTFujDFx5UL8L5TIlpWuXLhxZUiIGpYmjrkzc0tb7rS0THsr9/dLht57zlzOczt9eu6cnnMngMoayv6pReyLiJkUMZAWFuu6o1U51Hzevb8+OpM9UtTrr/+RIrXK8uen1tf+1sF9EfHTjyn2dj3Y7uz81QsT09NTV1r7I3MXZ0Zm568eOn9x4tzUualLYy+NHT929Njx0cMdO9dT1999f+DT8be+/frvNPrdr+MpTsTuVt3S8+iUoRhqfk92LC/Pvq/HO91YSbpa57P0JU7dJQbEuuSvX09EPBUD0RX3X7yB+OTVUoMDNlU9RdSBikryHyoqvw7I39uvfB9cK+WqBNgKd082BwAezP/u5thg9DXGBnbdS7F0WCdFRCdG5rI2bt8av3721vj12KRxOKDYwrWIeLoo/1MjNwcbo/hZ/teW5X92XXC69TUrf22D7Q+t2Jf/sHWa+d+3ofx/e0n+v7PB9uU/AAAAAAAAdM7NkxHxYtHf/2uL83+iYP5Pf0Sc6ED7a//9r3anA80ABe6ejHilcP5vLZ/9O9jV2vpfYz5ATzp7fnrqcET8PyIORs+ObH90lTYOfbb3q3Z1+fy//JG1f7s1F7AVx53uFetnJyfmJh71vIGIu9cinimc/5sW+/9U0P9nvw9mHrKNvc/fON2ubu38BzZL/ZuIA4X9f1p8Tlr9/hwjjeuBkfyq4EHPfvj59+3al/9Qnqz/37V6/g+mpffrmV1/G0fmu+vt6jZ6/d+b3mjccqa3VfbBxNzcldGI3nSqKytdVj62/pjhcZTnQ54vWf4ffG718b+i6/+dEbGw4v9Ofy5fU5x78p/+39rFo/+H8mT5P7mu/n/9G2M3Bn9o1/7D9f9HG339wVaJ8T9o+jJP097l5QXp2F1UtdXxAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjoBYRuyPVhhe3a7Xh4Yj+iHgidtWmL8/OvXD28nuXJrO6xuf/1/JP+h1o7qf88/8Hl+yPrdg/EhF7IuKLrp2N/eEzl6cnyz55AAAAAAAAAAAAAAAAAAAA2Cb626z/z/zeVXZ0wKbrLjsAoDQF+f9zGXEAW0//D9Ul/6G65D9Ul/yH6pL/UF3yH6pL/kN1yX8AAAAAAHis7Nl/85cUEQsv72w8Mr2tup5SIwM2W63sAIDSuMUPVJepP1Bd3uMDaY36vrYHrXXkambOPMLBAAAAAAAAAAAAAFA5B/ZZ/w9VZf0/VJf1/1Bd+fr//SXHAWw97/GBWGMlf+H6/zWPAgAAAAAAAAAAAAA6aXb+6oWJ6empKzbe3B5hbOVGvV7/OPsp2C7x/Mc38qnw2yWeR9oo9/cSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw378BAAD//2QiJqY=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70200001400894fb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000ef1000030500"/20, @ANYRES32=0x0, @ANYBLOB="1544010000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r8], 0x44}}, 0x0)
pwrite64(r0, &(0x7f0000001800)="5fb00ccd60c040327087b79fe00f2e618acb65b4c0bcce6cc13eab546e77e8e21538c785a697244866ce27176897911e88f0c10d289912e82740747e2f17d638ee7744d78104c71da67e958e30371d4921b747bb0e6371f8842245b6d9e8f84c6ca2d4361dbdeda67252b2966b1d743ff89f6d0566c47e75f428cfbd52b636ec77beb9f90b5efe0b13dd3335ea8a472bb43a418044a643ae72996e306c34c6040000005913a07fde377f116428ba41fefadd65a6eb4f7d19bbc4531da9180ba01600"/227, 0xe3, 0x9000)

195.351381ms ago: executing program 2 (id=1106):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000fd00000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
timer_create(0xb, 0x0, 0x0)
clock_gettime(0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000880)={@flat=@handle={0x73682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0xfffffffffffffffe, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0})

790.73µs ago: executing program 3 (id=1107):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x1c}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1d, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1002, 0x3e, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = openat$cgroup(r1, &(0x7f0000000280)='syz0\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f00000003c0)='cpuset.memory_pressure\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, 0xffffffffffffffff, 0x0)
r5 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wake_unlock', 0x8042, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, &(0x7f0000000b00), 0x0}, 0x20)
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x3, 0x8, 0x5, 0x10006, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x1, 0x6, @void, @value, @value=r3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120020d9e13bb61072e60bf0efa3c90ac5efc189607aab60b71c23f6a1c59927af5fa8ba263b5cc6440baf50e4efafea574e600701143b321161a243459b1ef92c2e671dd0ba178bcc6abf33595b3aa1d721befa1086dd6da8ee2d441ab6a820d7f8b1d25dd64986c1532a1df7d1f0af086a184dafd6196f3d8f0bc03c71195a201daf6fa90ea237d68c", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

0s ago: executing program 1 (id=1108):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0xfffffffffffffffc, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x24, r3, 0x10, 0x70bd27, 0x25dfdbff, {{}, {}, {0x8, 0x11, 0xad7}}, ["", "", "", "", ""]}, 0x24}}, 0x40)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x530831e79ecb0511, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10)
mincore(&(0x7f0000f0c000/0x3000)=nil, 0x3000, 0x0)

kernel console output (not intermixed with test programs):

sconnect, device number 23
[  166.533215][   T24] audit: type=1400 audit(1727569178.840:851): avc:  denied  { create } for  pid=3240 comm="syz.3.746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  166.553466][   T24] audit: type=1400 audit(1727569178.840:852): avc:  denied  { write } for  pid=3240 comm="syz.3.746" path="socket:[28402]" dev="sockfs" ino=28402 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  166.578215][   T24] audit: type=1400 audit(1727569178.840:853): avc:  denied  { nlmsg_read } for  pid=3240 comm="syz.3.746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  166.828705][  T338] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.840315][  T338] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  166.850705][  T338] usb 3-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00
[  166.861425][  T338] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.870260][  T338] usb 3-1: config 0 descriptor??
[  167.204294][ T3254] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  167.211348][ T3254] IPv6: NLM_F_CREATE should be set when creating new route
[  167.358470][ T1713] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  167.409078][ T1713] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input14
[  167.419620][ T1713] usb 5-1: USB disconnect, device number 26
[  167.498383][  T338] usbhid 3-1:0.0: can't add hid device: -71
[  167.504874][  T338] usbhid: probe of 3-1:0.0 failed with error -71
[  167.516275][  T338] usb 3-1: USB disconnect, device number 24
[  167.618389][ T1008] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  167.663153][ T3264] EXT4-fs (loop2): error: journal path ./file0 is not a block device
[  167.794064][ T3275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.755'.
[  167.803002][ T3275] netlink: 12 bytes leftover after parsing attributes in process `syz.3.755'.
[  167.879858][   T24] audit: type=1107 audit(1727569180.180:854): pid=3263 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  168.168390][ T1008] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64
[  168.179715][ T1008] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  168.192675][ T1008] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  168.201643][ T1008] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.215794][ T1008] usb 1-1: config 0 descriptor??
[  168.490777][ T3298] syz.1.757[3298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  168.491598][ T3298] syz.1.757[3298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  168.556660][ T3300] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  168.797552][ T3258] netlink: 'syz.0.751': attribute type 4 has an invalid length.
[  168.819068][  T338] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  168.838789][ T1008] usb 1-1: string descriptor 0 read error: -71
[  168.871529][ T1008] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  168.881774][ T1008] usb 1-1: USB disconnect, device number 23
[  169.234660][ T3308] device bridge_slave_0 left promiscuous mode
[  169.241089][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.264800][  T338] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  169.275783][  T338] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  169.285648][  T338] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  169.308365][  T338] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  169.327814][  T338] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.349084][  T338] usb 3-1: config 0 descriptor??
[  169.439610][ T3312] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  169.477335][ T3316] x_tables: unsorted underflow at hook 3
[  169.490504][  T984] Bluetooth: hci0: sending frame failed (-49)
[  169.498339][ T1008] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  169.718353][ T1713] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  169.738385][ T1008] usb 4-1: Using ep0 maxpacket: 8
[  169.829051][  T338] prodikeys 0003:041E:2801.0022: unexpected long global item
[  169.836435][  T338] prodikeys 0003:041E:2801.0022: hid parse failed
[  169.842923][  T338] prodikeys: probe of 0003:041E:2801.0022 failed with error -22
[  169.858422][ T1008] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  169.869191][ T1008] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  169.878816][ T1008] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  169.888331][ T1008] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  169.897829][ T1008] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  169.907353][ T1008] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  170.029698][   T20] usb 3-1: USB disconnect, device number 25
[  170.079984][ T1713] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.090764][ T1008] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  170.099835][ T1713] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.109792][ T1008] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.117615][ T1713] usb 1-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[  170.126485][ T1008] usb 4-1: Product: syz
[  170.130747][ T1008] usb 4-1: Manufacturer: syz
[  170.135105][ T1008] usb 4-1: SerialNumber: syz
[  170.139579][ T1713] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.148363][ T1713] usb 1-1: config 0 descriptor??
[  170.217477][ T3320] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  170.589743][ T3323] EXT4-fs (loop2): error: journal path ./file0 is not a block device
[  170.650568][ T1713] wacom 0003:056A:0084.0023: hidraw0: USB HID v0.00 Device [HID 056a:0084] on usb-dummy_hcd.0-1/input0
[  170.838380][   T24] audit: type=1107 audit(1727569183.120:855): pid=3322 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  170.951603][ T3312] FAT-fs (loop0): error, clusters badly computed (1 != 0)
[  170.958834][ T1008] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS
[  170.964687][ T1008] cdc_ncm 4-1:1.0: bind() failure
[  170.970039][ T3312] FAT-fs (loop0): Filesystem has been set read-only
[  170.979015][ T3312] FAT-fs (loop0): error, clusters badly computed (2 != 1)
[  170.983830][ T1008] cdc_ncm 4-1:1.1: bind() failure
[  170.986761][ T3312] request_module fs-affs succeeded, but still no fs?
[  171.003371][   T15] usb 1-1: USB disconnect, device number 24
[  171.034002][ T1008] usb 4-1: USB disconnect, device number 28
[  171.408862][ T3333] exfat: Unknown parameter ''
[  171.536105][ T1713] Bluetooth: hci0: command 0x1003 tx timeout
[  171.551083][  T984] Bluetooth: hci0: sending frame failed (-49)
[  171.989300][   T24] audit: type=1326 audit(1727569184.290:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3332 comm="syz.2.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd46a1ff9 code=0x7ffc0000
[  172.013958][   T24] audit: type=1326 audit(1727569184.290:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3332 comm="syz.2.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd46a1ff9 code=0x7ffc0000
[  172.037979][   T24] audit: type=1326 audit(1727569184.290:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3332 comm="syz.2.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f7fd46a1ff9 code=0x7ffc0000
[  172.109298][   T24] audit: type=1326 audit(1727569184.290:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3332 comm="syz.2.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd46a1ff9 code=0x7ffc0000
[  172.136581][   T24] audit: type=1326 audit(1727569184.290:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3332 comm="syz.2.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd46a1ff9 code=0x7ffc0000
[  172.171310][   T24] audit: type=1326 audit(1727569184.290:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3332 comm="syz.2.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7fd46a1ff9 code=0x7ffc0000
[  172.195485][   T24] audit: type=1326 audit(1727569184.300:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3332 comm="syz.2.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd46a1ff9 code=0x7ffc0000
[  172.218797][   T24] audit: type=1326 audit(1727569184.300:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3332 comm="syz.2.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fd46a1ff9 code=0x7ffc0000
[  172.282992][ T3338] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  172.295014][ T3338] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  172.338576][ T3338] F2FS-fs (loop0): Found nat_bits in checkpoint
[  172.379007][ T3338] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  172.385940][ T3338] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  172.674527][ T3358] FAULT_INJECTION: forcing a failure.
[  172.674527][ T3358] name failslab, interval 1, probability 0, space 0, times 0
[  172.687174][ T3358] CPU: 1 PID: 3358 Comm: syz.2.774 Not tainted 5.10.225-syzkaller-00513-g8d23314f588a #0
[  172.696780][ T3358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  172.706666][ T3358] Call Trace:
[  172.709817][ T3358]  dump_stack_lvl+0x1e2/0x24b
[  172.714308][ T3358]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  172.719604][ T3358]  dump_stack+0x15/0x17
[  172.723593][ T3358]  should_fail+0x3c6/0x510
[  172.727850][ T3358]  ? dst_alloc+0x17d/0x590
[  172.732101][ T3358]  __should_failslab+0xa4/0xe0
[  172.736705][ T3358]  should_failslab+0x9/0x20
[  172.741042][ T3358]  kmem_cache_alloc+0x3d/0x2e0
[  172.745642][ T3358]  ? ip_mtu_from_fib_result+0x320/0x320
[  172.751024][ T3358]  dst_alloc+0x17d/0x590
[  172.755254][ T3358]  ip_route_output_key_hash_rcu+0x129a/0x20b0
[  172.761411][ T3358]  ip_route_output_flow+0x144/0x310
[  172.766452][ T3358]  ? array_map_lookup_elem+0xc5/0x140
[  172.771646][ T3358]  ? ipv4_sk_update_pmtu+0x1e40/0x1e40
[  172.776934][ T3358]  ? compat_start_thread+0x80/0x80
[  172.781904][ T3358]  tcp_v4_connect+0x6c0/0x1c30
[  172.786481][ T3358]  ? tcp_twsk_unique+0xa90/0xa90
[  172.791263][ T3358]  ? __kasan_check_write+0x14/0x20
[  172.796285][ T3358]  ? _raw_spin_lock_bh+0xa4/0x1b0
[  172.801151][ T3358]  __inet_stream_connect+0x276/0xd80
[  172.806276][ T3358]  ? local_bh_enable+0x1f/0x30
[  172.810866][ T3358]  ? lock_sock_nested+0x26a/0x300
[  172.815729][ T3358]  ? inet_dgram_connect+0x400/0x400
[  172.820763][ T3358]  ? irqentry_exit+0x4f/0x60
[  172.825184][ T3358]  ? sysvec_reschedule_ipi+0x83/0x160
[  172.830394][ T3358]  ? asm_sysvec_reschedule_ipi+0x12/0x20
[  172.835875][ T3358]  ? __inet_stream_connect+0xd80/0xd80
[  172.841159][ T3358]  inet_stream_connect+0x63/0xa0
[  172.845948][ T3358]  ? __inet_stream_connect+0xd80/0xd80
[  172.851232][ T3358]  __sys_connect+0x388/0x410
[  172.855652][ T3358]  ? fput_many+0x160/0x1b0
[  172.859900][ T3358]  ? __sys_connect_file+0x170/0x170
[  172.864942][ T3358]  ? fpu__clear_all+0x20/0x20
[  172.869447][ T3358]  ? __kasan_check_read+0x11/0x20
[  172.874320][ T3358]  __x64_sys_connect+0x7a/0x90
[  172.878914][ T3358]  do_syscall_64+0x34/0x70
[  172.883165][ T3358]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  172.888976][ T3358] RIP: 0033:0x7f7fd46a1ff9
[  172.893231][ T3358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.912670][ T3358] RSP: 002b:00007f7fd32d9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  172.920918][ T3358] RAX: ffffffffffffffda RBX: 00007f7fd485a130 RCX: 00007f7fd46a1ff9
[  172.928724][ T3358] RDX: 000000000000002a RSI: 0000000020000180 RDI: 000000000000000a
[  172.936538][ T3358] RBP: 00007f7fd32d9090 R08: 0000000000000000 R09: 0000000000000000
[  172.944370][ T3358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.952162][ T3358] R13: 0000000000000000 R14: 00007f7fd485a130 R15: 00007ffeb3fc1b58
[  173.032111][ T3361] netlink: 'syz.0.772': attribute type 4 has an invalid length.
[  173.578319][  T375] Bluetooth: hci0: command 0x1001 tx timeout
[  173.599507][  T984] Bluetooth: hci0: sending frame failed (-49)
[  173.652766][ T3371] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  174.151475][   T24] audit: type=1326 audit(1727569186.460:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3374 comm="syz.0.780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b5cabff9 code=0x7ffc0000
[  174.172771][   T15] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  174.309841][ T3375] exfat: Deprecated parameter 'utf8'
[  174.309985][ T3377] EXT4-fs (loop2): error: journal path ./file0 is not a block device
[  174.315072][ T3375] exfat: Deprecated parameter 'namecase'
[  174.328620][ T3375] exfat: Deprecated parameter 'namecase'
[  174.334170][ T3375] exfat: Deprecated parameter 'utf8'
[  174.360695][ T3375] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x822ffc2e, utbl_chksum : 0xe619d30d)
[  174.458378][   T15] usb 2-1: Using ep0 maxpacket: 8
[  175.984543][   T15] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  175.994488][   T15] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  176.017110][    T5] Bluetooth: hci0: command 0x1009 tx timeout
[  176.048329][   T15] usb 2-1: string descriptor 0 read error: -71
[  176.054354][   T15] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  176.063528][   T15] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.328400][   T15] usb 2-1: can't set config #1, error -71
[  176.334607][   T15] usb 2-1: USB disconnect, device number 24
[  176.442942][ T3413] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d)
[  176.458337][    T5] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  176.518298][   T20] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  176.607897][ T3416] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  176.758325][   T20] usb 1-1: Using ep0 maxpacket: 32
[  176.858314][    T5] usb 4-1: Using ep0 maxpacket: 8
[  176.929628][   T24] kauditd_printk_skb: 72 callbacks suppressed
[  176.929640][   T24] audit: type=1326 audit(1727569189.240:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3423 comm="syz.1.792" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff2be1acff9 code=0x0
[  176.958338][   T20] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  176.958359][   T20] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  177.018427][    T5] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.029308][    T5] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.039035][    T5] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  177.048550][    T5] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  177.058048][    T5] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  177.067539][    T5] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  177.208376][   T20] usb 1-1: string descriptor 0 read error: -22
[  177.214459][   T20] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  177.223273][   T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.259120][    T5] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  177.268099][    T5] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.269365][   T20] usb 1-1: 0:2 : does not exist
[  177.277187][    T5] usb 4-1: Product: syz
[  177.284628][    T5] usb 4-1: Manufacturer: syz
[  177.289583][    T5] usb 4-1: SerialNumber: syz
[  177.340058][ T3429] EXT4-fs (loop2): error: journal path ./file0 is not a block device
[  177.595438][ T1008] usb 1-1: USB disconnect, device number 25
[  177.618364][   T24] audit: type=1107 audit(1727569189.870:938): pid=3428 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  177.784200][   T24] audit: type=1400 audit(1727569190.090:939): avc:  denied  { write } for  pid=3435 comm="syz.1.796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  177.803816][   T24] audit: type=1400 audit(1727569190.090:940): avc:  denied  { bind } for  pid=3435 comm="syz.1.796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  177.823522][   T24] audit: type=1400 audit(1727569190.090:941): avc:  denied  { name_bind } for  pid=3435 comm="syz.1.796" src=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  177.845016][   T24] audit: type=1400 audit(1727569190.090:942): avc:  denied  { node_bind } for  pid=3435 comm="syz.1.796" src=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  177.865887][   T24] audit: type=1400 audit(1727569190.090:943): avc:  denied  { create } for  pid=3435 comm="syz.1.796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  178.266226][    T5] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS
[  178.272253][    T5] cdc_ncm 4-1:1.0: bind() failure
[  178.279514][    T5] cdc_ncm 4-1:1.1: bind() failure
[  178.285642][    T5] usb 4-1: USB disconnect, device number 29
[  178.344659][   T24] audit: type=1326 audit(1727569190.650:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3449 comm="syz.0.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b5cabff9 code=0x7ffc0000
[  178.368638][   T24] audit: type=1326 audit(1727569190.670:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3449 comm="syz.0.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65b5cabff9 code=0x7ffc0000
[  178.392474][   T24] audit: type=1326 audit(1727569190.670:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3449 comm="syz.0.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65b5cabff9 code=0x7ffc0000
[  178.403342][ T3453] EXT4-fs (loop0): Test dummy encryption mode enabled
[  178.423967][ T3453] EXT4-fs error (device loop0): __ext4_iget:4986: inode #11: block 1: comm syz.0.801: invalid block
[  178.434967][ T3453] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.801: couldn't read orphan inode 11 (err -117)
[  178.447447][ T3453] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue
[  179.353508][ T3469] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.360767][ T3469] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.368189][ T3469] device bridge_slave_0 entered promiscuous mode
[  179.375613][ T3469] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.382910][ T3469] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.390791][ T3469] device bridge_slave_1 entered promiscuous mode
[  179.393538][ T3474] EXT4-fs (loop2): error: journal path ./file0 is not a block device
[  179.584447][ T3482] hub 6-0:1.0: USB hub found
[  179.642841][ T3482] hub 6-0:1.0: 1 port detected
[  179.879510][ T3469] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.886386][ T3469] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.893479][ T3469] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.900278][ T3469] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.943886][  T464] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.951476][  T464] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.959345][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  179.966841][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  179.974237][ T3486] EXT4-fs (loop0): error: journal path ./file0 is not a block device
[  179.985330][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  179.993364][  T478] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.000216][  T478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.014281][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  180.022925][  T464] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.029785][  T464] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.504013][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  180.523352][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  180.536974][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  180.555160][ T1538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  180.563656][ T1538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  180.576900][ T3469] device veth0_vlan entered promiscuous mode
[  180.583590][ T1538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  180.591405][ T1538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  180.596444][ T3505] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.814: casefold flag without casefold feature
[  180.611669][ T3505] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.814: missing EA_INODE flag
[  180.623148][ T3505] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.814: error while reading EA inode 12 err=-117
[  180.635370][ T3505] EXT4-fs (loop2): 1 orphan inode deleted
[  180.640588][ T1538] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  180.640962][ T3505] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue
[  180.648831][ T1538] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  180.665693][ T1538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  180.674381][ T1538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  180.715594][ T3469] device veth1_macvtap entered promiscuous mode
[  180.984903][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  180.993316][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  181.001602][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  181.025568][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  181.036179][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  181.091143][ T3522] EXT4-fs error (device loop4): ext4_fill_super:4955: inode #2: comm syz.4.806: casefold flag without casefold feature
[  181.104502][ T3522] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  181.117219][ T3522] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  181.148874][ T3527] x_tables: unsorted underflow at hook 3
[  181.169630][  T984] Bluetooth: hci0: sending frame failed (-49)
[  181.189229][  T478] device bridge_slave_1 left promiscuous mode
[  181.196320][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.207067][  T478] device bridge_slave_0 left promiscuous mode
[  181.216344][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.227494][  T478] device veth1_macvtap left promiscuous mode
[  181.233533][  T478] device veth0_vlan left promiscuous mode
[  181.318374][    T5] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  181.344546][ T3530] netlink: 112 bytes leftover after parsing attributes in process `syz.4.819'.
[  181.383256][ T3530] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  181.448783][ T3533] serio: Serial port ptm1
[  181.918408][    T5] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  181.944730][    T5] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  181.953580][    T5] usb 3-1: New USB device found, idVendor=1a7d, idProduct=30d4, bcdDevice= 0.00
[  181.962695][    T5] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.978536][    T5] usb 3-1: config 0 descriptor??
[  182.502691][ T3557] netlink: 'syz.2.818': attribute type 4 has an invalid length.
[  182.510223][ T3557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.818'.
[  183.040341][ T3561] EXT4-fs (loop4): error: journal path ./file0 is not a block device
[  183.128367][  T505] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  183.178342][  T312] Bluetooth: hci0: command 0x1003 tx timeout
[  183.184264][  T984] Bluetooth: hci0: sending frame failed (-49)
[  183.290802][   T24] kauditd_printk_skb: 31 callbacks suppressed
[  183.290826][   T24] audit: type=1107 audit(1727569195.590:978): pid=3559 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  183.368382][  T505] usb 2-1: Using ep0 maxpacket: 16
[  183.488360][  T505] usb 2-1: config 0 has no interfaces?
[  183.648374][  T505] usb 2-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40
[  183.657376][  T505] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.665585][  T505] usb 2-1: Product: syz
[  183.670008][  T505] usb 2-1: Manufacturer: syz
[  183.674441][  T505] usb 2-1: SerialNumber: syz
[  183.679532][  T505] usb 2-1: config 0 descriptor??
[  184.173527][  T287] usb 3-1: USB disconnect, device number 26
[  184.277437][   T24] audit: type=1400 audit(1727569196.580:979): avc:  denied  { bind } for  pid=3577 comm="syz.2.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  184.840746][ T3586] FAULT_INJECTION: forcing a failure.
[  184.840746][ T3586] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  184.853671][ T3586] CPU: 1 PID: 3586 Comm: syz.3.831 Not tainted 5.10.225-syzkaller-00513-g8d23314f588a #0
[  184.863229][ T3586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  184.873120][ T3586] Call Trace:
[  184.876270][ T3586]  dump_stack_lvl+0x1e2/0x24b
[  184.880765][ T3586]  ? panic+0x812/0x812
[  184.884666][ T3586]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  184.889968][ T3586]  ? ___ratelimit+0xb5/0x580
[  184.894387][ T3586]  dump_stack+0x15/0x17
[  184.898379][ T3586]  should_fail+0x3c6/0x510
[  184.902642][ T3586]  should_fail_usercopy+0x1a/0x20
[  184.907503][ T3586]  strncpy_from_user+0x24/0x2d0
[  184.912373][ T3586]  ? getname_flags+0xba/0x520
[  184.916887][ T3586]  getname_flags+0xf2/0x520
[  184.921218][ T3586]  user_path_at_empty+0x2d/0x50
[  184.925994][ T3586]  __se_sys_mount+0x285/0x3b0
[  184.930509][ T3586]  ? __x64_sys_mount+0xd0/0xd0
[  184.935101][ T3586]  __x64_sys_mount+0xbf/0xd0
[  184.939527][ T3586]  do_syscall_64+0x34/0x70
[  184.943781][ T3586]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  184.949504][ T3586] RIP: 0033:0x7f0fdb622ff9
[  184.953765][ T3586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.973287][ T3586] RSP: 002b:00007f0fda25a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  184.981543][ T3586] RAX: ffffffffffffffda RBX: 00007f0fdb7db130 RCX: 00007f0fdb622ff9
[  184.989340][ T3586] RDX: 0000000020000340 RSI: 0000000020000100 RDI: 0000000020000040
[  184.997153][ T3586] RBP: 00007f0fda25a090 R08: 0000000000000000 R09: 0000000000000000
[  185.004979][ T3586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  185.012785][ T3586] R13: 0000000000000000 R14: 00007f0fdb7db130 R15: 00007ffe6c170228
[  185.055974][ T3588] EXT4-fs (loop2): orphan cleanup on readonly fs
[  185.062871][ T3588] EXT4-fs error (device loop2): ext4_ext_check_inode:500: inode #4: comm syz.2.833: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048)
[  185.081373][ T3588] EXT4-fs error (device loop2): ext4_quota_enable:6426: comm syz.2.833: Bad quota inode: 4, type: 1
[  185.093081][ T3588] EXT4-fs warning (device loop2): ext4_enable_quotas:6467: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  185.107785][ T3588] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  185.114402][ T3588] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  185.258372][  T312] Bluetooth: hci0: command 0x1001 tx timeout
[  185.264263][  T984] Bluetooth: hci0: sending frame failed (-49)
[  185.421729][  T505] usb 2-1: USB disconnect, device number 25
[  185.431475][   T24] audit: type=1326 audit(1727569197.740:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3596 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2be1acff9 code=0x7ffc0000
[  185.457559][   T24] audit: type=1326 audit(1727569197.740:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3596 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2be1acff9 code=0x7ffc0000
[  185.482274][   T24] audit: type=1326 audit(1727569197.740:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3596 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff2be1ab990 code=0x7ffc0000
[  185.505790][   T24] audit: type=1326 audit(1727569197.740:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3596 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff2be1ab990 code=0x7ffc0000
[  185.529257][   T24] audit: type=1326 audit(1727569197.740:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3596 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2be1acff9 code=0x7ffc0000
[  185.552806][   T24] audit: type=1326 audit(1727569197.740:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3596 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2be1acff9 code=0x7ffc0000
[  185.570951][ T3603] FAULT_INJECTION: forcing a failure.
[  185.570951][ T3603] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  185.588842][   T24] audit: type=1326 audit(1727569197.740:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3596 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7ff2be1acff9 code=0x7ffc0000
[  185.593978][ T3603] CPU: 1 PID: 3603 Comm: syz.3.837 Not tainted 5.10.225-syzkaller-00513-g8d23314f588a #0
[  185.621645][ T3603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  185.631538][ T3603] Call Trace:
[  185.632427][   T24] audit: type=1326 audit(1727569197.740:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3596 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2be1acff9 code=0x7ffc0000
[  185.634835][ T3603]  dump_stack_lvl+0x1e2/0x24b
[  185.634851][ T3603]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  185.667738][ T3603]  dump_stack+0x15/0x17
[  185.671777][ T3603]  should_fail+0x3c6/0x510
[  185.675986][ T3603]  should_fail_usercopy+0x1a/0x20
[  185.680840][ T3603]  _copy_to_user+0x20/0x90
[  185.685099][ T3603]  simple_read_from_buffer+0xc7/0x150
[  185.690389][ T3603]  proc_fail_nth_read+0x1a3/0x210
[  185.695238][ T3603]  ? proc_fault_inject_write+0x390/0x390
[  185.700704][ T3603]  ? security_file_permission+0x86/0xb0
[  185.706216][ T3603]  ? rw_verify_area+0x1c3/0x360
[  185.710904][ T3603]  ? proc_fault_inject_write+0x390/0x390
[  185.716368][ T3603]  vfs_read+0x200/0xba0
[  185.720364][ T3603]  ? kernel_read+0x70/0x70
[  185.724769][ T3603]  ? __kasan_check_write+0x14/0x20
[  185.729711][ T3603]  ? mutex_lock+0xa5/0x110
[  185.733966][ T3603]  ? mutex_trylock+0xa0/0xa0
[  185.738396][ T3603]  ? __fdget_pos+0x2e7/0x3a0
[  185.742814][ T3603]  ? ksys_read+0x77/0x2c0
[  185.746980][ T3603]  ksys_read+0x199/0x2c0
[  185.751058][ T3603]  ? vfs_write+0xe70/0xe70
[  185.755317][ T3603]  ? __se_sys_ioctl+0x1f/0x190
[  185.759915][ T3603]  ? debug_smp_processor_id+0x17/0x20
[  185.765117][ T3603]  __x64_sys_read+0x7b/0x90
[  185.769460][ T3603]  do_syscall_64+0x34/0x70
[  185.773717][ T3603]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  185.779438][ T3603] RIP: 0033:0x7f0fdb621a3c
[  185.783695][ T3603] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  185.803229][ T3603] RSP: 002b:00007f0fda29c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  185.811463][ T3603] RAX: ffffffffffffffda RBX: 00007f0fdb7daf80 RCX: 00007f0fdb621a3c
[  185.819276][ T3603] RDX: 000000000000000f RSI: 00007f0fda29c0a0 RDI: 0000000000000003
[  185.827086][ T3603] RBP: 00007f0fda29c090 R08: 0000000000000000 R09: 0000000000000000
[  185.834987][ T3603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.842798][ T3603] R13: 0000000000000000 R14: 00007f0fdb7daf80 R15: 00007ffe6c170228
[  185.912641][ T3605] EXT4-fs (loop4): error: journal path ./file0 is not a block device
[  185.948080][ T3610] FAULT_INJECTION: forcing a failure.
[  185.948080][ T3610] name failslab, interval 1, probability 0, space 0, times 0
[  185.960592][ T3610] CPU: 1 PID: 3610 Comm: syz.2.840 Not tainted 5.10.225-syzkaller-00513-g8d23314f588a #0
[  185.970104][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  185.979990][ T3610] Call Trace:
[  185.983122][ T3610]  dump_stack_lvl+0x1e2/0x24b
[  185.987631][ T3610]  ? panic+0x812/0x812
[  185.991537][ T3610]  ? arch_stack_walk+0xf3/0x140
[  185.996220][ T3610]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  186.001518][ T3610]  dump_stack+0x15/0x17
[  186.005506][ T3610]  should_fail+0x3c6/0x510
[  186.009763][ T3610]  ? __alloc_skb+0x80/0x510
[  186.014104][ T3610]  __should_failslab+0xa4/0xe0
[  186.018705][ T3610]  should_failslab+0x9/0x20
[  186.023044][ T3610]  kmem_cache_alloc+0x3d/0x2e0
[  186.027643][ T3610]  __alloc_skb+0x80/0x510
[  186.031809][ T3610]  netlink_dump+0x2c6/0xd30
[  186.036147][ T3610]  ? refcount_inc+0x80/0x80
[  186.040494][ T3610]  ? mutex_trylock+0xa0/0xa0
[  186.045002][ T3610]  ? __netlink_lookup+0x37b/0x3a0
[  186.049865][ T3610]  __netlink_dump_start+0x617/0x840
[  186.054898][ T3610]  rtnetlink_rcv_msg+0xb3c/0xc50
[  186.059672][ T3610]  ? is_bpf_text_address+0x172/0x190
[  186.064790][ T3610]  ? rtm_get_nexthop+0x3e0/0x3e0
[  186.069570][ T3610]  ? rtnetlink_bind+0x80/0x80
[  186.074079][ T3610]  ? arch_stack_walk+0xf3/0x140
[  186.078778][ T3610]  ? stack_trace_save+0x113/0x1c0
[  186.083626][ T3610]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  186.089614][ T3610]  ? stack_trace_snprint+0xf0/0xf0
[  186.094563][ T3610]  ? avc_has_perm+0x14d/0x400
[  186.099075][ T3610]  ? memcpy+0x56/0x70
[  186.102893][ T3610]  ? avc_has_perm+0x275/0x400
[  186.107406][ T3610]  ? __kasan_slab_alloc+0xb1/0xe0
[  186.112266][ T3610]  ? slab_post_alloc_hook+0x61/0x2f0
[  186.117386][ T3610]  ? kmem_cache_alloc+0x168/0x2e0
[  186.122249][ T3610]  ? avc_has_perm_noaudit+0x240/0x240
[  186.127544][ T3610]  ? rtm_get_nexthop+0x3e0/0x3e0
[  186.132320][ T3610]  ? iov_iter_advance+0x258/0xb20
[  186.137180][ T3610]  netlink_rcv_skb+0x1cf/0x410
[  186.141789][ T3610]  ? rtnetlink_bind+0x80/0x80
[  186.146291][ T3610]  ? netlink_ack+0xb30/0xb30
[  186.150719][ T3610]  ? __netlink_lookup+0x37b/0x3a0
[  186.155600][ T3610]  rtnetlink_rcv+0x1c/0x20
[  186.159846][ T3610]  netlink_unicast+0x8df/0xac0
[  186.164435][ T3610]  ? netlink_detachskb+0x90/0x90
[  186.169215][ T3610]  ? security_netlink_send+0x7b/0xa0
[  186.174324][ T3610]  netlink_sendmsg+0xa46/0xd00
[  186.178929][ T3610]  ? netlink_getsockopt+0x5c0/0x5c0
[  186.184057][ T3610]  ? kmem_cache_free+0xa9/0x1e0
[  186.188754][ T3610]  ? security_socket_sendmsg+0x82/0xb0
[  186.194038][ T3610]  ? netlink_getsockopt+0x5c0/0x5c0
[  186.199071][ T3610]  ____sys_sendmsg+0x59e/0x8f0
[  186.203674][ T3610]  ? __sys_sendmsg_sock+0x40/0x40
[  186.208531][ T3610]  ? import_iovec+0xe5/0x120
[  186.212959][ T3610]  ___sys_sendmsg+0x252/0x2e0
[  186.217472][ T3610]  ? __sys_sendmsg+0x280/0x280
[  186.222079][ T3610]  ? rw_verify_area+0x1c3/0x360
[  186.226762][ T3610]  ? __fdget+0x1bc/0x240
[  186.230841][ T3610]  __se_sys_sendmsg+0x1b1/0x280
[  186.235524][ T3610]  ? __x64_sys_sendmsg+0x90/0x90
[  186.240297][ T3610]  ? ksys_write+0x260/0x2c0
[  186.244642][ T3610]  ? debug_smp_processor_id+0x17/0x20
[  186.249848][ T3610]  __x64_sys_sendmsg+0x7b/0x90
[  186.254445][ T3610]  do_syscall_64+0x34/0x70
[  186.258703][ T3610]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  186.264425][ T3610] RIP: 0033:0x7f7fd46a1ff9
[  186.268683][ T3610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.288469][ T3610] RSP: 002b:00007f7fd331b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  186.296711][ T3610] RAX: ffffffffffffffda RBX: 00007f7fd4859f80 RCX: 00007f7fd46a1ff9
[  186.304520][ T3610] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  186.312341][ T3610] RBP: 00007f7fd331b090 R08: 0000000000000000 R09: 0000000000000000
[  186.320144][ T3610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.327955][ T3610] R13: 0000000000000000 R14: 00007f7fd4859f80 R15: 00007ffeb3fc1b58
[  186.488411][  T287] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  186.488429][  T505] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  186.666402][ T3621] netlink: 'syz.4.843': attribute type 5 has an invalid length.
[  186.674726][ T3621] netlink: 12 bytes leftover after parsing attributes in process `syz.4.843'.
[  186.859073][  T505] usb 2-1: Using ep0 maxpacket: 8
[  186.938390][  T287] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  186.949114][  T287] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  186.958328][  T312] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  186.958726][  T287] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  186.975106][  T287] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.983487][  T287] usb 4-1: config 0 descriptor??
[  186.998425][  T505] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  187.006483][  T505] usb 2-1: config 179 has no interface number 0
[  187.012646][  T505] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  187.023550][  T505] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  187.035246][  T505] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  187.046221][  T505] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  187.057425][  T505] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  187.070606][  T505] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  187.079415][  T505] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.098415][ T3601] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  187.234862][ T3625] netlink: 72 bytes leftover after parsing attributes in process `syz.2.845'.
[  187.318363][  T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.330833][  T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  187.343147][  T312] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  187.356025][  T312] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  187.365053][  T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.373631][    T5] Bluetooth: hci0: command 0x1009 tx timeout
[  187.383629][  T312] usb 5-1: config 0 descriptor??
[  187.481954][  T287] waltop 0003:172F:0501.0024: hidraw0: USB HID v0.00 Device [HID 172f:0501] on usb-dummy_hcd.3-1/input0
[  187.659061][  T287] usb 2-1: USB disconnect, device number 26
[  187.678330][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  187.859128][  T312] prodikeys 0003:041E:2801.0025: unexpected long global item
[  187.868500][  T312] prodikeys 0003:041E:2801.0025: hid parse failed
[  187.878449][  T312] prodikeys: probe of 0003:041E:2801.0025 failed with error -22
[  188.061650][  T287] usb 5-1: USB disconnect, device number 27
[  188.458525][ T1008] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  188.718381][ T1008] usb 3-1: Using ep0 maxpacket: 8
[  188.881792][ T1008] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.892683][ T1008] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.902278][ T1008] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  188.911829][ T1008] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  188.921444][ T1008] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  188.930907][ T1008] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  189.029268][  T312] usb 4-1: USB disconnect, device number 30
[  189.118370][ T1008] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  189.127276][ T1008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.135090][ T1008] usb 3-1: Product: syz
[  189.139048][ T1008] usb 3-1: Manufacturer: syz
[  189.143452][ T1008] usb 3-1: SerialNumber: syz
[  189.216289][   T24] kauditd_printk_skb: 28 callbacks suppressed
[  189.216329][   T24] audit: type=1107 audit(1727569201.520:1016): pid=3652 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  189.352844][   T24] audit: type=1107 audit(1727569201.660:1017): pid=3657 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  189.648341][    T5] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  189.908412][ T1008] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[  189.914627][ T1008] cdc_ncm 3-1:1.0: bind() failure
[  189.926149][ T1008] cdc_ncm 3-1:1.1: bind() failure
[  189.967937][ T1008] usb 3-1: USB disconnect, device number 27
[  190.103628][ T3667] hub 6-0:1.0: USB hub found
[  190.108625][ T3667] hub 6-0:1.0: 1 port detected
[  190.290978][    T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.301766][    T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.318227][    T5] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  190.327331][    T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.336251][    T5] usb 2-1: config 0 descriptor??
[  190.343747][ T3669] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  190.815251][   T24] audit: type=1400 audit(1727569203.120:1018): avc:  denied  { read } for  pid=3679 comm="syz.3.861" name="loop-control" dev="devtmpfs" ino=110 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  190.846349][   T24] audit: type=1400 audit(1727569203.150:1019): avc:  denied  { open } for  pid=3679 comm="syz.3.861" path="/dev/loop-control" dev="devtmpfs" ino=110 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  190.862328][ T3681] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.872543][   T24] audit: type=1400 audit(1727569203.150:1020): avc:  denied  { ioctl } for  pid=3679 comm="syz.3.861" path="/dev/loop-control" dev="devtmpfs" ino=110 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  190.879571][ T3681] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.910907][ T3681] device bridge_slave_0 entered promiscuous mode
[  190.917667][ T3681] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.924574][ T3681] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.931757][ T3681] device bridge_slave_1 entered promiscuous mode
[  190.963695][ T3681] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.970554][ T3681] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.977634][ T3681] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.984455][ T3681] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.002947][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.008321][ T1008] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  191.017410][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.024972][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.032351][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.041277][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.049289][  T478] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.056111][  T478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.064934][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  191.073087][  T478] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.079939][  T478] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.087254][    T5] usb 2-1: string descriptor 0 read error: -22
[  191.094734][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  191.104027][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  191.117798][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  191.125884][  T287] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  191.132278][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  191.141373][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  191.148801][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  191.157229][ T3681] device veth0_vlan entered promiscuous mode
[  191.167310][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  191.176258][ T3681] device veth1_macvtap entered promiscuous mode
[  191.185695][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  191.195613][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  191.258290][ T1008] usb 3-1: Using ep0 maxpacket: 32
[  191.418608][ T1008] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  191.437155][ T1008] usb 3-1: config 0 has no interface number 0
[  191.488447][  T287] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.517818][  T287] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  191.564109][  T287] usb 4-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00
[  191.606009][  T287] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.618405][ T1008] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  191.868403][    T5] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0026/input/input18
[  191.878297][ T1008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.889600][    T5] uclogic 0003:256C:006D.0026: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.1-1/input0
[  191.896671][ T1008] usb 3-1: Product: syz
[  191.905902][  T287] usb 4-1: config 0 descriptor??
[  191.913810][ T1008] usb 3-1: Manufacturer: syz
[  191.918212][ T1008] usb 3-1: SerialNumber: syz
[  191.929840][ T1008] usb 3-1: config 0 descriptor??
[  191.973749][ T1008] smsc95xx v2.0.0
[  192.652434][ T3701] FAULT_INJECTION: forcing a failure.
[  192.652434][ T3701] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  192.665384][ T3701] CPU: 1 PID: 3701 Comm: syz.4.864 Not tainted 5.10.225-syzkaller-00513-g8d23314f588a #0
[  192.674983][ T3701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  192.684873][ T3701] Call Trace:
[  192.688007][ T3701]  dump_stack_lvl+0x1e2/0x24b
[  192.692511][ T3701]  ? panic+0x812/0x812
[  192.696478][ T3701]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  192.701725][ T3701]  dump_stack+0x15/0x17
[  192.705719][ T3701]  should_fail+0x3c6/0x510
[  192.710129][ T3701]  should_fail_usercopy+0x1a/0x20
[  192.714989][ T3701]  strncpy_from_user+0x24/0x2d0
[  192.719670][ T3701]  ? getname_flags+0xba/0x520
[  192.724183][ T3701]  getname_flags+0xf2/0x520
[  192.728531][ T3701]  getname+0x19/0x20
[  192.732251][ T3701]  do_sys_openat2+0xd7/0x710
[  192.736680][ T3701]  ? mutex_trylock+0xa0/0xa0
[  192.741104][ T3701]  ? do_sys_open+0x220/0x220
[  192.745562][ T3701]  ? __kasan_check_write+0x14/0x20
[  192.750479][ T3701]  ? ksys_write+0x260/0x2c0
[  192.754818][ T3701]  __x64_sys_open+0x221/0x270
[  192.759333][ T3701]  ? do_sys_openat2+0x710/0x710
[  192.764019][ T3701]  ? debug_smp_processor_id+0x17/0x20
[  192.769230][ T3701]  do_syscall_64+0x34/0x70
[  192.773664][ T3701]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  192.779392][ T3701] RIP: 0033:0x7f5468005ff9
[  192.783643][ T3701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.803094][ T3701] RSP: 002b:00007f5466c7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  192.811347][ T3701] RAX: ffffffffffffffda RBX: 00007f54681bdf80 RCX: 00007f5468005ff9
[  192.819153][ T3701] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200
[  192.826954][ T3701] RBP: 00007f5466c7f090 R08: 0000000000000000 R09: 0000000000000000
[  192.834762][ T3701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  192.842577][ T3701] R13: 0000000000000000 R14: 00007f54681bdf80 R15: 00007ffc8e2fd4b8
[  192.851693][ T3677] udc-core: couldn't find an available UDC or it's busy
[  192.858692][ T3677] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  192.888949][  T478] device bridge_slave_1 left promiscuous mode
[  192.894953][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.902476][  T478] device bridge_slave_0 left promiscuous mode
[  192.908600][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.916692][  T478] device veth1_macvtap left promiscuous mode
[  192.922621][  T478] device veth0_vlan left promiscuous mode
[  193.044737][ T3707] xt_bpf: check failed: parse error
[  193.168525][  T287] usbhid 4-1:0.0: can't add hid device: -71
[  193.185848][  T287] usbhid: probe of 4-1:0.0 failed with error -71
[  193.242155][  T287] usb 4-1: USB disconnect, device number 31
[  193.522471][ T3711] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  193.604052][   T20] usb 2-1: USB disconnect, device number 27
[  193.615554][ T3713] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  193.928372][ T1008] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  193.943490][ T3721] exfat: Unknown parameter '0000000000000000000000400000000000000000000004'
[  193.952141][ T1008] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  194.006688][ T1008] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  194.028402][ T1008] smsc95xx: probe of 3-1:0.67 failed with error -71
[  194.041736][ T1008] usb 3-1: USB disconnect, device number 28
[  194.168669][ T3735] x_tables: unsorted underflow at hook 3
[  194.479229][  T478] Bluetooth: hci0: Frame reassembly failed (-84)
[  194.888567][   T20] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  195.061021][ T3743] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  195.071237][ T3743] SELinux: failed to load policy
[  195.151056][ T3747] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  195.595057][   T20] usb 2-1: Using ep0 maxpacket: 8
[  195.704283][ T3758] hub 6-0:1.0: USB hub found
[  195.709799][ T3758] hub 6-0:1.0: 1 port detected
[  196.015075][   T20] usb 2-1: config 1 interface 0 altsetting 178 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  196.026736][   T20] usb 2-1: config 1 interface 0 altsetting 178 endpoint 0x2 has an invalid bInterval 38, changing to 9
[  196.037966][   T20] usb 2-1: config 1 interface 0 has no altsetting 0
[  196.153484][ T3765] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  196.254891][ T3767] overlayfs: failed to resolve './file1': -2
[  196.261261][   T20] usb 2-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.40
[  196.351514][   T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.361167][ T3769] serio: Serial port ptm1
[  196.365339][   T20] usb 2-1: Product: syz
[  196.369626][   T20] usb 2-1: SerialNumber: syz
[  196.490923][ T3776] EXT4-fs error (device loop2): ext4_fill_super:4955: inode #2: comm syz.2.885: casefold flag without casefold feature
[  196.503708][ T3776] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  196.513690][ T3776] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  196.538513][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  196.548125][ T3774] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  196.559319][  T984] Bluetooth: hci0: sending frame failed (-49)
[  196.571462][ T3774] EXT4-fs (loop0): 1 truncate cleaned up
[  196.576942][ T3774] EXT4-fs (loop0): mounted filesystem without journal. Opts: data=journal,jqfmt=vfsv0,errors=continue,nodelalloc,init_itable=0x0000000000000004,acl,,errors=continue
[  197.159614][ T3793] syz.0.886 uses obsolete (PF_INET,SOCK_PACKET)
[  197.198854][ T3793] erofs: (device loop0): mounted with root inode @ nid 36.
[  197.208492][ T1439] EXT4-fs error (device loop2): __ext4_iget:4986: inode #13: block 837120: comm syz-executor: invalid block
[  197.220363][ T1439] EXT4-fs error (device loop2): __ext4_iget:4986: inode #13: block 837120: comm syz-executor: invalid block
[  197.251494][ T1538] tipc: Disabling bearer <udp:syz0>
[  197.257525][ T1538] tipc: Left network mode
[  197.365972][ T3800] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.372923][ T3800] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.380172][ T3800] device bridge_slave_0 entered promiscuous mode
[  197.386857][ T3800] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.393929][ T3800] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.401082][ T3800] device bridge_slave_1 entered promiscuous mode
[  197.435312][ T3800] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.442196][ T3800] bridge0: port 2(bridge_slave_1) entered forwarding state
[  197.449276][ T3800] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.456041][ T3800] bridge0: port 1(bridge_slave_0) entered forwarding state
[  197.475821][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  197.483180][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.490369][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.499526][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  197.507574][  T478] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.514418][  T478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  197.524788][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  197.533008][  T478] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.539846][  T478] bridge0: port 2(bridge_slave_1) entered forwarding state
[  197.554256][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  197.563368][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  197.577054][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  197.588803][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  197.596756][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  197.604427][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  197.614314][ T3800] device veth0_vlan entered promiscuous mode
[  197.620274][    T5] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  197.627144][ T3800] device veth1_macvtap entered promiscuous mode
[  197.634710][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  197.646190][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  197.657614][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  197.809196][ T1538] device bridge_slave_1 left promiscuous mode
[  197.815657][ T1538] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.824813][ T1538] device bridge_slave_0 left promiscuous mode
[  197.830954][ T1538] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.839185][ T1538] device veth1_macvtap left promiscuous mode
[  197.898569][    T5] usb 4-1: Using ep0 maxpacket: 16
[  197.942301][ T3806] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  197.949324][ T3806] IPv6: NLM_F_CREATE should be set when creating new route
[  198.042390][ T3811] FAULT_INJECTION: forcing a failure.
[  198.042390][ T3811] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  198.055481][ T3811] CPU: 1 PID: 3811 Comm: syz.1.892 Not tainted 5.10.225-syzkaller-00513-g8d23314f588a #0
[  198.065080][ T3811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  198.074974][ T3811] Call Trace:
[  198.078106][ T3811]  dump_stack_lvl+0x1e2/0x24b
[  198.082615][ T3811]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  198.088082][ T3811]  ? shmem_getpage_gfp+0x2230/0x2480
[  198.093211][ T3811]  dump_stack+0x15/0x17
[  198.097193][ T3811]  should_fail+0x3c6/0x510
[  198.101450][ T3811]  should_fail_usercopy+0x1a/0x20
[  198.106306][ T3811]  iov_iter_copy_from_user_atomic+0x391/0xd80
[  198.109861][    T5] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  198.112221][ T3811]  ? shmem_getpage+0xa0/0xa0
[  198.124448][ T3811]  ? iov_iter_fault_in_readable+0x31f/0x4f0
[  198.130173][ T3811]  ? memzero_page+0x100/0x100
[  198.134688][ T3811]  generic_perform_write+0x34c/0x570
[  198.139808][ T3811]  ? grab_cache_page_write_begin+0xa0/0xa0
[  198.145446][ T3811]  ? file_remove_privs+0x570/0x570
[  198.150397][ T3811]  ? sysvec_reschedule_ipi+0x83/0x160
[  198.155775][ T3811]  ? asm_sysvec_reschedule_ipi+0x12/0x20
[  198.161248][ T3811]  __generic_file_write_iter+0x23c/0x560
[  198.166714][ T3811]  ? generic_write_checks+0x389/0x470
[  198.171923][ T3811]  generic_file_write_iter+0xaf/0x1c0
[  198.177127][ T3811]  vfs_write+0xb4c/0xe70
[  198.181207][ T3811]  ? kernel_write+0x3d0/0x3d0
[  198.186155][ T3811]  ? mutex_trylock+0xa0/0xa0
[  198.190587][ T3811]  ? __fdget_pos+0x2e7/0x3a0
[  198.195006][ T3811]  ? ksys_write+0x77/0x2c0
[  198.199259][ T3811]  ksys_write+0x199/0x2c0
[  198.203426][ T3811]  ? __ia32_sys_read+0x90/0x90
[  198.208025][ T3811]  ? fpu__clear_all+0x20/0x20
[  198.212543][ T3811]  ? __kasan_check_read+0x11/0x20
[  198.217410][ T3811]  __x64_sys_write+0x7b/0x90
[  198.221828][ T3811]  do_syscall_64+0x34/0x70
[  198.226084][ T3811]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  198.231807][ T3811] RIP: 0033:0x7ff2be1acff9
[  198.236062][ T3811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.255518][ T3811] RSP: 002b:00007ff2bcde4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  198.263747][ T3811] RAX: ffffffffffffffda RBX: 00007ff2be365130 RCX: 00007ff2be1acff9
[  198.271557][ T3811] RDX: 0000000000040010 RSI: 0000000020000180 RDI: 0000000000000009
[  198.279369][ T3811] RBP: 00007ff2bcde4090 R08: 0000000000000000 R09: 0000000000000000
[  198.287180][ T3811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  198.295009][ T3811] R13: 0000000000000000 R14: 00007ff2be365130 R15: 00007ffe68bc69d8
[  198.317505][    T5] usb 4-1: config 0 has no interface number 0
[  198.329742][    T5] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  198.346235][    T5] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  198.359337][   T20] usbhid 2-1:1.0: can't add hid device: -71
[  198.365267][   T20] usbhid: probe of 2-1:1.0 failed with error -71
[  198.372659][   T20] usb 2-1: USB disconnect, device number 28
[  198.468376][    T5] usb 4-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[  198.546358][ T3822] hub 6-0:1.0: USB hub found
[  198.551503][ T3822] hub 6-0:1.0: 1 port detected
[  198.776395][    T5] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  198.784421][    T5] usb 4-1: Product: syz
[  198.793130][    T5] usb 4-1: SerialNumber: syz
[  198.799807][    T5] usb 4-1: config 0 descriptor??
[  198.804826][  T375] Bluetooth: hci0: command 0x1001 tx timeout
[  198.811200][  T984] Bluetooth: hci0: sending frame failed (-49)
[  198.978308][   T24] audit: type=1107 audit(1727569211.270:1021): pid=3825 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  199.078934][    T5] snd-usb-audio: probe of 4-1:0.2 failed with error -12
[  199.255066][ T3835] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  199.262233][ T3835] 9p: Unknown uid 18446744073709551615
[  199.279793][  T287] usb 4-1: USB disconnect, device number 32
[  199.409459][ T3839] erofs: (device loop0): mounted with root inode @ nid 36.
[  199.649236][ T3842] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  199.664422][ T3842] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  199.673327][ T3842] F2FS-fs (loop2): invalid crc value
[  199.678958][ T3842] F2FS-fs (loop2): invalid crc_offset: 33558524
[  199.685132][ T3842] F2FS-fs (loop2): Failed to get valid F2FS checkpoint
[  200.480638][ T3873] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  200.876228][ T3880] hub 6-0:1.0: USB hub found
[  200.881251][ T3880] hub 6-0:1.0: 1 port detected
[  201.309901][  T375] Bluetooth: hci0: command 0x1009 tx timeout
[  201.401548][ T3886] EXT4-fs (loop0): error: journal path ./file0 is not a block device
[  201.590137][ T3889] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  201.606625][ T3889] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  201.617023][ T3889] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  201.766260][   T24] audit: type=1107 audit(1727569214.070:1022): pid=3885 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  201.907785][ T3902] netlink: 12 bytes leftover after parsing attributes in process `syz.2.913'.
[  202.318696][   T24] audit: type=1326 audit(1727569214.630:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3912 comm="syz.2.920" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f165eea6ff9 code=0x0
[  203.353882][ T3938] hub 6-0:1.0: USB hub found
[  203.359205][ T3938] hub 6-0:1.0: 1 port detected
[  203.882237][   T24] audit: type=1107 audit(1727569216.190:1024): pid=3947 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  204.147248][ T3957] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.154246][ T3957] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.161665][ T3957] device bridge_slave_0 entered promiscuous mode
[  204.168918][ T3957] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.175902][ T3957] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.183212][ T3957] device bridge_slave_1 entered promiscuous mode
[  204.471594][ T3957] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.478489][ T3957] bridge0: port 2(bridge_slave_1) entered forwarding state
[  204.485555][ T3957] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.492373][ T3957] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.503729][   T24] audit: type=1326 audit(1727569216.810:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.0.934" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1abf33bff9 code=0x0
[  204.543151][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.551422][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.560285][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  204.579727][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  204.606053][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  204.676455][  T478] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.683378][  T478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.692487][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  204.700554][  T478] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.707407][  T478] bridge0: port 2(bridge_slave_1) entered forwarding state
[  204.722442][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  204.730674][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  205.025349][ T3957] device veth0_vlan entered promiscuous mode
[  205.055679][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  205.066095][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  205.088840][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  205.099249][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  205.127367][ T3957] device veth1_macvtap entered promiscuous mode
[  205.134751][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  205.147305][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  205.155396][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  205.168149][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  205.184937][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  205.236057][   T24] audit: type=1326 audit(1727569217.540:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.3.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fdb622ff9 code=0x7ffc0000
[  205.263018][   T24] audit: type=1326 audit(1727569217.540:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.3.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f0fdb622ff9 code=0x7ffc0000
[  205.286578][   T24] audit: type=1326 audit(1727569217.540:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.3.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fdb622ff9 code=0x7ffc0000
[  205.318375][   T24] audit: type=1326 audit(1727569217.540:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.3.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0fdb622ff9 code=0x7ffc0000
[  205.345490][   T24] audit: type=1326 audit(1727569217.540:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.3.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fdb622ff9 code=0x7ffc0000
[  205.369020][   T24] audit: type=1326 audit(1727569217.540:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.3.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fdb622ff9 code=0x7ffc0000
[  205.488398][  T312] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  205.885578][ T3990] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  205.953325][ T3989] netlink: 4 bytes leftover after parsing attributes in process `syz.1.938'.
[  205.960181][ T3990] ext4 filesystem being mounted at /15/bus supports timestamps until 2038 (0x7fffffff)
[  205.982906][    T9] device bridge_slave_1 left promiscuous mode
[  205.989017][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.996447][    T9] device bridge_slave_0 left promiscuous mode
[  206.002774][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.019751][    T9] device veth1_macvtap left promiscuous mode
[  206.026671][    T9] device veth0_vlan left promiscuous mode
[  206.032682][  T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.042773][  T312] usb 5-1: New USB device found, idVendor=046d, idProduct=c29b, bcdDevice= 0.00
[  206.051913][  T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.077711][  T312] usb 5-1: config 0 descriptor??
[  206.475898][ T4010] x_tables: unsorted underflow at hook 3
[  206.486104][ T4005] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodelalloc,grpid,auto_da_alloc,,errors=continue
[  206.509092][ T4005] ext4 filesystem being mounted at /16/bus supports timestamps until 2038 (0x7fffffff)
[  206.527017][    T9] Bluetooth: hci0: Frame reassembly failed (-84)
[  207.008558][  T312] usbhid 5-1:0.0: can't add hid device: -71
[  207.014405][  T312] usbhid: probe of 5-1:0.0 failed with error -71
[  207.025505][  T312] usb 5-1: USB disconnect, device number 28
[  207.068465][ T1008] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  207.351432][ T4022] overlayfs: failed to resolve './file1': -2
[  207.468712][ T1008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.480223][ T1008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.491772][ T1008] usb 3-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00
[  207.502348][ T1008] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.535752][ T1008] usb 3-1: config 0 descriptor??
[  207.698355][ T1713] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  207.758363][ T2369] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  207.938310][ T1713] usb 2-1: Using ep0 maxpacket: 32
[  207.992031][ T4026] EXT4-fs (loop4): orphan cleanup on readonly fs
[  207.998732][ T4026] EXT4-fs error (device loop4): ext4_ext_check_inode:500: inode #4: comm syz.4.947: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048)
[  208.017040][ T4026] EXT4-fs error (device loop4): ext4_quota_enable:6426: comm syz.4.947: Bad quota inode: 4, type: 1
[  208.027933][ T4026] EXT4-fs warning (device loop4): ext4_enable_quotas:6467: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  208.042624][ T4026] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  208.048313][ T2369] usb 4-1: Using ep0 maxpacket: 8
[  208.049172][ T4026] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  208.063131][ T1713] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  208.074310][ T1713] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  208.085356][ T1713] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  208.094299][ T1713] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.133234][ T1713] usb 2-1: config 0 descriptor??
[  208.158387][ T4024] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  208.178477][ T2369] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.178895][ T1713] hub 2-1:0.0: USB hub found
[  208.192631][ T2369] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.378463][ T1008] usbhid 3-1:0.0: can't add hid device: -71
[  208.385046][ T1008] usbhid: probe of 3-1:0.0 failed with error -71
[  208.408502][ T1713] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  208.423435][ T1008] usb 3-1: USB disconnect, device number 29
[  208.424544][ T2369] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  208.440439][ T2369] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  208.450033][ T2369] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  208.459565][ T2369] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  208.548477][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  208.554515][  T984] Bluetooth: hci0: sending frame failed (-49)
[  208.678398][ T2369] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  208.687348][ T2369] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.695132][ T2369] usb 4-1: Product: syz
[  208.699129][ T2369] usb 4-1: Manufacturer: syz
[  208.703492][ T2369] usb 4-1: SerialNumber: syz
[  208.854280][ T1713] hid-generic 0003:046D:C314.0027: hidraw0: USB HID v8.00 Device [HID 046d:c314] on usb-dummy_hcd.1-1/input0
[  208.878352][ T1008] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  208.948998][ T4035] EXT4-fs error (device loop4): ext4_fill_super:4955: inode #2: comm syz.4.949: casefold flag without casefold feature
[  208.961679][ T4035] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  208.971752][ T4035] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  209.058910][  T464] device bridge_slave_1 left promiscuous mode
[  209.067144][  T464] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.074691][  T464] device bridge_slave_0 left promiscuous mode
[  209.080823][  T464] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.089214][  T464] device veth1_macvtap left promiscuous mode
[  209.238381][ T1008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.249285][ T1008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.259859][ T1008] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  209.269373][    T5] usb 2-1: USB disconnect, device number 29
[  209.273031][ T1008] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  209.287501][ T1008] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.296284][ T1008] usb 3-1: config 0 descriptor??
[  209.308884][ T4044] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=48 sclass=netlink_audit_socket pid=4044 comm=syz.4.950
[  209.321781][   T24] audit: type=1326 audit(1727569221.630:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4039 comm="syz.4.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18108f9ff9 code=0x7ffc0000
[  209.350473][   T24] audit: type=1326 audit(1727569221.650:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4039 comm="syz.4.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f18108f9ff9 code=0x7ffc0000
[  209.374249][   T24] audit: type=1326 audit(1727569221.650:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4039 comm="syz.4.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18108f9ff9 code=0x7ffc0000
[  209.408338][ T2369] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS
[  209.414227][ T2369] cdc_ncm 4-1:1.0: bind() failure
[  209.420463][ T2369] cdc_ncm 4-1:1.1: bind() failure
[  209.432902][ T2369] usb 4-1: USB disconnect, device number 33
[  209.793754][ T1008] prodikeys 0003:041E:2801.0028: unexpected long global item
[  209.803852][ T1008] prodikeys 0003:041E:2801.0028: hid parse failed
[  209.818538][ T1008] prodikeys: probe of 0003:041E:2801.0028 failed with error -22
[  209.983177][ T2369] usb 3-1: USB disconnect, device number 30
[  210.054645][ T4060] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  210.064032][ T4060] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038 (0x7fffffff)
[  210.618372][ T2369] Bluetooth: hci0: command 0x1001 tx timeout
[  210.624296][  T984] Bluetooth: hci0: sending frame failed (-49)
[  211.119966][ T4078] EXT4-fs (loop4): orphan cleanup on readonly fs
[  211.126855][ T4078] EXT4-fs error (device loop4): ext4_ext_check_inode:500: inode #4: comm syz.4.960: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048)
[  211.159496][ T4078] EXT4-fs error (device loop4): ext4_quota_enable:6426: comm syz.4.960: Bad quota inode: 4, type: 1
[  211.170333][ T4078] EXT4-fs warning (device loop4): ext4_enable_quotas:6467: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  211.185019][ T4078] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  211.191549][ T4078] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  211.708944][ T4094] binder: 4091:4094 ioctl c0306201 20001a80 returned -14
[  212.698299][ T2369] Bluetooth: hci0: command 0x1009 tx timeout
[  212.748439][  T287] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  213.195244][ T4124] hub 6-0:1.0: USB hub found
[  213.200286][ T4124] hub 6-0:1.0: 1 port detected
[  213.408728][  T287] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  213.419733][  T287] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  213.429356][  T287] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  213.454342][  T287] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  213.469373][  T287] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.485534][  T287] usb 3-1: config 0 descriptor??
[  214.003866][  T287] prodikeys 0003:041E:2801.0029: unexpected long global item
[  214.011995][  T287] prodikeys 0003:041E:2801.0029: hid parse failed
[  214.018691][  T287] prodikeys: probe of 0003:041E:2801.0029 failed with error -22
[  214.191326][  T287] usb 3-1: USB disconnect, device number 31
[  214.209666][ T4143] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  215.090477][ T4155] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.980: casefold flag without casefold feature
[  215.129664][ T4155] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.980: missing EA_INODE flag
[  215.141689][ T4155] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.980: error while reading EA inode 12 err=-117
[  215.154270][ T4155] EXT4-fs (loop2): 1 orphan inode deleted
[  215.160467][ T4155] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue
[  215.298434][  T287] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  215.360418][ T4162] fscrypt (loop2, inode 15): Unsupported encryption flags (0x10)
[  215.578341][  T287] usb 5-1: Using ep0 maxpacket: 8
[  215.718422][  T287] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  215.729237][  T287] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  215.739682][  T287] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  215.749391][  T287] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  215.758314][   T54] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  215.759122][  T287] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  215.776189][  T287] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  215.978476][  T287] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  215.987467][  T287] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.995271][  T287] usb 5-1: Product: syz
[  215.999231][  T287] usb 5-1: Manufacturer: syz
[  216.003618][  T287] usb 5-1: SerialNumber: syz
[  216.401094][ T4182] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.407954][ T4182] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.415552][ T4182] device bridge_slave_0 entered promiscuous mode
[  216.422165][   T54] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  216.432609][ T4182] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.433136][   T54] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  216.447903][ T4182] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.449709][   T54] usb 2-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00
[  216.465374][   T54] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.474137][   T54] usb 2-1: config 0 descriptor??
[  216.479517][ T4182] device bridge_slave_1 entered promiscuous mode
[  216.533157][ T4182] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.540047][ T4182] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.547127][ T4182] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.553934][ T4182] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.572031][  T464] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.579271][  T464] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.586454][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  216.594287][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  216.615070][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  216.624220][  T464] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.631067][  T464] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.640073][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  216.650424][  T464] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.657255][  T464] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.684361][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  216.692989][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  216.728091][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  216.740938][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  216.763886][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  216.771565][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  216.788359][  T287] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[  216.793129][ T4182] device veth0_vlan entered promiscuous mode
[  216.794179][  T287] cdc_ncm 5-1:1.0: bind() failure
[  216.814020][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  216.823963][ T4182] device veth1_macvtap entered promiscuous mode
[  216.835903][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  216.848156][  T464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  216.860012][  T287] cdc_ncm 5-1:1.1: bind() failure
[  216.873282][  T287] usb 5-1: USB disconnect, device number 29
[  216.908287][   T24] kauditd_printk_skb: 5 callbacks suppressed
[  216.908298][   T24] audit: type=1326 audit(1727569229.210:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.215688][   T24] audit: type=1326 audit(1727569229.210:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.287568][   T24] audit: type=1326 audit(1727569229.370:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.325517][   T24] audit: type=1326 audit(1727569229.370:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.356013][   T24] audit: type=1326 audit(1727569229.370:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.401522][   T24] audit: type=1326 audit(1727569229.390:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.429463][   T24] audit: type=1326 audit(1727569229.390:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.454731][ T4202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.987'.
[  217.494063][ T4204] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  217.495358][   T24] audit: type=1326 audit(1727569229.390:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.524295][   T24] audit: type=1326 audit(1727569229.390:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.549696][ T4200] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.986: casefold flag without casefold feature
[  217.554857][   T24] audit: type=1326 audit(1727569229.390:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4192 comm="syz.0.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c3ec6ff9 code=0x7ffc0000
[  217.562425][   T54] usbhid 2-1:0.0: can't add hid device: -71
[  217.593186][   T54] usbhid: probe of 2-1:0.0 failed with error -71
[  217.605322][   T54] usb 2-1: USB disconnect, device number 30
[  217.629331][ T4200] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz.0.986: missing EA_INODE flag
[  217.651364][ T4200] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.986: error while reading EA inode 12 err=-117
[  217.672470][ T4200] EXT4-fs (loop0): 1 orphan inode deleted
[  217.681214][ T4200] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,,errors=continue
[  218.250335][ T4223] overlayfs: failed to resolve './file1': -2
[  218.539346][  T478] device bridge_slave_1 left promiscuous mode
[  218.551812][ T4227]  loop4: p2 < >
[  218.566399][    C0] blk_update_request: operation not supported error, dev loop4, sector 0 op 0x9:(WRITE_ZEROES) flags 0x800800 phys_seg 0 prio class 0
[  218.575788][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.588817][  T478] device bridge_slave_0 left promiscuous mode
[  218.594887][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.604224][  T478] device veth1_macvtap left promiscuous mode
[  218.868505][  T478] device veth0_vlan left promiscuous mode
[  218.972181][ T4235] tipc: Started in network mode
[  218.977023][ T4235] tipc: Own node identity ac14140f, cluster identity 4711
[  218.984373][ T4235] tipc: New replicast peer: 255.255.255.255
[  218.990780][ T4235] tipc: Enabled bearer <udp:syz2>, priority 10
[  219.419626][ T2369] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  219.488384][    T5] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  219.595509][ T4253] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  219.658283][ T2369] usb 3-1: Using ep0 maxpacket: 8
[  219.728315][    T5] usb 1-1: Using ep0 maxpacket: 8
[  219.778392][ T2369] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.789204][ T2369] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.798809][ T2369] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  219.808413][ T2369] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  219.818086][ T2369] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  219.827566][ T2369] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  219.848451][    T5] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.859311][    T5] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.868922][    T5] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  219.878833][    T5] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  219.888404][    T5] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  219.897792][    T5] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  219.959360][ T4255] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  219.988372][ T2369] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  219.988492][ T1008] tipc: 32-bit node address hash set to f1414ac
[  219.997527][ T2369] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.011210][ T2369] usb 3-1: Product: syz
[  220.015190][ T2369] usb 3-1: Manufacturer: syz
[  220.019666][ T2369] usb 3-1: SerialNumber: syz
[  220.068364][    T5] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  220.077494][    T5] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.096990][    T5] usb 1-1: Product: syz
[  220.101130][    T5] usb 1-1: Manufacturer: syz
[  220.105551][    T5] usb 1-1: SerialNumber: syz
[  220.648349][   T54] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  220.728419][ T2369] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[  220.734321][ T2369] cdc_ncm 3-1:1.0: bind() failure
[  220.739972][ T2369] cdc_ncm 3-1:1.1: bind() failure
[  220.746117][ T2369] usb 3-1: USB disconnect, device number 32
[  220.808430][    T5] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS
[  220.814233][    T5] cdc_ncm 1-1:1.0: bind() failure
[  220.820324][    T5] cdc_ncm 1-1:1.1: bind() failure
[  220.837010][    T5] usb 1-1: USB disconnect, device number 26
[  221.173652][   T54] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  221.183861][   T54] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  221.192599][   T54] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  221.278436][   T54] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  221.287341][   T54] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  221.295391][   T54] usb 2-1: SerialNumber: syz
[  221.382109][ T4275] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,jqfmt=vfsv1,,errors=continue
[  221.392959][ T4275] ext4 filesystem being mounted at /4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  221.603791][ T4262] udc-core: couldn't find an available UDC or it's busy
[  221.620699][ T4262] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  221.701703][ T4275] incfs: Error accessing: ./bus.
[  221.706536][ T4275] incfs: mount failed -20
[  221.739310][   T54] usb 2-1: 0:2 : does not exist
[  221.790523][ T4284] EXT4-fs (loop4): error: journal path ./file0 is not a block device
[  222.246488][   T24] kauditd_printk_skb: 14 callbacks suppressed
[  222.246557][   T24] audit: type=1107 audit(1727569234.390:1064): pid=4283 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  223.035880][ T4305] overlayfs: failed to resolve './file1': -2
[  223.298739][ T4314] FAT-fs (loop2): Unrecognized mount option "sys_enter" or missing value
[  223.308219][   T24] audit: type=1400 audit(1727569235.610:1065): avc:  denied  { getopt } for  pid=4313 comm="syz.2.1016" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  223.348598][  T287] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  223.402213][    T5] usb 2-1: USB disconnect, device number 31
[  223.455905][ T4318] fuse: Bad value for 'fd'
[  223.505689][   T24] audit: type=1400 audit(1727569235.810:1066): avc:  denied  { read } for  pid=4319 comm="syz.2.1018" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  223.530522][   T24] audit: type=1400 audit(1727569235.840:1067): avc:  denied  { setattr } for  pid=4319 comm="syz.2.1018" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  223.576267][   T24] audit: type=1400 audit(1727569235.880:1068): avc:  denied  { ioctl } for  pid=4317 comm="syz.1.1017" path="socket:[33682]" dev="sockfs" ino=33682 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  224.148394][  T287] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  224.159247][  T287] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  224.168881][  T287] usb 1-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  224.177777][  T287] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.190917][  T287] usb 1-1: config 0 descriptor??
[  224.709181][  T287] waltop 0003:172F:0501.002A: hidraw0: USB HID v0.00 Device [HID 172f:0501] on usb-dummy_hcd.0-1/input0
[  225.208326][ T2369] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  225.670766][   T24] audit: type=1400 audit(1727569237.800:1069): avc:  denied  { connect } for  pid=4355 comm="syz.2.1027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  225.818454][ T2369] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.829472][ T2369] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.846238][ T2369] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  225.872195][ T2369] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  225.881478][ T2369] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.895243][ T2369] usb 5-1: config 0 descriptor??
[  226.485800][ T2369] prodikeys 0003:041E:2801.002B: unexpected long global item
[  226.494900][ T2369] prodikeys 0003:041E:2801.002B: hid parse failed
[  226.501481][ T2369] prodikeys: probe of 0003:041E:2801.002B failed with error -22
[  226.570045][  T287] usb 5-1: USB disconnect, device number 30
[  226.931218][ T2369] usb 1-1: USB disconnect, device number 27
[  226.995481][   T24] audit: type=1326 audit(1727569239.300:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4381 comm="syz.3.1034" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0fdb622ff9 code=0x0
[  227.349502][ T4391] fuse: Bad value for 'rootmode'
[  227.414812][ T4395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1038'.
[  227.451661][ T4386] F2FS-fs (loop2): invalid crc value
[  227.458221][ T4386] F2FS-fs (loop2): invalid crc value
[  227.463706][ T4386] F2FS-fs (loop2): Failed to get valid F2FS checkpoint
[  227.495147][   T24] audit: type=1400 audit(1727569239.800:1071): avc:  denied  { mounton } for  pid=4399 comm="syz.4.1040" path="/22/file0/file0" dev="loop4" ino=1048666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[  227.546027][   T24] audit: type=1400 audit(1727569239.850:1072): avc:  denied  { watch } for  pid=4399 comm="syz.4.1040" path="/22/file0/file0" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[  227.574557][ T3957] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  227.608454][ T3957] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  227.745058][ T4407] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.752288][ T4407] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.759588][ T4407] device bridge_slave_0 entered promiscuous mode
[  227.766321][ T4407] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.773381][ T4407] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.780933][ T4407] device bridge_slave_1 entered promiscuous mode
[  227.814064][ T4407] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.820933][ T4407] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.828316][ T4407] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.835085][ T4407] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.897324][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  227.910113][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  227.928160][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  227.950557][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  227.968379][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  227.976544][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  227.994758][ T4407] device veth0_vlan entered promiscuous mode
[  228.001320][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  228.009917][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  228.017326][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  228.033985][ T4407] device veth1_macvtap entered promiscuous mode
[  228.041377][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  228.055307][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  228.073291][   T24] audit: type=1400 audit(1727569240.380:1073): avc:  denied  { mounton } for  pid=4407 comm="syz-executor" path="/root/syzkaller.aBF4vf/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  228.073628][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  228.598379][ T2369] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  228.838354][   T20] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  228.848372][ T2369] usb 1-1: Using ep0 maxpacket: 16
[  228.968400][ T2369] usb 1-1: config 0 has an invalid interface number: 2 but max is 0
[  228.976235][ T2369] usb 1-1: config 0 has no interface number 0
[  228.982547][ T2369] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 173
[  229.108360][ T2369] usb 1-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[  229.117491][ T2369] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  229.179581][ T4441] FAULT_INJECTION: forcing a failure.
[  229.179581][ T4441] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  229.192469][ T4441] CPU: 1 PID: 4441 Comm: syz.2.1051 Not tainted 5.10.225-syzkaller-00513-g8d23314f588a #0
[  229.202139][ T4441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  229.212040][ T4441] Call Trace:
[  229.215172][ T4441]  dump_stack_lvl+0x1e2/0x24b
[  229.219681][ T4441]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  229.224972][ T4441]  dump_stack+0x15/0x17
[  229.229057][ T4441]  should_fail+0x3c6/0x510
[  229.233307][ T4441]  should_fail_usercopy+0x1a/0x20
[  229.238163][ T4441]  _copy_from_user+0x20/0xd0
[  229.242590][ T4441]  tcp_setsockopt+0x2059/0x3660
[  229.245544][ T2369] usb 1-1: Product: syz
[  229.247283][ T4441]  ? tcp_sock_set_keepcnt+0xa0/0xa0
[  229.251303][ T2369] usb 1-1: SerialNumber: syz
[  229.256315][ T4441]  ? selinux_socket_setsockopt+0x260/0x360
[  229.266372][ T4441]  ? selinux_socket_getsockopt+0x340/0x340
[  229.272013][ T4441]  sock_common_setsockopt+0xa2/0xc0
[  229.277041][ T4441]  ? sock_common_recvmsg+0x240/0x240
[  229.282164][ T4441]  __sys_setsockopt+0x502/0x870
[  229.286848][ T4441]  ? __ia32_sys_recv+0xb0/0xb0
[  229.291450][ T4441]  ? __kasan_check_write+0x14/0x20
[  229.296399][ T4441]  ? switch_fpu_return+0x1e4/0x3c0
[  229.301347][ T4441]  ? fpu__clear_all+0x20/0x20
[  229.305857][ T4441]  __x64_sys_setsockopt+0xbf/0xd0
[  229.310720][ T4441]  do_syscall_64+0x34/0x70
[  229.314971][ T4441]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  229.320699][ T4441] RIP: 0033:0x7f165eea6ff9
[  229.324948][ T4441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.344393][ T4441] RSP: 002b:00007f165dade038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  229.352637][ T4441] RAX: ffffffffffffffda RBX: 00007f165f05f130 RCX: 00007f165eea6ff9
[  229.360446][ T4441] RDX: 0000000000000016 RSI: 0000000000000006 RDI: 0000000000000007
[  229.368266][ T4441] RBP: 00007f165dade090 R08: 00000000000021a5 R09: 0000000000000000
[  229.376073][ T4441] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  229.383882][ T4441] R13: 0000000000000000 R14: 00007f165f05f130 R15: 00007ffdc1722b68
[  229.393156][ T2369] usb 1-1: config 0 descriptor??
[  229.408466][ T4421] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  229.438369][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.449174][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  229.458849][   T20] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  229.471533][   T20] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  229.480385][   T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.489279][   T20] usb 2-1: config 0 descriptor??
[  229.983093][   T20] prodikeys 0003:041E:2801.002C: unexpected long global item
[  229.990420][   T20] prodikeys 0003:041E:2801.002C: hid parse failed
[  229.996777][   T20] prodikeys: probe of 0003:041E:2801.002C failed with error -22
[  230.211732][   T20] usb 2-1: USB disconnect, device number 32
[  230.879984][ T4452] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodelalloc,grpid,auto_da_alloc,,errors=continue
[  230.891744][ T4452] ext4 filesystem being mounted at /39/bus supports timestamps until 2038 (0x7fffffff)
[  230.948957][ T2369] usb 1-1: invalid MIDI in EP 0
[  230.954515][ T2369] snd-usb-audio: probe of 1-1:0.2 failed with error -22
[  230.962491][ T2369] usb 1-1: USB disconnect, device number 28
[  231.018831][   T20] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  231.252203][   T24] audit: type=1326 audit(1727569243.560:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4460 comm="syz.4.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06f4b9cff9 code=0x7ffc0000
[  231.276346][   T24] audit: type=1326 audit(1727569243.580:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4460 comm="syz.4.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f06f4b9cff9 code=0x7ffc0000
[  231.300388][   T24] audit: type=1326 audit(1727569243.580:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4460 comm="syz.4.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06f4b9cff9 code=0x7ffc0000
[  231.323790][ T2369] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  231.335053][ T4462] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.342120][ T4462] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.349301][   T24] audit: type=1326 audit(1727569243.580:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4460 comm="syz.4.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06f4b9cff9 code=0x7ffc0000
[  231.350136][ T4462] device bridge_slave_0 entered promiscuous mode
[  231.375660][   T24] audit: type=1326 audit(1727569243.580:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4460 comm="syz.4.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f06f4b9cff9 code=0x7ffc0000
[  231.379749][ T4462] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.402446][   T24] audit: type=1326 audit(1727569243.580:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4460 comm="syz.4.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06f4b9cff9 code=0x7ffc0000
[  231.408938][ T4462] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.435810][   T24] audit: type=1326 audit(1727569243.580:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4460 comm="syz.4.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06f4b9cff9 code=0x7ffc0000
[  231.439837][ T4462] device bridge_slave_1 entered promiscuous mode
[  231.468380][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.479794][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  231.490682][   T20] usb 2-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00
[  231.500909][   T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.533690][   T20] usb 2-1: config 0 descriptor??
[  231.883900][ T4462] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.890765][ T4462] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.897841][ T4462] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.904674][ T4462] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.923434][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  231.930869][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.937976][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.952890][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  231.960965][  T478] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.967874][  T478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.976798][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  231.985308][  T478] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.992261][  T478] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.004709][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  232.014189][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  232.029059][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  232.040586][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  232.048495][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  232.055745][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  232.063058][ T2369] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.064536][ T4462] device veth0_vlan entered promiscuous mode
[  232.079709][ T2369] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  232.089270][ T2369] usb 1-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  232.092851][   T20] apple 0003:05AC:0262.002D: unbalanced collection at end of report description
[  232.098085][ T2369] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.109249][   T20] apple 0003:05AC:0262.002D: parse failed
[  232.128794][ T4462] device veth1_macvtap entered promiscuous mode
[  232.142750][ T2369] usb 1-1: config 0 descriptor??
[  232.151913][   T20] apple: probe of 0003:05AC:0262.002D failed with error -22
[  232.162727][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  232.171167][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  232.179892][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  232.213054][ T4472] EXT4-fs (loop4): error: journal path ./file0 is not a block device
[  232.278087][ T4476] incfs: Options parsing error. -22
[  232.283405][ T4476] incfs: mount failed -22
[  232.338310][   T20] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  232.690223][ T2369] waltop 0003:172F:0501.002E: hidraw0: USB HID v0.00 Device [HID 172f:0501] on usb-dummy_hcd.0-1/input0
[  232.748392][   T20] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  232.758745][   T20] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  232.840073][ T2369] usb 2-1: USB disconnect, device number 33
[  232.848820][   T20] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  232.857733][   T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  232.865803][   T20] usb 3-1: SerialNumber: syz
[  233.128888][ T4469] udc-core: couldn't find an available UDC or it's busy
[  233.136943][ T4469] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  233.386874][ T4469] exFAT-fs (loop2): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x1119afd0)
[  233.444682][ T4469] exFAT-fs (loop2): invalid boot region
[  233.450317][ T4469] exFAT-fs (loop2): failed to recognize exfat type
[  233.638884][   T20] usb 3-1: 0:2 : does not exist
[  233.644093][   T20] usb 3-1: unit 5 not found!
[  233.708420][   T24] kauditd_printk_skb: 20 callbacks suppressed
[  233.708510][   T24] audit: type=1107 audit(1727569246.010:1101): pid=4491 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='��'
[  234.128363][   T54] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  234.203605][ T4506] overlayfs: failed to resolve './file1': -2
[  234.323271][ T1713] usb 1-1: USB disconnect, device number 29
[  234.443660][ T4510] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.1070: casefold flag without casefold feature
[  234.462586][ T4510] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz.0.1070: missing EA_INODE flag
[  234.474245][ T4510] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.1070: error while reading EA inode 12 err=-117
[  234.486665][ T4510] EXT4-fs (loop0): 1 orphan inode deleted
[  234.492779][ T4510] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,,errors=continue
[  234.783078][ T4522] fscrypt (loop0, inode 18): Unsupported encryption flags (0x10)
[  234.813457][   T54] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  234.829333][   T54] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  234.839189][   T54] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  234.851968][   T54] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  234.864427][   T54] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.882221][   T24] audit: type=1400 audit(1727569247.190:1102): avc:  denied  { mounton } for  pid=4518 comm="syz.1.1073" path="/112/file0" dev="tmpfs" ino=620 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  234.903018][ T4523] overlayfs: './file0' not a directory
[  234.922691][   T54] usb 4-1: config 0 descriptor??
[  234.969018][ T1713] usb 3-1: USB disconnect, device number 33
[  235.011336][ T4407] FAT-fs (loop4): error, invalid access to FAT (entry 0x72650000)
[  235.019132][ T4407] FAT-fs (loop4): Filesystem has been set read-only
[  235.025875][ T4407] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 73726c6c)
[  235.036174][ T4407] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 73726c6c)
[  235.314793][ T4533] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.324074][ T4533] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.338671][ T4533] device bridge_slave_0 entered promiscuous mode
[  235.347546][ T4533] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.354634][ T4533] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.362094][ T4533] device bridge_slave_1 entered promiscuous mode
[  235.420226][   T54] prodikeys 0003:041E:2801.002F: unexpected long global item
[  235.427571][   T54] prodikeys 0003:041E:2801.002F: hid parse failed
[  235.438440][ T4533] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.445280][ T4533] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.452409][ T4533] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.459196][ T4533] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.466355][   T54] prodikeys: probe of 0003:041E:2801.002F failed with error -22
[  235.511386][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  235.529916][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.548788][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.570420][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  235.582735][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.589599][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.608425][   T20] usb 4-1: USB disconnect, device number 34
[  235.614907][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  235.632232][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.639112][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.647501][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  235.655406][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  235.673372][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  235.685454][ T4533] device veth0_vlan entered promiscuous mode
[  235.694386][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  235.702922][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  235.710299][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  235.721416][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  235.730708][ T4538] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  235.738790][ T4538] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  235.748684][  T478] device bridge_slave_1 left promiscuous mode
[  235.749319][ T4538] F2FS-fs (loop0): invalid crc value
[  235.754612][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.767125][  T478] device bridge_slave_0 left promiscuous mode
[  235.773394][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.773852][ T4538] F2FS-fs (loop0): Found nat_bits in checkpoint
[  235.787069][  T478] device veth1_macvtap left promiscuous mode
[  235.793097][  T478] device veth0_vlan left promiscuous mode
[  235.813281][ T4538] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  235.820212][ T4538] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  235.898461][ T1713] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  235.911577][ T4533] device veth1_macvtap entered promiscuous mode
[  235.921619][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  235.996086][ T4549] overlayfs: failed to resolve './file0': -2
[  236.065752][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  236.328379][ T1713] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  236.340212][ T1713] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  236.715555][  T287] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  236.723068][ T1713] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  236.739121][ T1713] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.751242][ T1713] usb 2-1: config 0 descriptor??
[  237.098569][  T287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.110984][  T287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  237.120584][  T287] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  237.133365][  T287] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  237.142269][  T287] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.153766][  T287] usb 5-1: config 0 descriptor??
[  237.240053][ T4571] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  237.243657][ T1713] waltop 0003:172F:0501.0030: hidraw0: USB HID v0.00 Device [HID 172f:0501] on usb-dummy_hcd.1-1/input0
[  237.252845][ T4571] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  237.268723][ T4571] F2FS-fs (loop2): invalid crc value
[  237.275151][ T4571] F2FS-fs (loop2): Found nat_bits in checkpoint
[  237.296715][ T4571] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  237.303791][ T4571] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  237.338651][   T20] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  237.411946][ T4579] EXT4-fs (loop2): orphan cleanup on readonly fs
[  237.419176][ T4579] EXT4-fs error (device loop2): ext4_ext_check_inode:500: inode #4: comm syz.2.1088: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048)
[  237.437691][ T4579] EXT4-fs error (device loop2): ext4_quota_enable:6426: comm syz.2.1088: Bad quota inode: 4, type: 1
[  237.448792][ T4579] EXT4-fs warning (device loop2): ext4_enable_quotas:6467: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  237.463459][ T4579] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  237.470022][ T4579] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  237.630668][  T287] prodikeys 0003:041E:2801.0031: unexpected long global item
[  237.638435][  T287] prodikeys 0003:041E:2801.0031: hid parse failed
[  237.644735][  T287] prodikeys: probe of 0003:041E:2801.0031 failed with error -22
[  237.728341][   T20] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  237.744494][   T20] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  237.832238][   T15] usb 5-1: USB disconnect, device number 31
[  237.838360][   T20] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  237.856111][   T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  237.880676][   T20] usb 4-1: SerialNumber: syz
[  237.893018][ T4589] EXT4-fs (loop0): 1 orphan inode deleted
[  237.901175][ T4589] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,
[  237.935769][ T4589] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038 (0x7fffffff)
[  237.957544][ T4589] syz.0.1090[4589] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.128965][ T4569] udc-core: couldn't find an available UDC or it's busy
[  238.147105][ T4569] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  238.244476][ T4596] syz.0.1090[4596] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.244874][ T4596] syz.0.1090[4596] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.388888][   T20] usb 4-1: 0:2 : does not exist
[  238.410638][   T20] usb 4-1: unit 5 not found!
[  238.986556][   T54] usb 2-1: USB disconnect, device number 34
[  239.008308][   T15] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  239.248316][   T15] usb 1-1: Using ep0 maxpacket: 8
[  239.433838][ T4616] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4616 comm=syz.4.1095
[  239.452429][ T4616] overlayfs: missing 'workdir'
[  239.542349][   T15] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.553113][   T15] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  239.553912][ T4615] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  239.562777][   T15] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  239.572064][ T4615] ext4 filesystem being mounted at /47/mnt supports timestamps until 2038 (0x7fffffff)
[  239.581001][   T15] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  239.581033][   T15] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  239.609986][   T15] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  240.202150][  T287] usb 4-1: USB disconnect, device number 35
[  240.220113][   T15] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  240.220168][ T4624] FAULT_INJECTION: forcing a failure.
[  240.220168][ T4624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  240.220187][ T4624] CPU: 1 PID: 4624 Comm: syz.4.1098 Not tainted 5.10.225-syzkaller-00513-g8d23314f588a #0
[  240.229455][   T15] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.241847][ T4624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  240.241853][ T4624] Call Trace:
[  240.241874][ T4624]  dump_stack_lvl+0x1e2/0x24b
[  240.241883][ T4624]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  240.241892][ T4624]  ? ___sys_sendmsg+0x27b/0x2e0
[  240.241902][ T4624]  dump_stack+0x15/0x17
[  240.241912][ T4624]  should_fail+0x3c6/0x510
[  240.241929][ T4624]  should_fail_usercopy+0x1a/0x20
[  240.252009][   T15] usb 1-1: Product: syz
[  240.259387][ T4624]  _copy_to_user+0x20/0x90
[  240.259398][ T4624]  simple_read_from_buffer+0xc7/0x150
[  240.259417][ T4624]  proc_fail_nth_read+0x1a3/0x210
[  240.284567][   T15] usb 1-1: Manufacturer: syz
[  240.286906][ T4624]  ? proc_fault_inject_write+0x390/0x390
[  240.328215][ T4624]  ? security_file_permission+0x86/0xb0
[  240.333587][ T4624]  ? rw_verify_area+0x1c3/0x360
[  240.338271][ T4624]  ? proc_fault_inject_write+0x390/0x390
[  240.343741][ T4624]  vfs_read+0x200/0xba0
[  240.347759][ T4624]  ? kernel_read+0x70/0x70
[  240.351984][ T4624]  ? __kasan_check_write+0x14/0x20
[  240.356950][ T4624]  ? mutex_lock+0xa5/0x110
[  240.361182][ T4624]  ? mutex_trylock+0xa0/0xa0
[  240.365610][ T4624]  ? __fdget_pos+0x2e7/0x3a0
[  240.370034][ T4624]  ? ksys_read+0x77/0x2c0
[  240.374200][ T4624]  ksys_read+0x199/0x2c0
[  240.378284][ T4624]  ? vfs_write+0xe70/0xe70
[  240.382539][ T4624]  ? debug_smp_processor_id+0x17/0x20
[  240.387742][ T4624]  __x64_sys_read+0x7b/0x90
[  240.392093][ T4624]  do_syscall_64+0x34/0x70
[  240.396356][ T4624]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  240.402073][ T4624] RIP: 0033:0x7ffbaea15a3c
[  240.406320][ T4624] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  240.425845][ T4624] RSP: 002b:00007ffbad690030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  240.434089][ T4624] RAX: ffffffffffffffda RBX: 00007ffbaebcef80 RCX: 00007ffbaea15a3c
[  240.441898][ T4624] RDX: 000000000000000f RSI: 00007ffbad6900a0 RDI: 0000000000000004
[  240.449710][ T4624] RBP: 00007ffbad690090 R08: 0000000000000000 R09: 0000000000000000
[  240.457528][ T4624] R10: 0000000000004880 R11: 0000000000000246 R12: 0000000000000001
[  240.465342][ T4624] R13: 0000000000000000 R14: 00007ffbaebcef80 R15: 00007ffd094b4ec8
[  240.474299][   T15] usb 1-1: SerialNumber: syz
[  242.301505][ T4641] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  242.308545][ T4641] IPv6: NLM_F_CREATE should be set when creating new route
[  242.710937][   T15] cdc_ncm 1-1:1.0: bind() failure
[  242.716683][   T15] cdc_ncm 1-1:1.1: bind() failure
[  242.728172][   T15] usb 1-1: USB disconnect, device number 30
[  242.773655][ T4648] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  242.925456][ T4660] binder: 4659:4660 ioctl c0306201 200003c0 returned -14
[  244.351913][ T4648] sched: RT throttling activated
[  247.358577][   T15] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  255.358319][   T15] usb 1-1: device descriptor read/64, error -110
[  270.358319][   T15] usb 1-1: device descriptor read/64, error -32
SYZFAIL: failed to send rpc
fd=3 want=28352 sent=0 n=-1 (errno 32: Broken pipe)
[  270.632844][  T478] device bridge_slave_1 left promiscuous mode
[  270.639016][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.650528][  T478] device bridge_slave_0 left promiscuous mode
[  270.661915][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.669882][  T478] device veth1_macvtap left promiscuous mode
[  270.686840][  T478] device veth0_vlan left promiscuous mode
[  271.969474][  T478] device bridge_slave_1 left promiscuous mode
[  271.975391][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.982838][  T478] device bridge_slave_0 left promiscuous mode
[  271.988781][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.996197][  T478] device bridge_slave_1 left promiscuous mode
[  272.002203][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.009418][  T478] device bridge_slave_0 left promiscuous mode
[  272.015315][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.022881][  T478] device bridge_slave_1 left promiscuous mode
[  272.028844][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.035901][  T478] device bridge_slave_0 left promiscuous mode
[  272.041914][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.049406][  T478] device bridge_slave_1 left promiscuous mode
[  272.055307][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.062625][  T478] device bridge_slave_0 left promiscuous mode
[  272.068655][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.076224][  T478] device bridge_slave_1 left promiscuous mode
[  272.082238][  T478] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.089484][  T478] device bridge_slave_0 left promiscuous mode
[  272.095374][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.104715][  T478] device veth1_macvtap left promiscuous mode
[  272.110590][  T478] device veth0_vlan left promiscuous mode
[  272.116186][  T478] device veth1_macvtap left promiscuous mode
[  272.121928][  T478] device veth0_vlan left promiscuous mode
[  272.127555][  T478] device veth1_macvtap left promiscuous mode
[  272.133383][  T478] device veth0_vlan left promiscuous mode
[  272.139135][  T478] device veth1_macvtap left promiscuous mode
[  272.144918][  T478] device veth0_vlan left promiscuous mode
[  272.151004][  T478] device veth1_macvtap left promiscuous mode
[  272.156794][  T478] device veth0_vlan left promiscuous mode