last executing test programs:

23m57.739524752s ago: executing program 0 (id=357):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

23m57.704714682s ago: executing program 0 (id=358):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000000040)={0x77359400}, 0x10)
syz_emit_ethernet(0x7a, &(0x7f0000000480)={@local, @random="7e4173edf6b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x14, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @rand_addr, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@multicast2, 0x300}, {@empty}, {@loopback}]}, @cipso={0x86, 0x20, 0x0, [{0x0, 0x11, "0001632a3a835e9504005d8b000000"}, {0x0, 0x9, "4ef661e96b4014"}]}]}}}}}}}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x11, 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000a00)=<r2=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111a300000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x2e, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_procfs(r2, &(0x7f0000000940)='fd/4\x00')
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
r5 = openat(r4, &(0x7f0000000000)='./file0\x00', 0xc00, 0x114)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000028c0), 0x180, 0x0)
open_tree(r5, &(0x7f0000002bc0)='./file0\x00', 0x80001)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r6, &(0x7f00000000c0)=""/44, 0x2c)
getdents(r6, &(0x7f0000000040)=""/44, 0x2c)
getdents64(r6, &(0x7f0000002f40)=""/4098, 0x1002)
getresgid(&(0x7f00000030c0), &(0x7f0000003100), &(0x7f0000003140))
r7 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r8, 0x0)
read$FUSE(r3, &(0x7f0000003440)={0x2020}, 0x2020)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0)
syz_usb_connect(0x0, 0x7e, &(0x7f0000000080)={{0x12, 0x1, 0x128, 0x8d, 0xbf, 0xa1, 0x40, 0x5d1, 0x9008, 0x383f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x4, 0x0, 0x1, 0x93, 0x6b, 0x21, 0x0, [], [{{0x9, 0x5, 0x5, 0x3, 0x0, 0x2, 0x0, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xa}, @generic={0x4a, 0xd, "3c774f9f11209e6dd73f6eb432c3e0404105bd477cd043586f218d24a7afc78241a207c6e5cc64354c1230d4a01cb85ec00ce003dc5e8626fd535507478e3d38e8f1a19dfdc1c85d"}]}}]}}]}}]}}, 0x0)

23m54.52764035s ago: executing program 0 (id=379):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f3801040000000905830300"], 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="850000009e0000006a0a00ff000000006900c00e00000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

23m51.506585807s ago: executing program 0 (id=390):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffc, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
gettid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000000)={[{@jqfmt_vfsv0}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r4, &(0x7f0000000080), 0x208e24b)
listxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000400000000c002b80080003000e00000008000a"], 0x34}}, 0x0)

23m51.292861828s ago: executing program 0 (id=391):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000002000000020000000020000000000000000000001050000001b00000000070051070000"], &(0x7f0000000000)=""/140, 0x3a, 0x8c, 0x1, 0x0, 0x0, @void, @value}, 0x28)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r2, &(0x7f0000000100)={0x11, 0x4}, 0x14)
writev(r0, &(0x7f0000000440)=[{&(0x7f0000000040)="93d90400000300", 0x7}, {&(0x7f0000000140)="16a142522d9776", 0x7}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x40000000000011a, 0x44000)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r7=>0x0})
connect$can_bcm(r6, &(0x7f0000001ff0)={0x1d, r7}, 0x10)
sendmsg$can_raw(r6, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f000000a000)=@canfd={{0x1}, 0x2, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0x38}, 0xee}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a0000400004000000ffad6ac902837dac056097d6", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
prlimit64(r3, 0x1, 0x0, &(0x7f0000000600))
io_uring_setup(0x3033, &(0x7f00000002c0)={0x0, 0x8006f3b, 0x1, 0x3, 0x312})
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
readv(r8, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1)

23m51.165611319s ago: executing program 0 (id=394):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000000040)={0x77359400}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000000480)={@local, @random="7e4173edf6b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @rand_addr, {[@timestamp_addr={0x44, 0x4}, @cipso={0x86, 0x21, 0x0, [{0x0, 0x12, "0001632a3a835e9504005d8b00000000"}, {0x0, 0x9, "4ef661e96b4014"}]}]}}}}}}}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x11, 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000a00)=<r2=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111a300000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x2e, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_procfs(r2, &(0x7f0000000940)='fd/4\x00')
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
r5 = openat(r4, &(0x7f0000000000)='./file0\x00', 0xc00, 0x114)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000028c0), 0x180, 0x0)
open_tree(r5, &(0x7f0000002bc0)='./file0\x00', 0x80001)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r6, &(0x7f00000000c0)=""/44, 0x2c)
getdents(r6, &(0x7f0000000040)=""/44, 0x2c)
getdents64(r6, &(0x7f0000002f40)=""/4098, 0x1002)
getresgid(&(0x7f00000030c0), &(0x7f0000003100), &(0x7f0000003140))
r7 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r8, 0x0)
read$FUSE(r3, &(0x7f0000003440)={0x2020}, 0x2020)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0)
syz_usb_connect(0x0, 0x7e, &(0x7f0000000080)={{0x12, 0x1, 0x128, 0x8d, 0xbf, 0xa1, 0x40, 0x5d1, 0x9008, 0x383f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x4, 0x0, 0x1, 0x93, 0x6b, 0x21, 0x0, [], [{{0x9, 0x5, 0x5, 0x3, 0x0, 0x2, 0x0, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xa}, @generic={0x4a, 0xd, "3c774f9f11209e6dd73f6eb432c3e0404105bd477cd043586f218d24a7afc78241a207c6e5cc64354c1230d4a01cb85ec00ce003dc5e8626fd535507478e3d38e8f1a19dfdc1c85d"}]}}]}}]}}]}}, 0x0)

23m51.143028779s ago: executing program 32 (id=394):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000000040)={0x77359400}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000000480)={@local, @random="7e4173edf6b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @rand_addr, {[@timestamp_addr={0x44, 0x4}, @cipso={0x86, 0x21, 0x0, [{0x0, 0x12, "0001632a3a835e9504005d8b00000000"}, {0x0, 0x9, "4ef661e96b4014"}]}]}}}}}}}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x11, 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000a00)=<r2=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111a300000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x2e, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_procfs(r2, &(0x7f0000000940)='fd/4\x00')
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
r5 = openat(r4, &(0x7f0000000000)='./file0\x00', 0xc00, 0x114)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000028c0), 0x180, 0x0)
open_tree(r5, &(0x7f0000002bc0)='./file0\x00', 0x80001)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r6, &(0x7f00000000c0)=""/44, 0x2c)
getdents(r6, &(0x7f0000000040)=""/44, 0x2c)
getdents64(r6, &(0x7f0000002f40)=""/4098, 0x1002)
getresgid(&(0x7f00000030c0), &(0x7f0000003100), &(0x7f0000003140))
r7 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r8, 0x0)
read$FUSE(r3, &(0x7f0000003440)={0x2020}, 0x2020)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0)
syz_usb_connect(0x0, 0x7e, &(0x7f0000000080)={{0x12, 0x1, 0x128, 0x8d, 0xbf, 0xa1, 0x40, 0x5d1, 0x9008, 0x383f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x4, 0x0, 0x1, 0x93, 0x6b, 0x21, 0x0, [], [{{0x9, 0x5, 0x5, 0x3, 0x0, 0x2, 0x0, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xa}, @generic={0x4a, 0xd, "3c774f9f11209e6dd73f6eb432c3e0404105bd477cd043586f218d24a7afc78241a207c6e5cc64354c1230d4a01cb85ec00ce003dc5e8626fd535507478e3d38e8f1a19dfdc1c85d"}]}}]}}]}}]}}, 0x0)

6m38.443205751s ago: executing program 5 (id=3667):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000056, &(0x7f0000000580)={[{@delalloc}, {@nodioread_nolock}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@jqfmt_vfsv1}, {@lazytime}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x20004007b1}}, {@lazytime}, {@grpquota}, {@dax_inode}, {@user_xattr}, {@bh}, {@usrjquota}, {@minixdf}, {@norecovery}]}, 0x1, 0x54f, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ")
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000500)='scsi_dispatch_cmd_error\x00', r4}, 0xd)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDGKBSENT(r6, 0x5608, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000000000000000080005000000000008000380040003803ad65e715d961ec05781920a6926ccd31c6af1a99a1fb09f9d64f6029968110e25dd1a828b57182aa5879c8ad06c8cd6cc3bf5bb71e91bb93faef1a92be31413b39e5e6d54cd1533be010000eb9bbfe837343078172af417e99589cacd75b188d79dcbfc1a25f7f4550be15820240e3f5f84f118fbc44dc100c94ea179d606aae4b4a8f407a25784259d417bcd127f83796e157decef"], 0x3c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$TIOCGETD(r6, 0x5424, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
poll(&(0x7f0000000300)=[{r3, 0x400}, {r1, 0x2}, {r7, 0x6509}, {r5, 0x400}, {r6, 0x80}, {r1, 0x2c0}, {r3, 0x1040}, {r3, 0x10}, {r9, 0x282}], 0x9, 0x5)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f00000003c0)={0x0, &(0x7f0000000280)}, 0x10)
setsockopt$inet6_buf(r10, 0x29, 0x20, 0x0, 0x0)

6m36.454027363s ago: executing program 5 (id=3675):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)

6m36.338679663s ago: executing program 5 (id=3676):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000000)={0x10, 0x0, 0x4800}) (fail_nth: 5)

6m35.973964965s ago: executing program 5 (id=3677):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f0000000300)={[{@commit}, {@nombcache}, {@barrier}, {@norecovery}, {@norecovery}, {@delalloc}, {@nodelalloc}, {@usrquota}, {@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@nombcache}, {@init_itable}]}, 0xff, 0x551, &(0x7f0000000cc0)="$eJzs3d9vU1UcAPDv7Tp+KyMhJPpgFnkQg3Rs8wcmPuCjUSKJvmOzXRaylpK1I2ySCA/y4oshJsZIYvwDfPeR+A/4V5AoCTFk0Qdfam53ywprt9EVNuznk9xyzj23nHt67vdwbs8lDWBojWcvhYhXIuLbJOJwR1kx8sLx1eNWHl6fybYkms3P/koiyfe1j0/yPw+2M8WI376OOFl4rMqx7KW+tDxfrlTShXznRKN6ZaK+tHzqUrU8l86ll6emp8+8Mz31/nvvDqytb57/54dP73505pvjK9//cv/I7STOxqG8rLMd23CjMzMe4/lnMhpnnzhwcgCV7SbJTp8AfRnJ43w0sjHgcIzkUQ/8/30VEU1gSCXiH4ZUex7Qvrcf0H3wC+PBh6s3QOvbX1z9biT2te6NDqwkj90ZJe0vMrYpq+PXP+/czrYY3PcQAJu6cTMiTheL68e/JB//+nd6C8c8WYfxD56fu9n8561u85/Co/lPdJn/HOwSu/3YPP4L9wdQTU/Z/O+DrvPffNFqLMZG8txLrexocvFSJc3Gtpcj4kSM7s3yG63nnFm51+xV1jn/y7as/vZcMD+P+8W9j79nttwob6/Vax7cjHi16/w3edT/SZf+zz6P81us41h657VeZZu3/9lq/hzxRtf+X1vRSjZen5xoXQ8T7ativb9vHfu9V/073f6s/w9s3P6xpHO9tv70dfy079+0V1m/1/+e5PNWek++71q50ViYjNiTfLJ+/9Tae9v59vFZ+08c33j863b974+IL7bY/ltHb/U8dFv9P4BF16z9s0/V/0+fuPfxlz/23/6s/99upU7ke7Yy/m31BLfz2QEAAAAAAMBuU4iIQ5EUSo/ShUKptPp8x9E4UKjU6o2TF2uvR6us9fxDob3SfbjjeYjJ/HnYdn7qifx0RByJiO9G9rfypZlaZXanGw8AAAAAAAAAAAAAAAAAAAC7xMEe//8/88fITp8d8Mz5yW8YXpvG/yB+6QnYlfz7D8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8wvMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAADNT5c+eyrbny8PpMlp+9urQ4X7t6ajatz5eqizOlmdrCldJcrTZXSUsztepmf1+lVrsyORWL1yYaab0xUV9avlCtLV5uXLhULc+lF9LR59IqAAAAAAAAAAAAAAAAAAAAeLHUl5bny5VKuiAh0VeiuDtOQ2LAiZ0emQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgzX8BAAD//7VBN58=")
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]})
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
fgetxattr(r1, &(0x7f0000000e40)=@known='security.selinux\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000080)="f2606dc0bc521bc38ba277ea1cace658", 0x10)
ftruncate(0xffffffffffffffff, 0x20cf01)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)

6m35.905164166s ago: executing program 5 (id=3679):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000", @ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
setuid(0xee00)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x804, &(0x7f0000000480)={[{@numtail}, {@shortname_lower}, {@utf8no}, {@shortname_win95}, {@shortname_mixed}, {@uni_xlate}, {@rodir}, {@utf8no}, {@fat=@nocase}, {@fat=@codepage={'codepage', 0x3d, '737'}}, {}, {@utf8no}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@shortname_win95}, {@shortname_winnt}]}, 0x1, 0x27b, &(0x7f0000000640)="$eJzs3cFqK1UYAOB/mqRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE/gEPo8b8QV8AC93d7u43LmkM0nTyyQlvWlT7v2+TQ//+f85/5kZ2tWc/vBB//jw5Ozo4tf/otFIYm0nduIyiXasxdjvUerfJ+VxAOCRu8yyeJrl6nno/GZGbUZlde3emwMA7sX03/9V9wIAPIyvv/n2i939/b2v0rQR0f9j0Eki/5nP7x7FT9GLbmxFK55HZBP5+LPP9/eimo6046P+cNAZVfa//7u4/u7/EVf129GKdnn9dpqbqh8OOrV4p1h/pxfdL/+KVrxXXv9JSX101uPjD6f634xW/PNjnEQvDovexvW/bafpp9mfz375bhQd1SfDQac+ySuyKw/6YAAAAAAAAAAAAAAAAAAAAAAAeKNtphPtm+fvjA/+nzM/53yg4dT5PFtpmmZJnn9dX433q1Fd5d4BAAAAAAAAAAAAAAAAAADgsTg7//n4oNfrni51MP6sv2QqXtyM1CPi7mttLFoVlaK1XhKx2Fq1qF9V3p5cWXAXzVE/3dOkGst7BMkk0pye2oh8rVGkmQ+mIq+9eiOuBuO36/ggue3hNspekiUMspLXrzKzav3VSLPYQUlyc87q6+/eqeesNWMqiYja5GbOv05tuffw4X4HAQAAAAAAAAAAAAAAAAAAueuPfksmL1bQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACswPX//19gMCyKZ+VkldGgGkVkxVsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLfAyAAD//0MUZ+o=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)

6m35.789988836s ago: executing program 5 (id=3681):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r3, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xffff}, {0xfff1, 0xffff}, {0x0, 0xffe0}}}, 0x24}}, 0x4000000)
sendmsg$nl_route_sched(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

6m35.779823837s ago: executing program 33 (id=3681):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r3, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xffff}, {0xfff1, 0xffff}, {0x0, 0xffe0}}}, 0x24}}, 0x4000000)
sendmsg$nl_route_sched(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)

6m32.541036845s ago: executing program 4 (id=3695):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000007000000010001000900000001000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\bI\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000002ed0ebe5eb3be405d166ca6a00000128bd7010ffdbdf250a0000000000000004000900080001000000000008000500", @ANYRES32=0x0, @ANYBLOB="0800010000000000080001000100000004000b0008000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\n\x00\x00\x00\x00\x00'], 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

6m32.540371665s ago: executing program 4 (id=3696):
syz_mount_image$f2fs(&(0x7f0000000340), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6e6f696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6e6f657874656e745f63616368652c6a71666d743d76667376312c66617374626f6f742c757365725f78617474722c6772706a71756f74613d00233f5b2c7768696e745f6d6f64653d757365722d62617365642c6673796e635f6d6f64653d7374726963742c6e6f657874656e0c5f63616368652cba727f3e50c9f1da74722c00"], 0x21, 0x5536, &(0x7f00000010c0)="$eJzs3EtvG1UUAODjpOmbEiEW7DqoQkqk2qrTh2BXoBUP0aoqsGAFju1abmxPFDtOyIoFS8SCf4JAYsWS38CCNTvEAsQOCeS5E2gKlZDixKT5Pml85t65c+beURTpzFgO4NhazH77pRIX4kxEzEfE+Yhiv1JuhZspvBARFyNi7pGtUvb/1XEyIs5GxIVJ8pSzUh764vL40vWf3/712+9PnTj35Tc/zG7VwKy9FBH99bS/1U8x76T4sOxvjLtF7F8blzEd6K+V7TzFrfZqkWGrsTuuUcSrnTQ+X98cTuKDXqM5iZ3ug6J/fZAuOBx3dvMUJzxsbBTtVnu1iN1hXsTOTprX9k7637YzHKU8rTLfx0X6GI12Y+pvb7fTetbXitgcjMr+lDdvtbcncVzG8nLRzHutYh6r+7nT/2svvtMdbG5n4/bGsJsPsuu1+su1+o1qfSNvtUfta9VGv3XjWrbU6U2GVUftRv9mJ887vXatmfeXs6VOs1mt17OlW+3VbmOQ1eu1q7Ur1evL5d7l7I2772e9VrY0ia91B5ujbm+YPcg3snTGcrZSu/rKcnapnr1751527/7t23fuvffhrQ/uvnrnrdfLQf+YVra0cmVlpVq/Ul2pL+/vBhyp9X9aTnqK64d9qcx6AgBHj/ofmIWDq/837kccfP0f6v+pOFL173Gv/w9g/bAv6n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGPrx4Wv3ix2FlP7XNn/TNn1XNmuRMRcRPzxL+bj5J6c82WehSeMX3hsDt9VosgwucapcjsbETfL7fdnD/ouAAAAwNPr608ufp6q9fSxOOsJcZjSQ5u58x9NKV8lIhYWf5pStrnJx/NTSlb8fZ+I7SllKx5gnZ5SsvTI7cS0sv0n83vC6UdCJYW5x8+Y2moBAICZ2VsJHG4VAgAAwGH67IlH1g51HhyySuy+ytx9F1x88/7vl31nUturPwAAADi6KrOeAAAAAHDgivrf7/8BAADA0y39/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+ycy+5aQNxHID/NrjQl4qq7nuV7uAYPUKXXVYcoJfgCOQKuQBnILscIYIIj4NCRB7EY6xE3yfZgy3zmxkei5mRBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLV9VydvHv5/+2OZttO3l6AwAAAByzrpaz+sUkXX9u7n9tbn1vrouIKCPi2Nh9EB8OMgdNTvXI89WDNlxG1Am7OkbN8SkifqVjG9+6/hQAAADgXRruTqv5YppG6+k06btVtHbCd5gmbcovvzNVXURENbnOlFbu8n5kCqt/38P4mymtnsAaZwpLU27DXGkvUv/d97N243tFkYry6fdn6zsAAHBGg4PivKMQAAAAzulP3w2gCx+ffaKIu6XM/VLgKBXjgwiLfQAAAPB2FX03AAAAAOhcPf4/Zf+/6Gf/v7ix/x8AAAC8Wtr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC6tq+VsNV9M2+Zstu3k6Q0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9LCoRAEETBnPG/k77/YSVBzyBCBDQ8qqhFAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7Ny/bxtVHADwd3c+9wcgQkAeghAgBlio65aWbogBFDHwJyBFqVtCXX60GWhVIWVhQ5m7IBgRQgKFrf8AUzekVupStg4eisTCYnTnu/iSFuFS+c6NPx/p3fv64tz7vmcpyvfeJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGn47iROssPSOI6Lc7fuX1vP+tv7+syN7TsrWcvi6NU6s34ivFR9EXWaSwQAAIDFkZT1fQjhbrqzmvXxUl7/p+V7spr/u2fGcVSc21/3l31Z+2ft11/uvbA70NJ4nOyi5zYG/eMPptKa3Szn27P/+Y5WvvL5vZck/0DiD7aeH6b5ekbf3Lz5XjsPD9WRLQDwfxwr+yIofx/K+l6TiQGwMFqVwrus/5OlZnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqMNwKzxVxlEIYaU1iTO3719bf1h/Y/vOStlOX7++Xb1mdok0hHBuY9A/XuNc5t3lK1cvrA0G/Uv1By+HEJoa/Z1i+hc+muLNITSyPrMK/h6NRo/0XYdnkkaI65pyXHzYja/8ExU0+EMJAIADKS1aVtffTXdWs3PRcgij7/fW/69X4jBl/X/v49O3qmNV6//evjySmc5yvnU3L37evXzl6psbF9fO98/3P33rRO/t3skzp06d6eb3SrrumAAAAPB42kWr1v/x8oP7/0crcZiy/v/i295Xk5F+z4//Vv8vssmmX9OZAAAALLbnXvnrz+gh56N2O3y5trl5qTc+7r4+MT42kOojO1S0av2fLDedFQAAAFCH4Va0Z///bCUOU+7/P/3Diz9Vr5mEEI4U+//H1j8bnK1vOnOtjj8nbnqOAAAANOtI0ar7/2n+/H+8+8hDHEJ447VxXPwbwKnq/+T9r3+sjpVUnv8/Wd8U51LcGa9H3ndCaHX2fPm3xhIDAADgQDpctKzY/yPdWf3k56Mftj3/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFC3fwIAAP//MSFB+Q==")
lgetxattr(&(0x7f0000000080)='./file2\x00', 0x0, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'dvmrp0\x00', 0x2})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000000fbff00000000000000000c00000000000000000006a3d1"], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000b20000400000"])
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000340))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000b00)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000000000000000010000000000000008410000726f6164636173742d6c696e6b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000"], 0x68}}, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r8, 0x100, 0x70bd29, 0x25dfdbfe, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="0004002080a742c6e6a19263586af100000000"])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRES16=r10, @ANYRES16=r3, @ANYRESOCT, @ANYRESOCT=r0, @ANYRES16=r1], 0x0, 0x0, 0x0)

6m29.596718632s ago: executing program 4 (id=3704):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x7, &(0x7f00000005c0)=ANY=[@ANYBLOB="18120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000812608009701000018110000", @ANYRES32=0x1, @ANYBLOB="00e1ff00000000d67befb440e9a545a0dda23b00b7020000587883c781ef65be2c27076f94c20e8f0d35e59eb34908cf6055b8d943772ce0d607431e72c01db265bbe69e0d366a5550f8d86e4a7d9bc2f8eb51a8f406669adfb0379026049dc8526bf20aafa994e2b1ae2367eadb6e9d772961202083d7350d88707cd4d26f6192ffa19d5dcea793eff863c45f1cdaa6789e6974f0166e7c25c3ff92faf184e7ba5f183036c09460043e3307c9be902603a74b2ed113fc43587c5baf1b57840aa0ee1cc2d26e53cb1875ce0413d3c64edfc29a355e37312523a7513e8677d998ed09c48fedcbb6c088de90974b239b49b68e54089eee78", @ANYRES8], &(0x7f0000000040)='syzkaller\x00', 0x4, 0xcd, &(0x7f0000000140)=""/205, 0x40f00, 0x62, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0x8, 0x81, 0xe8}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000300)=[{0x2, 0x2, 0x1, 0x6}], 0x10, 0xffffffff, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="850000009e0000006a0a00ff000000006900c00e00000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

6m27.192871996s ago: executing program 4 (id=3712):
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3d0, &(0x7f00000004c0)="$eJzs3M1uG0UcAPD/br5I+mEjcUCFgyUQBAFxHQhQhEThyscFeAArSUuF21SNkWjJoSBOnDggbhz6Ahx4gKpCSEi8Ai+AKlUozQFuQWvvOm4cp7Fix2r6+0mjndkdZ/bv3axm1rsTwGOrEhHnI2IiIhYjopSvT/MUN9spq3d/c2N5a3NjOYnt7U/+SSLJ1xV/K8mXJ/LCfBqRfhfxzM3edtev3/ii3misXsvL1eblq9X16zdevXS5fnH14uqV2pvnarWlxbdqrw8t1p+ef+ncxPvnz/z8V+nO0vT0bLa/J/Nt3XEMSyUqne9kt6VhNzZm0+PeAQAADiTN+/6Trf5/KSZaubZSVDfGunMAAADAUGy/my8BAACAYywx9gcAAIBjrngO4P7mxnKRxvg4wpG7915ElHfebd7qxD8ZT+R1pkb4fmslIq6+kJSyFCN6DxkAoNudrP9zdq/+XxpPd9WbiWj1h2aH3H5lV7m3/5PeHXKTD8j6f+9ExFZP/y8tqpQn8tKpVldxKrlwqbF6NiJOR8R8TM1k5do+bXzw7y8f99uWxf97cup0kbL2s+VOjfTu5MyDn1mpN+uHibnbvW8izkzuFX/S6f8mETF3iDYmvr71dr9tD49/tLZvRby45/Hfmbkn2X9+omrrfKgWZ0Wv/7799aN+7Y87/uz4z+0ffznpnq9pffA2bn/+57P9tnWPfwY5/6eTT1v5Ylz2Vb3ZvFaLmE4+7F2/uPPZolzUz+Kff27v///i+pfkc1qdzK8Bg/r+h99eOUj8WcraL8aCRyGLf2Wg4z945o3bf3zWr/2Hx58d//YcYPP5moNc/w66g4f57gAAAOBRkbbuayTpQiefpgsL7fsdT8Vc2lhbb758Ye3LKyvt+x/lmEqLO12lrvuhtfbP6J3y4q7yaxHxZET8WJptlReW1xor4w4eAAAAHhMn+oz/M38f2VMIAAAAwMiVx70DAAAAwMgZ/wMAAMCxdph5/WRkZI5rZtxXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfb/wEAAP//Wt22ag==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r2 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="0701ff01b3fcff0050030000050000007101000065b2000000000000000000006344b2bf72cfb0c56aa0ac6bf1bc5c207fc11f52c40a84c06767cdac2518bcbf5fe22300c38f592729486f8557af791c71fb876ea69ef2f6f4927fb6b2fd39371ca8650cb0fe2b425779938acc90033ebaabbfcad3c11488b0df9a1aff53eda15705657d5370020d0903b82b5f25aa938d94c712622655932c2b1f11f8948b1313c96a1d211f2ee2b0ab9b93853e242b6ab3928b8eca5f94683725e4302bac19666ee5d90929af326cff45a6309c6e98c1f9795edc50be96241bf640962593ad20a656fb1a7ed14cd6b4abdd14be4f37f6bb93d42b1617380ecb28b9515737226f4900fb2c6e3227451f8e903781f3390f8cc3da398fbacd3bbe"], 0x11a)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x19, 0xf, &(0x7f0000000080)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x39}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_procfs(0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r7}, 0x10)
fsync(0xffffffffffffffff)
close_range(r3, 0xffffffffffffffff, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sched_process_fork\x00', r8}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000000000)=0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000040)=0x52, 0x4)

6m27.145566197s ago: executing program 4 (id=3713):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_emit_ethernet(0x36, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
vmsplice(r3, 0x0, 0x0, 0x0)

6m27.029862077s ago: executing program 4 (id=3714):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, 0x0, &(0x7f0000000080)}, 0x20)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
pread64(r3, &(0x7f0000000300)=""/150, 0x96, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000280)={[{@i_version}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x10, &(0x7f00000003c0)=@ringbuf={{}, {}, {}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000100)='GPL\x00', 0x2, 0x103, &(0x7f0000000140)=""/259, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket(0x18, 0x80803, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)

6m27.029587337s ago: executing program 34 (id=3714):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, 0x0, &(0x7f0000000080)}, 0x20)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
pread64(r3, &(0x7f0000000300)=""/150, 0x96, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000280)={[{@i_version}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x10, &(0x7f00000003c0)=@ringbuf={{}, {}, {}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000100)='GPL\x00', 0x2, 0x103, &(0x7f0000000140)=""/259, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket(0x18, 0x80803, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)

14.257588098s ago: executing program 1 (id=5058):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00020c00"], 0x0, 0x0, 0x0}, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff0100", @ANYRES32=0x1, @ANYBLOB="00000000544ffa0000000000000000000000000031a0946f310386385fb1cda40930fc97d59b9e4f637863de3db61ea8ff", @ANYBLOB="74c6742efc7a457bee2a586718595d2bf29d77b8fe7404f899f57e9d69a5f9293c7b8db043234f4d6d4af25da996cc7086e30866642e527d306269457e7db5eee17d16cc37a96ecdbad0e0452daccbe76cb83580f0593550153366", @ANYRES32=r0, @ANYBLOB="00000000000002000000000000000000000000000020000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003", @ANYRESDEC, @ANYRES8=r2, @ANYRES32=r2, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00'}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4, 0x0, 0x0, 0x0, 0x0, 0xc}]})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x5], 0x0, 0x202})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="0f01c8de250f20e06635000001000f22e00f20e06635000004000f22e066b9800000c00f326635010000000f3066b96a0200000f320f01ca0f30ba2000b80000efd19ace21", 0x45}], 0x1, 0x9, 0x0, 0x0)

11.837552842s ago: executing program 1 (id=5069):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01000000", @ANYRES32=0x1, @ANYBLOB="060000006cc70100000000000000000000352f2d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x10005, r0, 0x4}, 0x38)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_disconnect(r2)
syz_open_procfs$pagemap(0x0, &(0x7f0000000340))

11.375316704s ago: executing program 7 (id=5070):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01000000", @ANYRES32=0x1, @ANYBLOB="060000006cc70100000000000000000000352f2d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x10005, r0, 0x4}, 0x38)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)={0x2c, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0)
execve(0x0, 0x0, 0x0)
r4 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
syz_usb_disconnect(r4)

8.933631099s ago: executing program 1 (id=5081):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x2000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv0\x00', <r3=>0x0})
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f00000002c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0], <r5=>0x0, 0xc3, &(0x7f0000000340)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x41, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x2, 0xd, &(0x7f0000000200)=@raw=[@exit, @initr0={0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @jmp={0x5, 0x1, 0x1, 0x5, 0x6, 0x8}], &(0x7f00000000c0)='GPL\x00', 0x0, 0x83, &(0x7f0000000280)=""/131, 0x40f00, 0x20, '\x00', r3, @fallback=0x20, r4, 0x8, &(0x7f00000003c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0x8, 0x8, 0x40}, 0x10, r5, 0xffffffffffffffff, 0x6, &(0x7f0000000500)=[r0, r0, r0, r0, r0, r0, r0, r0], &(0x7f0000000540)=[{0x4, 0x5, 0xd, 0x2}, {0x2, 0x4, 0xd, 0x8}, {0x1, 0x3, 0x0, 0x3}, {0x1, 0x4, 0x6, 0xc}, {0x5, 0x2, 0xf, 0x9}, {0x5, 0x1, 0x0, 0xc}], 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, 0x0)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f00000005c0)={0x80a0000, 0x3000, 0x3, 0x0, 0xff})
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0)
syz_usb_connect$uac1(0x6, 0xb0, &(0x7f0000000980)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9e, 0x3, 0x1, 0x3, 0xa0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0xf}, [@selector_unit={0x6, 0x24, 0x5, 0x6, 0x40, 'd'}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x0, 0x22d, 0x4, "3512"}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xe, 0x42, 0x8, {0x7, 0x25, 0x1, 0x0, 0x7, 0xcf}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x9, 0x4, 0x3, "6cd6dafe8c6435"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0xef, 0x4, 0x4, 0x5, "7daf06bf569c97dc"}, @format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x0, 0x2, 0xf9, "4a7f17030f"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x5, 0x7, 0x3, {0x7, 0x25, 0x1, 0x80, 0xff, 0x353b}}}}}}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x250, 0x1, 0x17, 0xb, 0x8, 0x2}, 0x1c2, &(0x7f0000000b00)={0x5, 0xf, 0x1c2, 0x2, [@generic={0x102, 0x10, 0xb, "340a888c7f54d533d4007f04b20c163a529b8e7d35ab6b4de5c9089a3db22e2639caca85abf25b6cd462bbde1d4dec39fb6b6ead80380dc8494a4f5c60855348583a27df28c8740efc2ebee24ad462384a366e64b2f667c49c589c50e5fe3f84d9d581280897c4e3a48fd26a0bb496d648c40ae928d6641cd9f3bd6201f9182fa6dd5e4386de72c9758b201ac58aecc1d4dbec9a2be3c8713d9ed0020223e916d54b48ced234f266433198ffd65c99a24ecea8cd3420a196e82e1c42009848289f9034f155deeb449d4e0efd92251a32ba0efd6ca8cf05412178fc87f43261810fc09f714f630217895c11b6b0bf9e6abf9713df04e74ce31617f8583a2d8c"}, @generic={0xbb, 0x10, 0x1, "d693b8c87c6a79c4285d60917787d56cac7ae06fd61348a7984389b8093a477f1a1a5b1b36cf16797ad79a29eeb1d69c82d98769da98eeb4693a98658890445bcc3a0772903c6eedc3491d090005343f2587e42133cdd3a7cff78a4e2d8099e61caaccf92f4e602e96cfa383846a6c2a229508aea3ffe085abfd95b21e2ca15bb635ec10f1abf192c788905ed28a17148561b0573a7638893a27512de9566fb06cbc8256d7e02e2be19eaebf3f3308a34af70822c83c1268"}]}, 0x4, [{0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x3401}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x404}}, {0x48, &(0x7f0000000d00)=@string={0x48, 0x3, "1deacdb287fd5d2bb8e9d00183f529db71f36fc345bd4eeab33e01195259783aa2b812b25a9fd44fe0b21e49b3ae4d8c0e341090f09546c355d1cca6e6f3621d6ed61d633d30"}}, {0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x2c09}}]})

8.61959086s ago: executing program 6 (id=5082):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f3801040000000905"], 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="850000009e0000006a0a00ff000000006900c00e00000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

8.511652061s ago: executing program 3 (id=5084):
r0 = socket$xdp(0x2c, 0x3, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000340)=r1, 0x12)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x181000, 0x12)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'batadv_slave_1\x00'})
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000300)=0x1000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00'})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000003800)=@newtaction={0x488, 0x30, 0x12f, 0xffffffff, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x2107, 0xfffffffc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x6, 0x0, 0x4]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0xffffc3fd}, {}, 0x0, 0x0, 0x1000}}], []]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x0, 0x1}}}}]}]}, 0x488}}, 0x0)

8.313827312s ago: executing program 7 (id=5085):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x2000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv0\x00', <r3=>0x0})
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f00000002c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0], <r5=>0x0, 0xc3, &(0x7f0000000340)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x41, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x2, 0xd, &(0x7f0000000200)=@raw=[@exit, @initr0={0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @jmp={0x5, 0x1, 0x1, 0x5, 0x6, 0x8}], &(0x7f00000000c0)='GPL\x00', 0x0, 0x83, &(0x7f0000000280)=""/131, 0x40f00, 0x20, '\x00', r3, @fallback=0x20, r4, 0x8, &(0x7f00000003c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0x8, 0x8, 0x40}, 0x10, r5, 0xffffffffffffffff, 0x6, &(0x7f0000000500)=[r0, r0, r0, r0, r0, r0, r0, r0], &(0x7f0000000540)=[{0x4, 0x5, 0xd, 0x2}, {0x2, 0x4, 0xd, 0x8}, {0x1, 0x3, 0x0, 0x3}, {0x1, 0x4, 0x6, 0xc}, {0x5, 0x2, 0xf, 0x9}, {0x5, 0x1, 0x0, 0xc}], 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000140)={0x81, 0x0, 0x1})
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f00000005c0)={0x80a0000, 0x3000, 0x3, 0x0, 0xff})
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0)
syz_usb_connect$uac1(0x6, 0xb0, &(0x7f0000000980)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9e, 0x3, 0x1, 0x3, 0xa0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0xf}, [@selector_unit={0x6, 0x24, 0x5, 0x6, 0x40, 'd'}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x0, 0x22d, 0x4, "3512"}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xe, 0x42, 0x8, {0x7, 0x25, 0x1, 0x0, 0x7, 0xcf}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x9, 0x4, 0x3, "6cd6dafe8c6435"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0xef, 0x4, 0x4, 0x5, "7daf06bf569c97dc"}, @format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x0, 0x2, 0xf9, "4a7f17030f"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x5, 0x7, 0x3, {0x7, 0x25, 0x1, 0x80, 0xff, 0x353b}}}}}}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x250, 0x1, 0x17, 0xb, 0x8, 0x2}, 0x1c2, &(0x7f0000000b00)={0x5, 0xf, 0x1c2, 0x2, [@generic={0x102, 0x10, 0xb, "340a888c7f54d533d4007f04b20c163a529b8e7d35ab6b4de5c9089a3db22e2639caca85abf25b6cd462bbde1d4dec39fb6b6ead80380dc8494a4f5c60855348583a27df28c8740efc2ebee24ad462384a366e64b2f667c49c589c50e5fe3f84d9d581280897c4e3a48fd26a0bb496d648c40ae928d6641cd9f3bd6201f9182fa6dd5e4386de72c9758b201ac58aecc1d4dbec9a2be3c8713d9ed0020223e916d54b48ced234f266433198ffd65c99a24ecea8cd3420a196e82e1c42009848289f9034f155deeb449d4e0efd92251a32ba0efd6ca8cf05412178fc87f43261810fc09f714f630217895c11b6b0bf9e6abf9713df04e74ce31617f8583a2d8c"}, @generic={0xbb, 0x10, 0x1, "d693b8c87c6a79c4285d60917787d56cac7ae06fd61348a7984389b8093a477f1a1a5b1b36cf16797ad79a29eeb1d69c82d98769da98eeb4693a98658890445bcc3a0772903c6eedc3491d090005343f2587e42133cdd3a7cff78a4e2d8099e61caaccf92f4e602e96cfa383846a6c2a229508aea3ffe085abfd95b21e2ca15bb635ec10f1abf192c788905ed28a17148561b0573a7638893a27512de9566fb06cbc8256d7e02e2be19eaebf3f3308a34af70822c83c1268"}]}, 0x4, [{0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x3401}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x404}}, {0x48, &(0x7f0000000d00)=@string={0x48, 0x3, "1deacdb287fd5d2bb8e9d00183f529db71f36fc345bd4eeab33e01195259783aa2b812b25a9fd44fe0b21e49b3ae4d8c0e341090f09546c355d1cca6e6f3621d6ed61d633d30"}}, {0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x2c09}}]})

7.650572046s ago: executing program 3 (id=5086):
creat(&(0x7f0000001880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1d8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f0000000200)='%pK    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r1}, 0x10)
syz_clone(0x40200080, 0x0, 0x0, 0x0, 0x0, 0x0)

7.574220457s ago: executing program 3 (id=5087):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r1}, 0x10)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8)

7.082616559s ago: executing program 1 (id=5089):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
syslog(0x9, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r2, &(0x7f00000077c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, r3, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f0000009800)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a10000000000000000000000000000000000000000000000000000000000000000000000000000000093160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffff3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f400000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fff30000000000007f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff0000000000000000000000000000002000", 0x2000, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0)

6.687764061s ago: executing program 3 (id=5090):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40000000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000007000000010001000800000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000fdffffff00000200"/23], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sched_getscheduler(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
openat(0xffffffffffffff9c, 0x0, 0x20c01, 0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r7, &(0x7f0000000000)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0102}}}, 0x8)
r8 = open(0x0, 0x0, 0x15)
flock(r8, 0x2)
ioctl$GIO_CMAP(r6, 0x4b70, &(0x7f00000000c0))

6.119233435s ago: executing program 1 (id=5091):
syz_create_resource$binfmt(0x0)
r0 = gettid()
futex(&(0x7f0000000200)=0x1, 0x80000000000d, 0xf0ffffff, 0x0, 0x0, 0xf0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x0, 0x30, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x5514, &(0x7f0000005d80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f0000000080))
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x53a, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82desEeoAKSIFCQFF2400bVb00uYBQVQlRcUAcUmNvLJPdrPGuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IBixQjATSopkdu1t7XW/j9S71fj7SaObN23nf9+LMvJm39rwAxtZzEbETEdMR8UZEzBf7k2KJO50l+9yjve2l/b3tpSTa7df/nuT52b7oOibzZFHmbER846sR30mOx21ubj1YrNWq60W63KqvlZubWzdW64sr1ZXqw0rl9sLtmy/derEysLZerf9y9yurr37zN7/+9Lu/3/nyD7JqzRV53e0YpE7Tpw7jZCYj4tXzCDYCE8V6esT14PGkEfGxiPhcfv7Px0T+vxMAuMja7floz3enAYCLLs3HwJK0VIwFzEWalkqdMbxn4lJaazRb1+83Nh4ud8bKLsdUen+1Vr15ZeaP38vvGKaSLL2Q5+X5ebpyJH0rIq5ExI9nnsjTpaVGbXl0tz0AMNaePNL//2um0//3oce3egDAR8bsqCsAAAyd/h8Axo/+HwDGTx/9f/Fl/8651wUAGA7P/wAwfvT/ADB+9P8AMFa+/tpr2dLeL95/vfzm5saDxps3lqvNB6X6xlJpqbG+VlppNFbyd/bUTyuv1misLbwQG2+VW9Vmq9zc3LpXb2w8bN3L3+t9rzo1lFYBAB/kytV3/pBExM7LT+RLdM3loK+Giy0ddQWAkZkYdQWAkTHbF4yv/p/xf3eu9QBGp+fLvGd7br7fTz9EEL9nBP9Xrn2y//F/czzDxWL8H8bX443/vzLwegDDZ/wfxle7nRyd83/6MAsAuJDO8Dv+7R8O6iYEGKnTJvMeyPf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcMHMRcR3I0lLxVzgc5GmpVLEUxFxOaaS+6u16s2IeDquRsTUTJZeGHWlAYAzSv+aFPN/XZt/fu5o7nTy75l8HRHf/9nrP3lrsdVaX8j2/+Nw/8zB9GGV9447w7yCAECfnuvzc3n/XSnWXQ/yj/a2lw6W7s+nA67nUbt347/FVMRL+3vb+dLJmYzJfD2b30tc+mdSpDtzkT4bERMDiL/zdkR8olf7k3xs5HIx82l3/ChiPzXU+On74qd5Xmed3Xx9fAB1gXHzzt2IuNPr/EuLa2rv8382v0Kd3e7dTmEH1779rvgH17+JHvGTD3HN333ht187trM938l7O+LZyV7xk8P4yQnxn+8z/p8+9ZkfvXJCXvvnEdeid/zuWOVWfa3c3Ny6sVpfXKmuVB9WKrcXbt986daLlXI+Rl0+GKk+7m8vX3/6pLpl7b90QvzZnu2fPjz2C322/xf/eePbn/2A+F/6fO+f/zM943dkfeIX+4y/eOlXJ07fncVfPqH9p/38r/cZ/92/bC33+VEAYAiam1sPFmu16vqZNrKn0EGUc2wjq+JACzxl488xyALvnO3wqfP6Vz33jcnDe8XBlvytrMQhNycdeCvOtPGosxHnHmu01yXg/L130o+6JgAAAAAAAAAAAAAAwEmG8adLo24jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9f/AgAA//91qMwl")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

6.075692895s ago: executing program 2 (id=5092):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x48000000, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4c, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x3}, @TCA_FQ_TIMER_SLACK={0x8}, @TCA_FQ_TIMER_SLACK={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8}, @TCA_FQ_FLOW_PLIMIT={0x8}, @TCA_FQ_TIMER_SLACK={0x8}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8}, @TCA_FQ_QUANTUM={0x5, 0xf}]}}]}, 0x78}}, 0x0)

6.044781235s ago: executing program 2 (id=5093):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
rmdir(&(0x7f0000000280)='./file0\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r3 = syz_pidfd_open(0xffffffffffffffff, 0x0)
waitid$P_PIDFD(0x3, r3, 0x0, 0x20000000, &(0x7f0000000340))
sync()
sync()
getdents64(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)

5.556315488s ago: executing program 6 (id=5094):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000007000000010001000900000001000000", @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newtfilter={0x24, 0x11, 0x1}, 0x24}}, 0x0)

5.516352068s ago: executing program 3 (id=5095):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
keyctl$clear(0x3, 0xfffffffffffffffc)
keyctl$set_reqkey_keyring(0xe, 0x4)
request_key(&(0x7f0000000500)='asymmetric\x00', &(0x7f00000003c0)={'syz', 0x1}, &(0x7f0000000380)='\n\xe2\x93)\x00\x11\x16\x97\x82\xca\xca\x92\xfb\xadl\xb5\xe0\xff\xec\xb6\xdd\vq/\x83\xea\x17\xc0U\xf1{!\x9e$\x94\x9e\xa1\xd0?G\x10\xd4\xbe\xd8\xaaQ(\x1e\xf0\x00'/62, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000040000000300000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x1ab, 0x0, &(0x7f0000001380)="b9ff250f60441d8cb89e14f088ca1bff43052f00200063e000000d629201678d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8689edb93dc455ac4336c9cdb32af02da06fc31cb89ef77123c899b699eeaa8eaa00734611196639064000059b6d3296e8c081bce1d83920752aaf249966d40e2163c53edae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440ae001000000000000043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4a24f3e24ab0f9c162b445cf6d76156b850ce0fa3f2b4641e9f60bc1f9015ee56eb28be581ad5e91cda70e8ffa57ab8ec5d6e3723526e23fad290327cc00bdc6bc7e8fe00b73a1014ab4582a899ef29a28740b2d91f6bccc7ae49490d1109c16917000f9e7dbc845efbe93cebfcc6d0b0100412780e3225c2b3181718890523cc57e2c56506ab25fe0d7eacf4140da7e805e9000000000000000086458986d023e04fed4e18d8946fd44cebc3abe3", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x3}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r2}, 0x10)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8)

3.667467779s ago: executing program 6 (id=5096):
r0 = socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)

3.631885549s ago: executing program 2 (id=5097):
creat(&(0x7f0000001880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1d8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f0000000200)='%pK    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r1}, 0x10)
syz_clone(0x40200080, 0x0, 0x0, 0x0, 0x0, 0x0)

3.631439599s ago: executing program 3 (id=5098):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00020c00"], 0x0, 0x0, 0x0}, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB="00000000544ffa0000000000000000000000000031a0946f310386385fb1cda40930fc97d59b9e4f637863de3db61ea8ff", @ANYBLOB="74c6742efc7a457bee2a586718595d2bf29d77b8fe7404f899f57e9d69a5f9293c7b8db043234f4d6d4af25da996cc7086e30866642e527d306269457e7db5eee17d16cc37a96ecdbad0e0452daccbe76cb83580f0593550153366", @ANYRES32=r0, @ANYBLOB="00000000000002000000000000000000000000000020000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003", @ANYRESDEC, @ANYRES8=r2, @ANYRES32=r2, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00'}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4, 0x0, 0x0, 0x0, 0x0, 0xc}]})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x5], 0x0, 0x202})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="0f01c8de250f20e06635000001000f22e00f20e06635000004000f22e066b9800000c00f326635010000000f3066b96a0200000f320f01ca0f30ba2000b80000efd19ace21", 0x45}], 0x1, 0x9, 0x0, 0x0)

3.630324459s ago: executing program 6 (id=5099):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000000040)={0x77359400}, 0x10)
syz_emit_ethernet(0x5e, &(0x7f0000000480)={@local, @random="7e4173edf6b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @rand_addr, {[@cipso={0x86, 0x1d, 0x0, [{0x0, 0xe, "0001632a3a835e9504005d8b"}, {0x0, 0x9, "4ef661e96b4014"}]}]}}}}}}}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x11, 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000a00)=<r2=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111a300000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x2e, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_procfs(r2, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
r5 = openat(r4, &(0x7f0000000000)='./file0\x00', 0xc00, 0x114)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000028c0), 0x180, 0x0)
open_tree(r5, &(0x7f0000002bc0)='./file0\x00', 0x80001)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r6, &(0x7f00000000c0)=""/44, 0x2c)
getdents(r6, &(0x7f0000000040)=""/44, 0x2c)
getdents64(r6, &(0x7f0000002f40)=""/4098, 0x1002)
getresgid(&(0x7f00000030c0), &(0x7f0000003100), &(0x7f0000003140))
r7 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r8, 0x0)
read$FUSE(r3, &(0x7f0000003440)={0x2020}, 0x2020)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

3.59449068s ago: executing program 2 (id=5100):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

3.57899816s ago: executing program 2 (id=5101):
socket(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x6000)
setresuid(0x0, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000e80)=ANY=[@ANYRES32=r6, @ANYRES8=0x0, @ANYRES8=r6, @ANYRESDEC, @ANYBLOB="215aa15bf29ed2ff6f9241ff60693d298a3d41143bfc9091146111b4930c37eddcf542d641b821af229e7d8780d50b6f47fa3e5928555eb4d6d507d92b87b0b01c19c789895e02891afc082bb85a470e7f168a6aa2c2bc51a3f3a404a4a1e6e2fbad00d592df65bd2a593f488bf41dbc7ea43fe2554fbe34e4a77f606f35e445aff55aaa19f7ffffffffffffff19bd4739c80c9e6681229c48e0c6de634c35c029c4eb3b43412c95089416a3d607800000303758410658a4ec52e5b778eda9cd1bd8834e145c111690b0da927087e805000000000100008fd8b9bdfbdaa777db54127463a589ee1925c34b6459505702f3a45f285c53c1f15bab2eef6324d67ad8d7e247317d80ff3ad9120b4e2294e67de9adaab76fa991571a187cd8f7fbc49bf45d6f8dbf69ef0d765a02ad98e802b1688148a8c017e3af238f82c49bbd8ba542fbfec5693d82158e3216b95656986f9d7eec7244a27dfaf8623fc76943bf142a6159d6c622dbcac3d324d07be5a5cc88f85a857ff9d45924424d3453c969afa37d952940f3147d5af234b39c3ff742a2e5300e10ee692a32f5c3321d44eadaa8c44bf9d534b52fe758082299e04f839e529a6d0293bf12770ac948730a0c367e117137c6fd930b1f306138163b7180e111d6926255a71bd227b1d27f2897721e3bda884b0792a81134d8fbc9aafc732b15aee5c9e0a835ac17b457efa36ce1095a3196d278207846ea81172826d49b87aac6e662bb824f16b0b65fc6989395ba022bd6af2f1830375c311bdf55f15d9830564e65dc76e5b7c9a91e857dbcef3909cfd628649337de6ff04a398f4325a430467aee51d7fa12ef61bc0b67d1e18e62754d8a2b65fbb8e01450b2882a99f414220f9fb94009492270cc703569cfef8cc0d520b023ce6bf947c3f301b8320f12966a7736956fd7aba87b9ea3f90699ec8b916bf539b348d44069af48c413fe58e99f10ba139d16450158e3001d388e9fd31b105ee2a6c8810570469938f3d6e4bb63ea045bb4eebb1504d5457d4460bd7fe9344ffbfbef28fce0aef35003a99826f893acdfb4dd460c41d1e31f49e331993bf0a7825e2968ef4f735f20a92672e5921c05a8b4b2c4402e38f524856365d1cdeb179e3491b2d546f7b6a441136f4293857dc7a0f48b10a41825eb6c05e8386d021dcf4f1b19b7067f32877acccf22810db3cf4870f61f0ac08dd51993813f72f75a1dcdb5e9c01e87dbadc00220c06cd0628363dbc4a1da0482524b32c7292aedd9bfb5eed00fbdbdc59f8c2543bb6285441b966ec995b63c4a7a7cf279c59f5c385dcceacb520905098607b0b46f81ebf9ca2563fda18024314292dc02a6e226beb6b63bf8f190a4b2865a9246094cbeff3d593f42b5df77e5c875265ff15c8fbceb6f5310f07606ad5cbe38a86c06742a1ce62f890f05e23c67204612c7ab0500000034a829c8749455d880057b4665f6964f37f2e07dfb9654db40a56633f7751f15e392a9c73fe02135ff9a7dbd66292a0e91f7ceec617c3759e18dd7d6f16a3a597cf55efedbf42345aec4970686800085ffb22b09f5418a5d74620a7e30713c50d734a8e9da4c2815acec2afc37ed8c8a9c2354acba756f6a09d8e33706ccda743a624708cf9ccbc016a7b2c5302cc131ededaf8f54dbce508d1e27ddb0ac254426c25b851cfbd6ab4d9474d34cf486bfffe0a87055ebba5f14ee", @ANYRESDEC=0x0, @ANYRES8, @ANYRES32, @ANYRES8, @ANYRESOCT=r5, @ANYRESDEC=r5, @ANYRES8=r6, @ANYRES8], 0xff, 0x1f1, &(0x7f0000000900)="$eJzsmb2LE0EYxp+Z3cveHSLYWNhYeOCJ3n5F5ZorThArQThFLYO3CcFNIskKSUAk2NhYigi2/gMWFqks7OxstVBBsDClYCGMzOy4mSRuSLgigbw/yOR53/l6Z0ieLRYEQaws377++vLsyu7NCwCOYQuOzv+whmM4kEWfXz48/3zv6qs3n16/rx9/1B9fbx2AELPvvwHg3b6FREVCiMej/VuyeTGauwWOc1rfBoObyj9CkQYRGO4qZQOZBhobWsSRe68RH5arceTLJpBNKJuiuZecPegxHGZnE4IZ/a1O934pjqPmuFgT//aZ6JpXTLs/Vd8+x56OZX0cwJ2nT3oy1ncDHzy9SwABOAKti2A40HoXDlzXHV6Jcf5T9nB9a5bzL0qw3+nPQGZO7Cy+npURwlmKMmYQbDwj/9BZ5uSg/2Fy1vdlKT5fMOQ4jjIuAFnmmh7zcTOOrx9h04LecbLLMv2J2cBZw59s2Jl/eEntgdfqdHeqtVIlqkT1MCxe9i/6/qXQK1cd+J6yoyn+t678adNYf80cYDxQCqyAdilJmkEbSJpBFodpazjuwdvGTzWHK//j2D6TriEvWR3b+X89TH+4+pZq28otniAIgiAIgiAIgiAIgiAIYi5OgyF9BaJeVIkcwhtq9N8AAAD//zSFbeI=")
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000040)="660f3881ae000000c483b17e35e661c286000f08c4a2ed8c03f30f09f30fc7b5c5a40000410f01cbc4c2f9341cd50d0000000f7973d50f08", 0x38}], 0x1, 0x0, 0x0, 0x0)

2.790221924s ago: executing program 7 (id=5102):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
syslog(0x9, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r1, &(0x7f00000077c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r2, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000009800)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a10000000000000000000000000000000000000000000000000000000000000000000000000000000093160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffff3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f400000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fff30000000000007f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff0000000000000000000000000000002000", 0x2000, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0)

2.301131647s ago: executing program 6 (id=5103):
socket(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
setresuid(0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003740)={0x2020}, 0x2020)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000040)="660f3881ae000000c483b17e35e661c286000f08c4a2ed8c03f30f09f30fc7b5c5a40000410f01cbc4c2f9341cd50d0000000f7973d50f08", 0x38}], 0x1, 0x0, 0x0, 0x0)

1.309385333s ago: executing program 2 (id=5104):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00020c00"], 0x0, 0x0, 0x0}, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB="00000000544ffa0000000000000000000000000031a0946f310386385fb1cda40930fc97d59b9e4f637863de3db61ea8ff", @ANYBLOB="74c6742efc7a457bee2a586718595d2bf29d77b8fe7404f899f57e9d69a5f9293c7b8db043234f4d6d4af25da996cc7086e30866642e527d306269457e7db5eee17d16cc37a96ecdbad0e0452daccbe76cb83580f0593550153366", @ANYRES32=r0, @ANYBLOB="00000000000002000000000000000000000000000020000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003", @ANYRESDEC, @ANYRES8=r2, @ANYRES32=r2, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00'}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4, 0x0, 0x0, 0x0, 0x0, 0xc}]})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x5], 0x0, 0x202})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="0f01c8de250f20e06635000001000f22e00f20e06635000004000f22e066b9800000c00f326635010000000f3066b96a0200000f320f01ca0f30ba2000b80000efd19ace21", 0x45}], 0x1, 0x9, 0x0, 0x0)

1.308926043s ago: executing program 1 (id=5105):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f3801040000000905"], 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="850000009e0000006a0a00ff000000006900c00e00000000950000000000000018100000", @ANYRES32, @ANYBLOB="0000000000000000050000000000000095000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.308478093s ago: executing program 7 (id=5106):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000007000000010001000900000001000000", @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newtfilter={0x24, 0x11, 0x1}, 0x24}}, 0x0)

1.278032173s ago: executing program 7 (id=5107):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
rmdir(&(0x7f0000000280)='./file0\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r3 = syz_pidfd_open(0xffffffffffffffff, 0x0)
waitid$P_PIDFD(0x3, r3, 0x0, 0x20000000, &(0x7f0000000340))
sync()
sync()
getdents64(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)

362.581429ms ago: executing program 6 (id=5108):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000"], 0x80}}, 0x0)
fcntl$dupfd(r3, 0x0, 0xffffffffffffffff)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r5, 0x0, 0x0)
ioctl$int_in(r5, 0x5421, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0x4d8, r7, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x48c, 0x8, 0x0, 0x1, [{0x17c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x108, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x2, @mcast2, 0x6}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0x54, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x2b8, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "7b4326167f79726ecfae0aeee91d38ba98df91957e9dead91c7bebb4db027bf1"}, @WGPEER_A_ALLOWEDIPS={0x8c, 0x9, 0x0, 0x1, [{0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0x4}, {0x4}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0xf}, @WGPEER_A_FLAGS={0x8, 0x3, 0x4}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x7, @empty, 0x3}}, @WGPEER_A_ALLOWEDIPS={0x1b0, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x2c}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}]}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x4d8}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

0s ago: executing program 7 (id=5109):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
keyctl$clear(0x3, 0xfffffffffffffffc)
keyctl$set_reqkey_keyring(0xe, 0x4)
request_key(&(0x7f0000000500)='asymmetric\x00', &(0x7f00000003c0)={'syz', 0x1}, &(0x7f0000000380)='\n\xe2\x93)\x00\x11\x16\x97\x82\xca\xca\x92\xfb\xadl\xb5\xe0\xff\xec\xb6\xdd\vq/\x83\xea\x17\xc0U\xf1{!\x9e$\x94\x9e\xa1\xd0?G\x10\xd4\xbe\xd8\xaaQ(\x1e\xf0\x00'/62, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000040000000300000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x1ab, 0x0, &(0x7f0000001380)="b9ff250f60441d8cb89e14f088ca1bff43052f00200063e000000d629201678d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8689edb93dc455ac4336c9cdb32af02da06fc31cb89ef77123c899b699eeaa8eaa00734611196639064000059b6d3296e8c081bce1d83920752aaf249966d40e2163c53edae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440ae001000000000000043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4a24f3e24ab0f9c162b445cf6d76156b850ce0fa3f2b4641e9f60bc1f9015ee56eb28be581ad5e91cda70e8ffa57ab8ec5d6e3723526e23fad290327cc00bdc6bc7e8fe00b73a1014ab4582a899ef29a28740b2d91f6bccc7ae49490d1109c16917000f9e7dbc845efbe93cebfcc6d0b0100412780e3225c2b3181718890523cc57e2c56506ab25fe0d7eacf4140da7e805e9000000000000000086458986d023e04fed4e18d8946fd44cebc3abe3", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x3}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r2}, 0x10)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8)

kernel console output (not intermixed with test programs):

mit 110
[ 1349.400342][  T311] syz_tun: tun_net_xmit 110
[ 1349.404830][T10134] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1350.192168][T18198] loop6: detected capacity change from 0 to 256
[ 1350.198965][T18198] exfat: Bad value for 'uid'
[ 1350.724295][T10134] usb 3-1: Using ep0 maxpacket: 8
[ 1351.091970][T10134] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1351.100610][T10134] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1351.119527][T10134] usb 3-1: config 179 has no interface number 0
[ 1351.127589][T10134] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1351.140477][T10134] usb 3-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1351.155207][T10134] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1351.165746][T10134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1351.201080][  T311] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1351.471770][  T311] usb 7-1: Using ep0 maxpacket: 8
[ 1351.505494][T15256] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1352.013316][ T6200] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1352.051208][  T311] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1352.087434][  T311] usb 7-1: config 179 has no interface number 0
[ 1352.118922][  T311] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1352.165178][  T311] usb 7-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1352.175965][  T311] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1352.189521][  T311] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1352.198771][  T311] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1352.251041][T15256] usb 2-1: device descriptor read/64, error -71
[ 1352.681087][T15256] usb 2-1: device descriptor read/64, error -71
[ 1352.950990][T15256] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 1353.048329][ T8910] usb 3-1: USB disconnect, device number 101
[ 1353.261059][T15256] usb 2-1: device descriptor read/64, error -71
[ 1353.650993][T15256] usb 2-1: device descriptor read/64, error -71
[ 1353.771078][T15256] usb usb2-port1: attempt power cycle
[ 1353.796248][  T423] usb 7-1: USB disconnect, device number 26
[ 1354.155311][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1354.258134][T18241] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1354.345453][  T380] Bluetooth: hci0: command 0x1003 tx timeout
[ 1354.373180][T18239] loop6: detected capacity change from 0 to 256
[ 1354.379583][T18239] exfat: Bad value for 'uid'
[ 1354.407022][T18245] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4451'.
[ 1354.416238][ T1268] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1355.378162][T18267] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4460'.
[ 1355.594909][T18272] loop6: detected capacity change from 0 to 256
[ 1355.602977][T18272] exfat: Bad value for 'uid'
[ 1355.850996][T15256] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 1356.430984][T15256] usb 2-1: Using ep0 maxpacket: 8
[ 1356.525879][  T314] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1356.551840][  T314] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1356.701005][T15256] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1356.709321][T15256] usb 2-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1356.719474][T15256] usb 2-1: config 179 has no interface number 0
[ 1356.725560][T15256] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1356.735495][T15256] usb 2-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1356.748514][T15256] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1356.757326][T15256] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1356.766842][T18290] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1356.961003][T10134] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1357.201009][T10134] usb 3-1: Using ep0 maxpacket: 8
[ 1357.321007][T10134] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1357.329267][T10134] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1357.339353][T10134] usb 3-1: config 179 has no interface number 0
[ 1357.345426][T10134] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1357.355282][T10134] usb 3-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1357.368180][T10134] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1357.377031][T10134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1358.522327][T15256] usb 2-1: USB disconnect, device number 123
[ 1358.602810][  T380] Bluetooth: hci0: command 0x1003 tx timeout
[ 1358.613606][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1359.977105][T18318] loop7: detected capacity change from 0 to 256
[ 1359.984974][T18318] exfat: Bad value for 'uid'
[ 1360.214020][T18320] loop6: detected capacity change from 0 to 1024
[ 1360.247095][T18320] ext4: Bad value for 'max_dir_size_kb'
[ 1360.611572][T18329] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1360.824739][T15256] usb 3-1: USB disconnect, device number 102
[ 1360.970968][ T8910] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 1363.021786][  T311] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1363.151038][ T8910] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1363.170963][ T8910] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1363.189518][ T8910] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1363.244953][ T8910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1363.800417][  T311] usb 7-1: Using ep0 maxpacket: 8
[ 1363.938770][ T8910] usb 2-1: can't set config #17, error -71
[ 1364.219897][  T311] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1364.238201][  T311] usb 7-1: config 179 has no interface number 0
[ 1364.302830][ T8910] usb 2-1: USB disconnect, device number 124
[ 1364.338800][  T311] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1364.353641][  T311] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1364.889009][  T311] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1364.899055][  T311] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1364.912428][  T311] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1364.922506][  T311] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1365.320142][  T311] usb 7-1: USB disconnect, device number 27
[ 1366.867468][T18408] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4498'.
[ 1367.069138][T18414] loop7: detected capacity change from 0 to 16
[ 1367.077973][T18414] erofs: Unknown parameter '˙˙˙˙'
[ 1368.493258][T18421] syz.1.4501[18421] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1368.493332][T18421] syz.1.4501[18421] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1368.506398][T18423] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4502'.
[ 1369.457637][T18433] loop6: detected capacity change from 0 to 256
[ 1370.175782][T18442] loop6: detected capacity change from 0 to 512
[ 1370.183935][T18442] EXT4-fs: quotafile must be on filesystem root
[ 1370.247819][ T1268] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1371.074198][T18448] syz.2.4509[18448] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1371.074274][T18448] syz.2.4509[18448] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1371.183749][T18448] netlink: 300 bytes leftover after parsing attributes in process `syz.2.4509'.
[ 1371.220983][  T311] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 1371.566468][  T311] usb 2-1: Using ep0 maxpacket: 8
[ 1371.648906][T18461] loop6: detected capacity change from 0 to 40427
[ 1371.658480][T18461] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1371.691054][  T311] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1371.699369][  T311] usb 2-1: config 179 has no interface number 0
[ 1371.701157][T18461] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1371.705720][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1371.723789][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1371.736092][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1371.746119][  T311] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1371.759466][  T311] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1371.768427][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1371.846250][T15381] syz-executor: attempt to access beyond end of device
[ 1371.846250][T15381] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1371.942636][T18470] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4514'.
[ 1373.440600][T18483] syz.3.4518[18483] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1373.568288][T18489] netlink: 300 bytes leftover after parsing attributes in process `syz.3.4518'.
[ 1373.803394][T18491] loop6: detected capacity change from 0 to 256
[ 1373.815998][T18491] exfat: Bad value for 'uid'
[ 1374.111685][  T423] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1374.651159][T15256] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1374.692213][T18501] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1374.719976][  T423] usb 3-1: Using ep0 maxpacket: 16
[ 1375.347543][  T311] usb 2-1: USB disconnect, device number 125
[ 1375.405634][T15256] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1375.418383][T15256] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1375.430177][T15256] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1375.439304][T15256] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1375.452511][T18513] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4526'.
[ 1375.491003][  T423] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1375.504148][  T423] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1375.538711][T18517] sch_fq: defrate 0 ignored.
[ 1375.550093][T18496] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22
[ 1375.560429][  T423] r8152-cfgselector 3-1: config 0 descriptor??
[ 1375.581024][  T423] r8152-cfgselector 3-1: can't set config #0, error -71
[ 1376.341012][  T423] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1376.347615][  T423] r8152-cfgselector 3-1: USB disconnect, device number 103
[ 1376.694645][T18533] syz.7.4530[18533] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1376.701055][T15256] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[ 1376.746222][T15256] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input18
[ 1376.760272][T18539] netlink: 300 bytes leftover after parsing attributes in process `syz.7.4530'.
[ 1376.792714][T15256] usb 7-1: USB disconnect, device number 28
[ 1377.081041][  T311] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 1377.320971][  T311] usb 2-1: Using ep0 maxpacket: 8
[ 1377.351010][  T423] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1377.441049][  T311] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1377.450026][  T311] usb 2-1: config 179 has no interface number 0
[ 1377.506925][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1377.529135][T18554] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4539'.
[ 1377.551276][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1377.562783][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1377.572877][  T311] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1377.586007][  T311] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1377.595669][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1377.713852][  T423] usb 3-1: device descriptor read/64, error -71
[ 1378.253783][T12016] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1378.446896][T12016] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1378.481038][  T423] usb 3-1: device descriptor read/64, error -71
[ 1379.701834][T18583] loop6: detected capacity change from 0 to 16
[ 1379.709995][T18583] erofs: Unknown parameter '˙˙˙˙'
[ 1379.731135][  T423] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 1380.290736][  T380] Bluetooth: hci0: command 0x1003 tx timeout
[ 1380.336464][T18589] syz.2.4549[18589] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1380.340520][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1380.893335][T18590] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4548'.
[ 1380.910085][T18591] netlink: 300 bytes leftover after parsing attributes in process `syz.2.4549'.
[ 1380.995186][  T311] usb 2-1: USB disconnect, device number 126
[ 1381.102198][T18597] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4550'.
[ 1382.149288][T18609] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1382.179742][T18603] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4553'.
[ 1383.715394][T18636] loop6: detected capacity change from 0 to 2048
[ 1383.733084][T18636] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1384.690965][  T423] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 1384.850957][ T3048] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 1384.875831][T15381] EXT4-fs (loop6): unmounting filesystem.
[ 1384.894412][T18653] 9pnet_fd: Insufficient options for proto=fd
[ 1384.937055][  T423] usb 3-1: Using ep0 maxpacket: 8
[ 1385.061236][  T423] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1385.069567][  T423] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1385.079681][  T423] usb 3-1: config 179 has no interface number 0
[ 1385.085740][  T423] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1385.095487][  T423] usb 3-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1385.108378][  T423] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1385.110951][ T3048] usb 2-1: Using ep0 maxpacket: 16
[ 1385.117238][  T423] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1385.310994][T15256] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[ 1385.441014][ T3048] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1385.453476][ T3048] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1385.461683][ T3048] usb 2-1: Product: syz
[ 1385.465912][ T3048] usb 2-1: Manufacturer: syz
[ 1385.470383][ T3048] usb 2-1: SerialNumber: syz
[ 1385.480759][ T3048] r8152-cfgselector 2-1: config 0 descriptor??
[ 1385.561086][T15256] usb 4-1: Using ep0 maxpacket: 8
[ 1385.630513][T18664] loop6: detected capacity change from 0 to 512
[ 1385.642147][T18664] EXT4-fs: quotafile must be on filesystem root
[ 1385.681360][T10932] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1385.701016][T15256] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1385.709128][T15256] usb 4-1: config 179 has no interface number 0
[ 1385.715429][T15256] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1385.727506][T15256] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1385.738712][T15256] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1385.749085][T15256] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1385.762145][T15256] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1385.770975][T15256] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1385.875725][ T3048] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1385.901029][ T3048] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1385.907208][ T3048] r8152-cfgselector 2-1: bad CDC descriptors
[ 1385.930987][ T3048] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1385.939756][ T3048] r8152-cfgselector 2-1: USB disconnect, device number 127
[ 1386.256677][T18674] loop7: detected capacity change from 0 to 2048
[ 1386.274740][T18674] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[ 1386.783621][ T3048] usb 3-1: USB disconnect, device number 106
[ 1386.914439][T18692] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1387.107653][T15511] EXT4-fs (loop7): unmounting filesystem.
[ 1387.403833][ T8910] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1389.224076][ T3048] usb 4-1: USB disconnect, device number 101
[ 1389.228963][ T8910] usb 7-1: Using ep0 maxpacket: 16
[ 1389.251046][T18716] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1389.263148][   T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1389.263335][T18718] loop7: detected capacity change from 0 to 512
[ 1389.276398][T18718] EXT4-fs: quotafile must be on filesystem root
[ 1389.423409][T18725] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4585'.
[ 1389.666839][T18730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4584'.
[ 1389.785448][ T8910] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1389.794410][ T8910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1389.802163][ T8910] usb 7-1: Product: syz
[ 1389.806130][ T8910] usb 7-1: Manufacturer: syz
[ 1389.810563][ T8910] usb 7-1: SerialNumber: syz
[ 1389.822503][ T8910] r8152-cfgselector 7-1: config 0 descriptor??
[ 1389.841017][ T8910] r8152-cfgselector 7-1: can't set config #0, error -71
[ 1389.861003][ T8910] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1389.867576][ T8910] r8152-cfgselector 7-1: USB disconnect, device number 29
[ 1389.937072][ T3048] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 1390.200991][ T3048] usb 4-1: Using ep0 maxpacket: 8
[ 1390.391029][ T3048] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1390.399250][ T3048] usb 4-1: config 179 has no interface number 0
[ 1390.405370][ T3048] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1390.416509][ T3048] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1390.427613][ T3048] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1390.438090][ T3048] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1390.451471][ T3048] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1390.460481][ T3048] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1390.493671][T18739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4588'.
[ 1390.992352][T18743] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4589'.
[ 1391.199151][T12016] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1391.208604][T12016] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1391.241051][T16559] Bluetooth: hci0: command 0x1003 tx timeout
[ 1391.246942][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1391.583276][T12016] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1391.732832][T12016] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1392.374420][T18760] fuse: Unknown parameter '˙˙˙˙0177777777777777777777701777777777777777777777˙˙'
[ 1392.484550][T18765] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1392.826400][T18773] tipc: Started in network mode
[ 1392.831412][T18773] tipc: Node identity 4, cluster identity 4711
[ 1392.837482][T18773] tipc: Node number set to 4
[ 1392.928690][T18781] loop6: detected capacity change from 0 to 512
[ 1392.935583][T18781] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[ 1392.947490][T18781] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2808: Unable to expand inode 15. Delete some EAs or run e2fsck.
[ 1392.960536][T18781] EXT4-fs (loop6): 1 truncate cleaned up
[ 1392.966309][T18781] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1392.996631][T18781] sch_fq: defrate 0 ignored.
[ 1393.007889][T15381] EXT4-fs (loop6): unmounting filesystem.
[ 1393.160928][  T380] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1393.362143][T18530] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1393.371605][ T3048] usb 4-1: USB disconnect, device number 102
[ 1393.383227][T18530] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1393.428121][T18793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4603'.
[ 1393.561009][ T5671] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1394.009745][T18796] fuse: Unknown parameter '˙˙˙˙0177777777777777777777701777777777777777777777˙˙'
[ 1394.042829][T18807] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1394.129730][T18813] tipc: Started in network mode
[ 1394.134960][T18813] tipc: Node identity 4, cluster identity 4711
[ 1394.141256][T18813] tipc: Node number set to 4
[ 1394.155506][T18805] loop7: detected capacity change from 0 to 40427
[ 1394.176758][T18805] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1394.223835][T18805] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[ 1394.434218][T15511] syz-executor: attempt to access beyond end of device
[ 1394.434218][T15511] loop7: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[ 1394.573637][ T3048] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 1394.597346][T16417] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1394.767494][T18831] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1395.616194][   T45] Bluetooth: hci2: command 0x1003 tx timeout
[ 1395.858443][T18832] loop7: detected capacity change from 0 to 256
[ 1395.871171][T18832] exfat: Bad value for 'uid'
[ 1396.531033][  T380] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1396.551760][ T1268] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1396.602655][ T5671] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1396.608897][  T380] Bluetooth: hci0: command 0x1003 tx timeout
[ 1396.841923][ T3048] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1397.018470][ T3048] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1397.054362][T18849] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1397.062535][ T3048] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1397.138658][ T3048] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1397.161030][T18822] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1397.173084][T18843] loop6: detected capacity change from 0 to 40427
[ 1397.181140][T18843] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[ 1397.188149][T18843] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1397.244286][T18843] F2FS-fs (loop6): invalid crc value
[ 1397.398581][T18843] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1397.617906][T18843] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 1397.624997][T18843] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1397.697338][T18871] F2FS-fs (loop6): Corrupted max_depth of 3: 8449
[ 1397.705918][ T3048] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[ 1397.714338][ T3048] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input19
[ 1397.730208][ T3048] usb 3-1: USB disconnect, device number 107
[ 1398.103367][T18872] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1398.401204][T10134] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1398.547474][T11959] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1398.577328][T11959] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1398.584510][ T3048] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 1399.340376][T18890] loop7: detected capacity change from 0 to 256
[ 1399.347016][T18890] exfat: Bad value for 'uid'
[ 1400.440987][ T5671] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1400.447086][T16559] Bluetooth: hci0: command 0x1003 tx timeout
[ 1400.521087][T18896] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4630'.
[ 1400.651403][T18900] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1400.971189][T10134] usb 4-1: Using ep0 maxpacket: 32
[ 1401.111356][ T3048] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1401.171052][ T3048] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1401.286757][ T3048] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1401.295771][ T3048] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1401.303711][T10134] usb 4-1: unable to read config index 0 descriptor/all
[ 1401.314823][T10134] usb 4-1: can't read configurations, error -71
[ 1401.667185][T18912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4635'.
[ 1401.968252][ T3048] usb 3-1: can't set config #17, error -71
[ 1401.977273][ T3048] usb 3-1: USB disconnect, device number 108
[ 1402.003763][T18914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4636'.
[ 1402.491754][T18921] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4637'.
[ 1403.403827][T18929] loop6: detected capacity change from 0 to 256
[ 1403.810589][T18935] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1403.831331][  T298] syz_tun: tun_net_xmit 110
[ 1404.503414][T16417] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1404.543422][T16417] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1404.550518][  T420] syz_tun: tun_net_xmit 110
[ 1406.351062][T18968] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4649'.
[ 1406.440974][ T5671] Bluetooth: hci0: command 0x1003 tx timeout
[ 1406.451415][  T380] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1406.763213][T18977] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4650'.
[ 1407.772890][T18987] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4651'.
[ 1408.298883][T18995] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1408.328857][ T8910] syz_tun: tun_net_xmit 110
[ 1408.394640][ T8910] syz_tun: tun_net_xmit 110
[ 1408.492978][T19000] loop7: detected capacity change from 0 to 16
[ 1408.499274][T19000] erofs: Unknown parameter '˙˙˙˙'
[ 1409.482928][T10134] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 1409.753590][  T351] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1409.889581][  T311] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 1409.971104][ T3048] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1410.171335][  T311] usb 3-1: Using ep0 maxpacket: 16
[ 1410.191344][T10134] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1410.203204][T10134] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1410.214912][T10134] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1410.224109][T10134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1410.261124][ T3048] usb 7-1: Using ep0 maxpacket: 8
[ 1410.261140][T18993] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1410.391085][ T3048] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1410.399234][ T3048] usb 7-1: config 179 has no interface number 0
[ 1410.405307][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1410.416350][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1410.427330][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1410.437212][ T3048] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1410.450328][ T3048] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1410.459235][ T3048] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1410.511140][  T311] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1410.521586][  T311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1410.529405][  T311] usb 3-1: Product: syz
[ 1410.533470][  T311] usb 3-1: Manufacturer: syz
[ 1410.537821][  T311] usb 3-1: SerialNumber: syz
[ 1410.543163][  T311] r8152-cfgselector 3-1: config 0 descriptor??
[ 1410.797274][T10134] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[ 1410.810542][T10134] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input20
[ 1410.819606][  T311] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1410.829010][T10134] usb 4-1: USB disconnect, device number 105
[ 1410.835613][T19022] loop7: detected capacity change from 0 to 512
[ 1410.841876][  T311] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1410.847993][  T311] r8152-cfgselector 3-1: bad CDC descriptors
[ 1410.901541][  T311] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1411.007639][  T311] r8152-cfgselector 3-1: USB disconnect, device number 109
[ 1411.022782][T19022] EXT4-fs: quotafile must be on filesystem root
[ 1411.061323][  T351] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1411.181480][T19026] loop7: detected capacity change from 0 to 2048
[ 1411.201841][T19026]  loop7: p2 < > p4
[ 1411.206059][T19026] loop7: p4 size 8192 extends beyond EOD, truncated
[ 1411.278052][   T28] audit: type=1400 audit(1732400621.843:638): avc:  denied  { mounton } for  pid=19025 comm="syz.7.4664" path="/195/file0" dev="tmpfs" ino=1081 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=lnk_file permissive=1
[ 1411.577268][T19037] loop7: detected capacity change from 0 to 256
[ 1411.728310][T19041] syz.3.4670[19041] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1411.728526][T19041] syz.3.4670[19041] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1411.800984][T16559] Bluetooth: hci0: command 0x1003 tx timeout
[ 1411.801061][  T380] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1412.241157][T19051] netlink: 180 bytes leftover after parsing attributes in process `syz.7.4673'.
[ 1412.321031][T10134] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1412.591003][T10134] usb 2-1: Using ep0 maxpacket: 8
[ 1412.731232][T10134] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1412.747263][T10134] usb 2-1: config 179 has no interface number 0
[ 1412.782635][T10134] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1412.793730][T10134] usb 2-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1412.860133][T10134] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1412.927065][T10134] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1412.936476][T10134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1412.945003][T19067] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4679'.
[ 1412.976062][T19069] syz.7.4680[19069] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1413.027516][T19070] netlink: 300 bytes leftover after parsing attributes in process `syz.7.4680'.
[ 1413.080995][  T380] Bluetooth: hci1: command 0x1003 tx timeout
[ 1413.081007][ T5671] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1413.113636][T10134] usb 7-1: USB disconnect, device number 30
[ 1413.261941][  T311] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 1413.271908][T19075] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4682'.
[ 1413.437523][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1413.641689][T19083] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4684'.
[ 1413.671457][T10134] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1413.740977][  T311] usb 4-1: Using ep0 maxpacket: 8
[ 1413.820425][T19086] 9pnet_fd: Insufficient options for proto=fd
[ 1413.901048][  T311] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1413.909240][  T311] usb 4-1: config 179 has no interface number 0
[ 1413.915278][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1413.926102][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1413.937052][T10134] usb 7-1: Using ep0 maxpacket: 8
[ 1413.941915][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1413.951709][  T311] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1413.964778][  T311] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1413.973584][  T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1414.061066][T10134] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1414.069225][T10134] usb 7-1: config 179 has no interface number 0
[ 1414.075768][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1414.086708][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1414.097706][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1414.107660][T10134] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1414.121056][T10134] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1414.129956][T10134] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1415.781963][T16559] Bluetooth: hci0: command 0x1003 tx timeout
[ 1415.811084][ T5671] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1415.932857][ T9548] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1415.967239][T19101] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1415.969524][T19103] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4690'.
[ 1416.925522][T10134] usb 2-1: USB disconnect, device number 2
[ 1416.946924][T19109] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4691'.
[ 1417.272969][T19114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4693'.
[ 1417.503508][  T311] usb 4-1: USB disconnect, device number 106
[ 1417.810957][T16559] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1417.902633][ T3048] usb 7-1: USB disconnect, device number 31
[ 1417.909307][T19121] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4694'.
[ 1417.925394][T19122] sch_fq: defrate 0 ignored.
[ 1419.456757][T10134] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 1419.700952][T10134] usb 2-1: Using ep0 maxpacket: 8
[ 1419.701495][T19152] loop7: detected capacity change from 0 to 40427
[ 1419.715024][T19152] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1419.749809][T19152] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[ 1419.761081][ T3048] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1419.770959][  T298] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 1419.851007][T10134] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1419.859185][T10134] usb 2-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1419.869313][T10134] usb 2-1: config 179 has no interface number 0
[ 1419.875405][T10134] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1419.885203][T10134] usb 2-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1419.898310][T10134] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1419.907209][  T311] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[ 1419.914680][T10134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1420.011046][  T298] usb 3-1: Using ep0 maxpacket: 16
[ 1420.030937][ T3048] usb 7-1: Using ep0 maxpacket: 8
[ 1420.161215][  T311] usb 4-1: Using ep0 maxpacket: 8
[ 1420.214982][ T3048] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1420.223121][ T3048] usb 7-1: config 179 has no interface number 0
[ 1420.229613][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1420.240671][ T3048] usb 7-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1420.251326][ T3048] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1420.264538][ T3048] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1420.273728][ T3048] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1420.311063][  T298] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1420.311105][  T311] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1420.320168][  T298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1420.328265][  T311] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1420.336997][  T298] usb 3-1: Product: syz
[ 1420.348111][  T311] usb 4-1: config 179 has no interface number 0
[ 1420.356250][  T311] usb 4-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1420.367164][  T311] usb 4-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1420.467735][  T311] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1420.508597][  T298] usb 3-1: Manufacturer: syz
[ 1420.513943][  T298] usb 3-1: SerialNumber: syz
[ 1420.522604][T15511] syz-executor: attempt to access beyond end of device
[ 1420.522604][T15511] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1420.542325][  T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1420.542554][  T298] r8152-cfgselector 3-1: config 0 descriptor??
[ 1420.779114][T11959] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1420.937164][T19169] loop7: detected capacity change from 0 to 256
[ 1420.944989][T19169] exfat: Bad value for 'uid'
[ 1421.152039][  T298] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1421.170975][  T298] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1421.177244][  T298] r8152-cfgselector 3-1: bad CDC descriptors
[ 1421.201019][  T298] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1421.212147][  T298] r8152-cfgselector 3-1: USB disconnect, device number 110
[ 1421.228151][ T1265] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1421.331140][T11959] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1421.353461][T11959] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1421.580426][  T298] usb 2-1: USB disconnect, device number 3
[ 1421.751410][T19178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4710'.
[ 1422.014543][T19184] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4712'.
[ 1422.140360][  T298] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 1422.380943][  T298] usb 2-1: Using ep0 maxpacket: 8
[ 1422.501043][  T298] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1422.509206][  T298] usb 2-1: config 179 has no interface number 0
[ 1422.515294][  T298] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1422.526170][  T298] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1422.537292][  T298] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1422.547060][  T298] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1422.560093][  T298] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1422.569062][  T298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1423.437411][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 1423.437588][T16559] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1423.443501][  T380] Bluetooth: hci1: command 0x1003 tx timeout
[ 1423.443542][ T5671] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1423.489633][  T311] usb 7-1: USB disconnect, device number 32
[ 1423.497215][  T298] usb 4-1: USB disconnect, device number 107
[ 1424.402771][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1424.534576][T19205] loop6: detected capacity change from 0 to 256
[ 1424.545984][T19205] exfat: Bad value for 'uid'
[ 1425.801037][  T298] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[ 1426.161291][  T298] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1426.172925][  T298] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1426.186401][  T298] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1426.331476][  T298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1426.361206][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 1426.367226][T16559] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1426.416860][ T8910] usb 2-1: USB disconnect, device number 4
[ 1426.433328][T19227] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4722'.
[ 1426.461051][T19215] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1426.570447][T19234] sch_fq: defrate 0 ignored.
[ 1426.593362][T19236] syz.2.4726[19236] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1426.631295][  T311] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[ 1426.746992][T19237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4723'.
[ 1426.825665][T19238] netlink: 300 bytes leftover after parsing attributes in process `syz.2.4726'.
[ 1426.980948][  T311] usb 7-1: Using ep0 maxpacket: 16
[ 1427.100987][  T298] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[ 1427.108370][  T298] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input21
[ 1427.120056][  T298] usb 4-1: USB disconnect, device number 108
[ 1427.311102][  T311] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1427.320152][  T311] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1427.328245][  T311] usb 7-1: Product: syz
[ 1427.332558][  T311] usb 7-1: Manufacturer: syz
[ 1427.362519][  T311] usb 7-1: SerialNumber: syz
[ 1427.371504][T19240] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4727'.
[ 1427.372829][  T311] r8152-cfgselector 7-1: config 0 descriptor??
[ 1427.651029][  T311] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1427.680992][ T3048] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1427.688474][  T311] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1427.694702][  T311] r8152-cfgselector 7-1: bad CDC descriptors
[ 1427.721039][  T311] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1427.727879][  T311] r8152-cfgselector 7-1: USB disconnect, device number 33
[ 1428.141165][ T3048] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1428.154236][ T3048] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1428.163664][ T3048] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1428.231828][ T3048] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1428.508831][T19255] loop7: detected capacity change from 0 to 256
[ 1428.518156][T19255] exfat: Bad value for 'uid'
[ 1428.797728][T19260] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4734'.
[ 1428.799774][T10134] usb 2-1: USB disconnect, device number 5
[ 1428.903027][ T3048] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1429.071109][  T423] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 1429.591533][T19269] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4736'.
[ 1430.361008][  T423] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1430.372191][  T423] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1430.383581][  T423] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1430.392627][  T423] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1430.421014][T19261] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1430.543896][ T3048] usb 7-1: Using ep0 maxpacket: 8
[ 1430.555522][T19274] sch_fq: defrate 0 ignored.
[ 1430.560075][T19273] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4737'.
[ 1430.589323][T19276] sch_fq: defrate 0 ignored.
[ 1430.721033][ T3048] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1430.722202][T19284] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1430.729350][ T3048] usb 7-1: config 179 has no interface number 0
[ 1430.752796][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1430.763738][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1430.774652][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1430.784454][ T3048] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1430.797491][ T3048] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1430.806343][ T3048] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1430.881016][  T423] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[ 1430.889065][  T423] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input23
[ 1430.898086][ T8910] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1430.907016][  T423] usb 3-1: USB disconnect, device number 111
[ 1431.140982][ T8910] usb 2-1: Using ep0 maxpacket: 32
[ 1431.344094][   T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1431.381041][ T8910] usb 2-1: config 4 has an invalid interface number: 128 but max is 0
[ 1431.389268][ T8910] usb 2-1: config 4 has no interface number 0
[ 1431.395276][ T8910] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1431.406222][ T8910] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1431.442048][ T8910] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1431.451049][ T8910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1431.492768][ T8910] hub 2-1:4.128: USB hub found
[ 1432.123889][T19290] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4743'.
[ 1432.363473][ T8910] hub 2-1:4.128: config failed, hub doesn't have any ports! (err -19)
[ 1432.413370][ T8910] usb 2-1: USB disconnect, device number 6
[ 1432.426809][T19298] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4745'.
[ 1432.451322][T19300] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1433.230754][T19309] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4748'.
[ 1433.320919][T16559] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1433.320981][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 1433.548569][  T311] usb 7-1: USB disconnect, device number 34
[ 1433.689116][T19318] sch_fq: defrate 0 ignored.
[ 1433.709785][T19320] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1434.224489][ T3048] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[ 1436.170990][T10134] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1436.176725][T19346] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4757'.
[ 1436.220927][ T3048] usb 4-1: Using ep0 maxpacket: 8
[ 1436.229636][T19350] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4760'.
[ 1436.371192][ T3048] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1436.390566][ T3048] usb 4-1: config 179 has no interface number 0
[ 1436.441061][T10134] usb 7-1: Using ep0 maxpacket: 8
[ 1436.491356][  T311] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1436.503456][ T3048] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1436.515336][ T3048] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1436.526658][ T3048] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1436.537309][ T3048] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1436.550450][ T3048] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1436.559526][ T3048] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1436.570999][T10134] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1436.579214][T10134] usb 7-1: config 179 has no interface number 0
[ 1436.585379][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1436.596314][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1436.609009][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1436.614361][  T423] usb 4-1: USB disconnect, device number 109
[ 1436.620155][T10134] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1436.645954][T10134] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1436.655001][T10134] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1436.880987][  T311] usb 2-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[ 1436.892157][  T311] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1436.909358][  T311] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1436.976615][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1436.990095][T19360] sch_fq: defrate 0 ignored.
[ 1437.040983][  T423] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[ 1437.213222][T19364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4764'.
[ 1437.432309][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1437.438611][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1437.523776][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1437.591275][  T311] usb 2-1: string descriptor 0 read error: -71
[ 1437.618312][  T311] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1437.627778][  T311] usb 2-1: USB disconnect, device number 7
[ 1437.710950][  T423] usb 4-1: Using ep0 maxpacket: 32
[ 1437.831008][  T423] usb 4-1: config 4 has an invalid interface number: 128 but max is 0
[ 1437.843420][  T423] usb 4-1: config 4 has no interface number 0
[ 1437.849409][  T423] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1437.860346][  T423] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1437.870161][  T423] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1437.879029][  T423] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1437.925768][  T423] hub 4-1:4.128: USB hub found
[ 1438.286452][  T423] hub 4-1:4.128: config failed, hub doesn't have any ports! (err -19)
[ 1438.521053][  T423] usb 4-1: USB disconnect, device number 110
[ 1438.561012][  T311] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 1438.757536][T19375] tipc: Started in network mode
[ 1438.762337][T19375] tipc: Node identity 4, cluster identity 4711
[ 1438.768323][T19375] tipc: Node number set to 4
[ 1438.820941][  T311] usb 2-1: Using ep0 maxpacket: 8
[ 1438.925130][T19382] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4770'.
[ 1438.961012][  T311] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1438.969245][  T311] usb 2-1: config 179 has no interface number 0
[ 1438.975638][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1438.986849][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1438.998230][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1439.008339][  T311] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1439.021698][  T311] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1439.030630][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1439.220971][T10134] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[ 1439.411090][  T311] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[ 1439.517003][T16559] Bluetooth: hci0: command 0x1003 tx timeout
[ 1439.517034][ T5671] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1439.681199][ T3048] usb 7-1: USB disconnect, device number 35
[ 1439.697691][T10134] usb 4-1: Using ep0 maxpacket: 8
[ 1439.841106][  T311] usb 3-1: Using ep0 maxpacket: 8
[ 1439.853765][T19399] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4776'.
[ 1440.000292][T10134] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1440.009185][T10134] usb 4-1: config 179 has no interface number 0
[ 1440.016494][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1440.028760][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1440.041547][  T311] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1440.077341][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1440.097136][  T311] usb 3-1: config 179 has no interface number 0
[ 1440.103671][  T311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1440.115087][T10134] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1440.139367][  T311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1440.149540][T19402] loop7: detected capacity change from 0 to 1024
[ 1440.151122][T10134] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1440.156996][T19402] ext4: Bad value for 'max_dir_size_kb'
[ 1440.176521][  T311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1440.258727][T10134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1440.266667][  T311] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1440.280246][  T311] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1440.289589][  T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1440.725619][T19406] loop6: detected capacity change from 0 to 2048
[ 1440.758477][T19406] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1441.473062][T16417] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1441.479707][  T311] usb 2-1: USB disconnect, device number 8
[ 1442.010921][  T311] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 1442.100051][T15381] EXT4-fs (loop6): unmounting filesystem.
[ 1442.551105][  T311] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1442.562226][  T311] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1442.573247][  T311] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1442.582264][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1442.620997][T19424] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1442.818304][ T3048] usb 3-1: USB disconnect, device number 112
[ 1442.987470][T19436] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1443.012944][T19438] 9pnet_fd: Insufficient options for proto=fd
[ 1443.091001][  T311] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[ 1443.099416][  T311] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input25
[ 1443.110992][  T311] usb 2-1: USB disconnect, device number 9
[ 1443.480942][T16559] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1443.480989][ T5671] Bluetooth: hci0: command 0x1003 tx timeout
[ 1443.511331][  T311] usb 4-1: USB disconnect, device number 111
[ 1444.090954][ T3048] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1444.320945][T10134] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[ 1444.511043][ T3048] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1444.522581][ T3048] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1444.533921][ T3048] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1444.543041][ T3048] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1444.571295][T19445] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1444.623877][T10134] usb 3-1: Using ep0 maxpacket: 8
[ 1444.781394][T10134] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1444.818048][T10134] usb 3-1: config 179 has no interface number 0
[ 1444.839904][T10134] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1444.865721][T10134] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1444.877941][T10134] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1444.889149][T10134] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1444.920954][T10134] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1444.937897][T10134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1445.121152][ T3048] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[ 1445.168521][ T3048] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input26
[ 1445.199937][T19469] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4796'.
[ 1445.358796][ T3048] usb 7-1: USB disconnect, device number 36
[ 1445.364582][    C1] aiptek 7-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[ 1446.025496][T19482] 9pnet_fd: Insufficient options for proto=fd
[ 1446.770965][T10134] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 1447.221264][ T3048] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[ 1447.251561][T10134] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1447.280856][T10134] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1447.295759][T10134] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1447.302724][ T8910] usb 3-1: USB disconnect, device number 113
[ 1447.304993][T10134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1447.351037][T19488] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1447.490980][ T3048] usb 7-1: Using ep0 maxpacket: 32
[ 1447.621041][ T3048] usb 7-1: config 4 has an invalid interface number: 128 but max is 0
[ 1447.629156][ T3048] usb 7-1: config 4 has no interface number 0
[ 1447.635091][ T3048] usb 7-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1447.645915][ T3048] usb 7-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1447.656316][ T3048] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1447.665395][ T3048] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1447.731068][ T3048] hub 7-1:4.128: USB hub found
[ 1447.831038][T10134] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[ 1447.838839][T10134] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input27
[ 1447.973902][T10134] usb 4-1: USB disconnect, device number 112
[ 1448.021614][ T3048] hub 7-1:4.128: config failed, hub doesn't have any ports! (err -19)
[ 1448.407180][  T311] usb 7-1: USB disconnect, device number 37
[ 1448.678695][T19513] loop7: detected capacity change from 0 to 40427
[ 1448.699275][T19513] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1448.748440][T19513] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[ 1448.950081][T19529] netlink: 180 bytes leftover after parsing attributes in process `syz.3.4811'.
[ 1449.659972][T19533] 9pnet_fd: Insufficient options for proto=fd
[ 1449.768976][T15511] syz-executor: attempt to access beyond end of device
[ 1449.768976][T15511] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1450.020961][ T8910] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 1450.110969][T10134] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[ 1450.260935][ T8910] usb 4-1: Using ep0 maxpacket: 32
[ 1450.300973][ T3048] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 1450.350990][T10134] usb 7-1: Using ep0 maxpacket: 8
[ 1450.381025][ T8910] usb 4-1: config 4 has an invalid interface number: 128 but max is 0
[ 1450.389120][ T8910] usb 4-1: config 4 has no interface number 0
[ 1450.395437][ T8910] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1450.406706][ T8910] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1450.416957][ T8910] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1450.426113][ T8910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1450.471533][ T8910] hub 4-1:4.128: USB hub found
[ 1450.501247][T10134] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1450.509620][T10134] usb 7-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1450.520566][T10134] usb 7-1: config 179 has no interface number 0
[ 1450.526752][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1450.536936][T10134] usb 7-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1450.581126][ T3048] usb 2-1: Using ep0 maxpacket: 8
[ 1450.586501][T10134] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1450.595634][T10134] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1450.691022][ T8910] hub 4-1:4.128: config failed, hub doesn't have any ports! (err -19)
[ 1450.731080][ T3048] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1450.741431][ T3048] usb 2-1: config 179 has no interface number 0
[ 1450.747737][ T3048] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1450.758660][ T3048] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1450.769635][ T3048] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1450.779497][ T3048] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1450.792539][ T3048] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1450.801346][ T3048] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1451.011059][ T3048] usb 4-1: USB disconnect, device number 113
[ 1451.513731][T19559] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4821'.
[ 1452.472562][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1452.585657][T19570] sch_fq: defrate 0 ignored.
[ 1453.076427][  T311] usb 7-1: USB disconnect, device number 38
[ 1453.117101][ T8910] usb 2-1: USB disconnect, device number 10
[ 1453.196295][T19583] loop7: detected capacity change from 0 to 1024
[ 1453.221784][T19583] ext4: Bad value for 'max_dir_size_kb'
[ 1454.201379][T19592] 9pnet_fd: Insufficient options for proto=fd
[ 1454.621092][T16559] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1455.132260][T19605] sch_fq: defrate 0 ignored.
[ 1455.202284][T19615] syz.2.4839[19615] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1455.254355][T19617] netlink: 300 bytes leftover after parsing attributes in process `syz.2.4839'.
[ 1455.522466][T19618] netlink: 180 bytes leftover after parsing attributes in process `syz.1.4837'.
[ 1455.546850][  T311] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[ 1455.862750][  T311] usb 7-1: Using ep0 maxpacket: 8
[ 1456.221157][  T311] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1456.234786][  T311] usb 7-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1456.245147][  T311] usb 7-1: config 179 has no interface number 0
[ 1456.251376][  T311] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1456.261342][  T311] usb 7-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1456.275334][  T311] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1456.287721][  T311] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1457.852682][T19648] sch_fq: defrate 0 ignored.
[ 1457.995034][T19655] 9pnet_fd: Insufficient options for proto=fd
[ 1458.810901][ T3048] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 1458.825367][  T311] usb 7-1: USB disconnect, device number 39
[ 1459.051037][ T3048] usb 2-1: Using ep0 maxpacket: 8
[ 1459.190987][ T3048] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1459.199081][ T3048] usb 2-1: config 179 has no interface number 0
[ 1459.205179][ T3048] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1459.216001][ T3048] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1459.226956][ T3048] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1459.236775][ T3048] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1459.250161][  T311] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[ 1459.257820][ T3048] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1459.266731][ T3048] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1459.500949][  T311] usb 7-1: Using ep0 maxpacket: 8
[ 1460.234842][  T311] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1460.250507][  T311] usb 7-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1460.287934][  T311] usb 7-1: config 179 has no interface number 0
[ 1460.329950][  T311] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1460.347094][  T311] usb 7-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1460.369001][  T311] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1460.378331][  T311] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1460.388284][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1460.662152][T19687] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4858'.
[ 1460.960951][  T311] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[ 1461.220939][  T311] usb 4-1: Using ep0 maxpacket: 8
[ 1461.352283][  T311] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1461.362194][  T311] usb 4-1: config 179 has no interface number 0
[ 1461.368346][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1461.379403][  T311] usb 4-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1461.390206][  T311] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1461.405178][  T311] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1461.414005][  T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1461.600976][ T3048] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[ 1461.839062][  T351] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1461.883593][ T3048] usb 3-1: Using ep0 maxpacket: 8
[ 1462.021056][ T3048] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1462.029207][ T3048] usb 3-1: config 179 has no interface number 0
[ 1462.035532][ T3048] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1462.046443][ T3048] usb 3-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1462.057018][ T3048] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1462.070035][ T3048] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1462.078883][ T3048] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1462.186252][ T3048] usb 7-1: USB disconnect, device number 40
[ 1462.290940][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1462.297067][ T5671] Bluetooth: hci0: command 0x1003 tx timeout
[ 1462.311747][  T311] usb 2-1: USB disconnect, device number 11
[ 1463.263697][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1463.880950][T16559] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1463.880974][ T5671] Bluetooth: hci1: command 0x1003 tx timeout
[ 1463.900943][ T8910] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[ 1463.915804][  T311] usb 4-1: USB disconnect, device number 114
[ 1464.160984][ T8910] usb 7-1: Using ep0 maxpacket: 16
[ 1464.321051][  T311] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 1464.471289][ T8910] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1464.480247][ T8910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1464.488014][ T8910] usb 7-1: Product: syz
[ 1464.492023][ T8910] usb 7-1: Manufacturer: syz
[ 1464.496794][ T8910] usb 7-1: SerialNumber: syz
[ 1464.571623][T19729] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4870'.
[ 1464.591030][ T3048] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1464.701318][  T311] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1464.713347][  T311] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1464.726628][  T311] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1464.736968][  T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1464.742814][ T8910] r8152-cfgselector 7-1: config 0 descriptor??
[ 1464.771126][T19722] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1464.951108][ T3048] usb 2-1: config 17 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[ 1464.961710][ T3048] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1464.970465][ T3048] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1464.991047][T19725] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[ 1465.011969][ T3048] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1465.021836][ T8910] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1465.050983][ T8910] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1465.057202][ T8910] r8152-cfgselector 7-1: bad CDC descriptors
[ 1465.090968][ T8910] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1465.098675][ T8910] r8152-cfgselector 7-1: USB disconnect, device number 41
[ 1465.216559][ T3048] usb 2-1: USB disconnect, device number 12
[ 1465.231126][  T311] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[ 1465.245562][  T311] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input28
[ 1465.318975][  T311] usb 4-1: USB disconnect, device number 115
[ 1465.324939][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1465.330910][    C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[ 1465.363880][T10134] usb 3-1: USB disconnect, device number 114
[ 1465.375726][T19734] syz.2.4872[19734] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1465.495977][T19737] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4871'.
[ 1465.531464][T19738] netlink: 300 bytes leftover after parsing attributes in process `syz.2.4872'.
[ 1465.825211][T19748] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4876'.
[ 1465.906683][T19749] netlink: 180 bytes leftover after parsing attributes in process `syz.6.4874'.
[ 1467.373270][T19769] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4881'.
[ 1467.518256][T19768] netlink: 180 bytes leftover after parsing attributes in process `syz.7.4879'.
[ 1467.564488][  T311] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[ 1467.916344][  T423] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[ 1468.050957][  T311] usb 3-1: Using ep0 maxpacket: 8
[ 1468.093795][T19778] netlink: 180 bytes leftover after parsing attributes in process `syz.6.4882'.
[ 1468.191162][  T311] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1468.215913][  T311] usb 3-1: config 179 has no interface number 0
[ 1468.309902][  T311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1468.330195][  T311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1468.351833][  T311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1468.361829][  T311] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1468.375059][  T311] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1468.383944][  T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1468.496670][T19783] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4885'.
[ 1468.715028][  T423] usb 4-1: Using ep0 maxpacket: 8
[ 1469.003020][T19789] loop6: detected capacity change from 0 to 16
[ 1469.015681][T19789] erofs: Unknown parameter '˙˙˙˙'
[ 1469.032090][T12701] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1469.157323][  T423] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1469.172283][  T423] usb 4-1: config 179 has no interface number 0
[ 1469.178556][  T423] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1469.189638][  T423] usb 4-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1469.200361][  T423] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1469.275705][T12701] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1469.295247][  T423] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1469.435577][  T423] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1469.598400][T19794] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4888'.
[ 1470.249887][  T423] usb 4-1: can't set config #179, error -71
[ 1470.259315][  T423] usb 4-1: USB disconnect, device number 116
[ 1470.522326][T19807] loop6: detected capacity change from 0 to 16
[ 1470.529887][T19807] erofs: Unknown parameter '˙˙˙˙'
[ 1470.801052][  T423] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[ 1470.920922][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 1471.497315][T19812] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4892'.
[ 1471.710997][T16559] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1471.894221][  T311] usb 3-1: USB disconnect, device number 115
[ 1471.976367][T19818] syz.7.4894[19818] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1472.629356][T19829] netlink: 300 bytes leftover after parsing attributes in process `syz.7.4894'.
[ 1473.601781][T19837] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4896'.
[ 1474.319791][T19839] netlink: 180 bytes leftover after parsing attributes in process `syz.7.4897'.
[ 1474.627455][T19835] loop6: detected capacity change from 0 to 2048
[ 1474.655090][T19847] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4902'.
[ 1474.664044][  T423] usb 4-1: unable to read config index 0 descriptor/all
[ 1474.670823][  T423] usb 4-1: can't read configurations, error -71
[ 1474.706467][T19835] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1475.122282][T19856] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4901'.
[ 1475.200989][  T311] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[ 1475.281008][T10134] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 1475.450923][  T311] usb 3-1: Using ep0 maxpacket: 8
[ 1475.531062][T10134] usb 2-1: Using ep0 maxpacket: 8
[ 1475.559858][T19862] sch_fq: defrate 0 ignored.
[ 1475.571120][  T311] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1475.607016][  T311] usb 3-1: config 179 has no interface number 0
[ 1475.616283][T19867] syz.7.4907[19867] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1475.616601][  T311] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1475.651002][T10134] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1475.681444][T19869] netlink: 300 bytes leftover after parsing attributes in process `syz.7.4907'.
[ 1475.717026][T10134] usb 2-1: config 179 has no interface number 0
[ 1475.723334][T10134] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1475.734278][T10134] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1475.745193][  T311] usb 3-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1475.755754][T10134] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1475.765946][  T311] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1475.779193][T10134] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1475.792450][  T311] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1475.810442][  T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1475.819979][T10134] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1476.005025][T10134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1476.174190][T15381] EXT4-fs (loop6): unmounting filesystem.
[ 1477.024094][T19876] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4909'.
[ 1477.292336][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1477.332869][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1477.427243][ T8910] usb 2-1: USB disconnect, device number 13
[ 1478.791870][T19902] loop6: detected capacity change from 0 to 256
[ 1478.799895][T19902] exfat: Bad value for 'uid'
[ 1478.949733][ T1268] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1478.959453][T10134] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[ 1479.231209][T10134] usb 4-1: Using ep0 maxpacket: 8
[ 1479.320936][T16559] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1479.321871][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 1479.341682][  T311] usb 3-1: USB disconnect, device number 116
[ 1479.351184][T10134] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1479.359561][T10134] usb 4-1: config 179 has no interface number 0
[ 1479.365739][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1479.376921][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1479.387974][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1479.397834][T10134] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1479.410992][T10134] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1479.442158][T19908] sch_fq: defrate 0 ignored.
[ 1479.474882][T10134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1479.594089][T19915] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1480.132547][T19924] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4921'.
[ 1480.445539][T19927] syz.6.4922[19927] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1480.522434][T19931] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4924'.
[ 1480.549480][T19932] netlink: 300 bytes leftover after parsing attributes in process `syz.6.4922'.
[ 1481.666881][  T311] usb 4-1: USB disconnect, device number 119
[ 1482.324848][T19949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4926'.
[ 1482.344702][T19952] sch_fq: defrate 0 ignored.
[ 1483.324882][T19965] syz.2.4933[19965] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1483.332623][T19948] loop6: detected capacity change from 0 to 40427
[ 1483.353924][T19948] F2FS-fs (loop6): Found nat_bits in checkpoint
[ 1483.376424][T19969] netlink: 300 bytes leftover after parsing attributes in process `syz.2.4933'.
[ 1483.397588][T19971] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4934'.
[ 1483.408478][T19948] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1483.570937][  T311] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1483.578880][T15381] syz-executor: attempt to access beyond end of device
[ 1483.578880][T15381] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1483.704650][T19976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4935'.
[ 1483.999433][  T311] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1484.014880][  T311] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1484.026231][  T311] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1484.035133][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1484.060971][T19963] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1484.160628][T12701] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1484.200355][T12701] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1484.341210][T19986] syz.3.4938[19986] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1484.395190][T19987] netlink: 300 bytes leftover after parsing attributes in process `syz.3.4938'.
[ 1484.481127][  T311] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[ 1484.525681][  T311] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input30
[ 1484.649660][  T311] usb 2-1: USB disconnect, device number 14
[ 1484.831087][T19992] loop7: detected capacity change from 0 to 40427
[ 1484.840571][T19992] F2FS-fs (loop7): Found nat_bits in checkpoint
[ 1484.876317][T19992] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[ 1484.977410][T15511] syz-executor: attempt to access beyond end of device
[ 1484.977410][T15511] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1485.131485][T20002] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1485.332712][ T9548] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1485.344426][ T9548] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1485.640974][  T311] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[ 1485.880971][  T311] usb 4-1: Using ep0 maxpacket: 8
[ 1486.001155][  T311] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1486.009246][  T311] usb 4-1: config 179 has no interface number 0
[ 1486.015493][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1486.026306][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1486.037217][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1486.047022][  T311] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1486.060065][  T311] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1486.068896][  T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1486.200942][ T3395] Bluetooth: hci0: command 0x1003 tx timeout
[ 1486.200942][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1486.435456][T20018] loop6: detected capacity change from 0 to 256
[ 1486.441867][T20018] exfat: Bad value for 'uid'
[ 1487.111056][  T423] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[ 1487.401019][T16559] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1487.763102][T12701] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1487.910928][T15256] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[ 1487.940996][  T423] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1487.952157][  T423] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1487.963324][  T423] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1487.972245][  T423] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1488.011017][T20026] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[ 1488.150919][T15256] usb 3-1: Using ep0 maxpacket: 8
[ 1488.405854][T20038] netlink: 180 bytes leftover after parsing attributes in process `syz.7.4950'.
[ 1488.636454][T15256] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1488.644686][T15256] usb 3-1: config 179 has no interface number 0
[ 1488.650779][T15256] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1488.651039][  T423] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[ 1488.661676][T15256] usb 3-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1488.661704][T15256] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1488.676774][  T423] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input31
[ 1488.679146][T15256] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1488.693476][T16559] Bluetooth: hci0: command 0x1003 tx timeout
[ 1488.702133][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1488.718678][  T423] usb 7-1: USB disconnect, device number 42
[ 1488.722006][    C0] aiptek 7-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[ 1488.734022][T15256] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1488.762265][T10134] usb 4-1: USB disconnect, device number 120
[ 1489.495688][T18530] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1489.502382][T18530] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1489.531004][T10134] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 1489.616781][T20051] syz.6.4953[20051] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1489.668487][T20052] netlink: 300 bytes leftover after parsing attributes in process `syz.6.4953'.
[ 1489.780926][T10134] usb 4-1: Using ep0 maxpacket: 16
[ 1489.800928][T16559] Bluetooth: hci1: command 0x1003 tx timeout
[ 1489.800944][ T3395] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1490.427141][   T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1490.468510][   T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1490.531340][T10134] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1490.540533][T10134] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1490.548222][T20063] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4956'.
[ 1490.557762][T10134] usb 4-1: Product: syz
[ 1490.562969][T10134] usb 4-1: Manufacturer: syz
[ 1490.567517][T10134] usb 4-1: SerialNumber: syz
[ 1490.572954][T10134] r8152-cfgselector 4-1: config 0 descriptor??
[ 1491.025110][T20068] netlink: 180 bytes leftover after parsing attributes in process `syz.6.4957'.
[ 1491.245176][T10134] r8152-cfgselector 4-1: Unknown version 0x0000
[ 1491.301010][T10134] r8152-cfgselector 4-1: Unknown version 0x0000
[ 1491.307998][T10134] r8152-cfgselector 4-1: bad CDC descriptors
[ 1491.330958][T10134] r8152-cfgselector 4-1: Unknown version 0x0000
[ 1491.337972][T10134] r8152-cfgselector 4-1: USB disconnect, device number 121
[ 1491.480974][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1491.548879][T15256] usb 3-1: USB disconnect, device number 117
[ 1491.621147][  T311] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[ 1491.782524][   T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1491.970927][  T311] usb 2-1: Using ep0 maxpacket: 8
[ 1492.071398][T15256] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[ 1492.091149][  T311] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1492.099425][  T311] usb 2-1: config 179 has no interface number 0
[ 1492.106108][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1492.117466][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1492.128978][  T311] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1492.139372][  T311] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1492.155275][  T311] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1492.165101][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1492.440932][ T3395] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1492.446919][   T45] Bluetooth: hci1: command 0x1003 tx timeout
[ 1492.502488][T20093] syz.7.4966[20093] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1492.531048][T15256] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1492.553965][T15256] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1492.554606][T20094] netlink: 300 bytes leftover after parsing attributes in process `syz.7.4966'.
[ 1492.574131][T15256] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1492.583084][T15256] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1492.649962][   T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1492.661509][T20081] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1493.146608][T15256] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[ 1493.246661][T15256] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input32
[ 1493.582427][T15256] usb 3-1: USB disconnect, device number 118
[ 1493.591409][    C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[ 1494.276470][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 1494.292148][ T5671] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1494.883379][T20115] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4971'.
[ 1496.292061][T20116] loop7: detected capacity change from 0 to 16
[ 1496.298329][T20116] erofs: Unknown parameter '˙˙˙˙'
[ 1496.655071][ T3395] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1496.655120][ T5671] Bluetooth: hci1: command 0x1003 tx timeout
[ 1496.993752][  T311] usb 2-1: USB disconnect, device number 15
[ 1497.190988][ T3048] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1497.280939][T10134] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 1497.420966][  T311] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1497.431031][ T3048] usb 7-1: Using ep0 maxpacket: 8
[ 1497.520923][T10134] usb 4-1: Using ep0 maxpacket: 8
[ 1497.550986][ T3048] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1497.559155][ T3048] usb 7-1: config 179 has no interface number 0
[ 1497.570438][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1497.581785][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1497.588804][T20132] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[ 1497.593390][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1497.610631][ T3048] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1497.624623][ T3048] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1497.633709][ T3048] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1497.641840][T10134] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1497.650113][T10134] usb 4-1: config 179 has no interface number 0
[ 1497.657616][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1497.668809][T10134] usb 4-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1497.680081][ T3048] usb 7-1: can't set config #179, error -71
[ 1497.687279][ T3048] usb 7-1: USB disconnect, device number 43
[ 1497.693273][T10134] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1497.707689][T10134] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1497.716793][T10134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1497.801023][  T311] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1497.812349][  T311] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1497.823653][  T311] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1497.832688][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1497.860976][T20121] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1498.135096][  T311] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[ 1498.146863][  T311] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input33
[ 1498.156440][ T3048] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 1498.174287][  T311] usb 2-1: USB disconnect, device number 16
[ 1498.180882][    C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[ 1498.211328][T10134] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[ 1498.234815][T18530] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1498.471013][T10134] usb 3-1: Using ep0 maxpacket: 8
[ 1498.551015][ T3048] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1498.562204][ T3048] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1498.573312][ T3048] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1498.582170][ T3048] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1498.601002][T20135] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1498.601008][T10134] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1498.601032][T10134] usb 3-1: config 179 has no interface number 0
[ 1498.622792][T10134] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1498.633703][T10134] usb 3-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1498.644284][T10134] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1498.657622][T10134] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1498.714458][T10134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1499.101502][ T3048] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[ 1499.109094][ T3048] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input34
[ 1499.120027][ T3048] usb 7-1: USB disconnect, device number 44
[ 1499.291870][ T9548] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1500.160928][ T3048] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1500.200968][ T3395] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1500.227256][  T311] usb 4-1: USB disconnect, device number 122
[ 1500.430930][ T3048] usb 7-1: Using ep0 maxpacket: 8
[ 1500.569083][ T3048] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1500.577249][ T3048] usb 7-1: config 179 has no interface number 0
[ 1500.583690][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1500.594792][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1500.605978][ T3048] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1500.615977][ T3048] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1500.629098][ T3048] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1500.638006][ T3048] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1500.650937][  T311] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[ 1500.890959][  T311] usb 4-1: Using ep0 maxpacket: 8
[ 1501.061101][  T311] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1501.069620][  T311] usb 4-1: config 179 has no interface number 0
[ 1501.075972][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1501.087361][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1501.195778][ T9548] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1501.218912][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1501.228847][  T311] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1501.241851][  T311] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1501.250662][  T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1501.320938][ T5671] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1501.347664][  T311] usb 3-1: USB disconnect, device number 119
[ 1501.573576][T20177] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4988'.
[ 1501.991341][ T3048] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1502.066237][ T9548] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1502.072632][ T9548] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1502.360982][ T3048] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1502.372131][ T3048] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1502.383233][ T3048] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1502.392068][ T3048] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1502.421025][T20176] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[ 1502.880996][ T3048] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[ 1502.888403][ T3048] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input35
[ 1502.907495][ T3048] usb 2-1: USB disconnect, device number 17
[ 1503.286431][ T3395] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1503.496720][T20191] netlink: 180 bytes leftover after parsing attributes in process `syz.7.4992'.
[ 1503.980572][T16559] Bluetooth: hci0: command 0x1003 tx timeout
[ 1503.989129][  T351] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1504.021475][ T8910] usb 7-1: USB disconnect, device number 45
[ 1504.041200][ T3395] Bluetooth: hci1: command 0x1003 tx timeout
[ 1504.041258][ T5671] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1504.083882][  T311] usb 4-1: USB disconnect, device number 123
[ 1504.496179][T18530] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1504.530973][  T311] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 1504.650947][ T8910] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1504.770904][  T311] usb 4-1: Using ep0 maxpacket: 8
[ 1504.890963][  T311] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1504.899178][  T311] usb 4-1: config 179 has no interface number 0
[ 1504.905291][  T311] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1504.916116][  T311] usb 4-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1504.920952][ T8910] usb 7-1: Using ep0 maxpacket: 16
[ 1504.926642][  T311] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1504.944574][  T311] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1504.953436][  T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1505.241053][ T8910] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1505.250123][ T8910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1505.262276][ T8910] usb 7-1: Product: syz
[ 1505.266326][ T8910] usb 7-1: Manufacturer: syz
[ 1505.270722][ T8910] usb 7-1: SerialNumber: syz
[ 1505.275750][ T8910] r8152-cfgselector 7-1: config 0 descriptor??
[ 1505.320939][   T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1506.054630][T12701] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1506.062275][ T8910] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1506.090974][ T8910] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1506.097293][ T8910] r8152-cfgselector 7-1: bad CDC descriptors
[ 1506.121183][ T8910] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1506.134624][ T8910] r8152-cfgselector 7-1: USB disconnect, device number 46
[ 1506.521725][ T5671] Bluetooth: hci0: command 0x1003 tx timeout
[ 1506.531026][ T3066] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1506.870936][  T423] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1507.501020][T20229] loop7: detected capacity change from 0 to 16
[ 1507.507451][T20229] erofs: Unknown parameter '˙˙˙˙'
[ 1507.551325][  T423] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1507.715899][  T423] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1507.936554][  T423] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1508.030521][  T423] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1508.160412][ T3066] Bluetooth: hci1: command 0x1003 tx timeout
[ 1508.170944][   T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1509.121448][T20215] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1509.169309][ T3048] usb 4-1: USB disconnect, device number 124
[ 1509.533373][T10134] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1509.717989][T20248] netlink: 180 bytes leftover after parsing attributes in process `syz.7.5006'.
[ 1510.525051][T20252] syz.2.5008[20252] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1510.525144][T20252] syz.2.5008[20252] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1510.570939][  T423] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[ 1510.589732][  T423] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input36
[ 1510.610810][  T423] usb 2-1: USB disconnect, device number 18
[ 1510.610874][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[ 1510.662406][T10134] usb 7-1: Using ep0 maxpacket: 8
[ 1510.801433][T10134] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1510.818047][T10134] usb 7-1: config 179 has no interface number 0
[ 1510.845960][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1510.858433][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1510.876639][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1510.886958][T10134] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1510.900446][T10134] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1510.909610][T10134] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1511.546320][T20266] sch_fq: defrate 0 ignored.
[ 1511.791023][T20277] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5014'.
[ 1512.682577][T10134] usb 7-1: USB disconnect, device number 47
[ 1512.926377][T20292] loop6: detected capacity change from 0 to 256
[ 1513.795898][T20292] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[ 1514.566758][T20296] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5020'.
[ 1514.650624][T20303] syz.6.5021[20303] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1514.650709][T20303] syz.6.5021[20303] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1515.508100][  T423] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1515.840659][ T3066] Bluetooth: hci0: sending frame failed (-49)
[ 1515.847202][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -49
[ 1515.961424][T20320] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5027'.
[ 1516.350492][T20329] loop6: detected capacity change from 0 to 2048
[ 1516.372778][T20329] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1516.557894][T10134] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[ 1516.580418][T11959] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1516.601341][T11959] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1516.630964][  T423] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1516.645207][  T423] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1516.663697][  T423] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1516.673017][  T423] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1516.710986][T20301] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1516.810944][T10134] usb 3-1: Using ep0 maxpacket: 16
[ 1516.940937][  T423] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[ 1516.945461][T15381] EXT4-fs (loop6): unmounting filesystem.
[ 1516.977074][  T423] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input37
[ 1516.985594][T20342] loop6: detected capacity change from 0 to 1024
[ 1516.992387][  T423] usb 2-1: USB disconnect, device number 19
[ 1516.992781][T20342] ext4: Bad value for 'max_dir_size_kb'
[ 1517.050977][  T420] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 1517.141572][T10134] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1517.150901][T10134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1517.158774][T10134] usb 3-1: Product: syz
[ 1517.163058][T10134] usb 3-1: Manufacturer: syz
[ 1517.167508][T10134] usb 3-1: SerialNumber: syz
[ 1517.184730][T10134] r8152-cfgselector 3-1: config 0 descriptor??
[ 1517.634978][T20348] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5033'.
[ 1517.712644][T10134] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1517.781274][T10134] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1517.787948][T10134] r8152-cfgselector 3-1: bad CDC descriptors
[ 1517.835584][T10134] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1517.854255][T10134] r8152-cfgselector 3-1: USB disconnect, device number 120
[ 1517.930957][  T420] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1517.942279][  T420] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1517.958339][  T420] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1517.967438][  T420] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1517.990961][T20339] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1518.275879][  T420] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[ 1518.283338][  T420] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input38
[ 1518.298171][  T420] usb 4-1: USB disconnect, device number 125
[ 1518.336210][T20355] syz.1.5035[20355] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1518.336269][T20355] syz.1.5035[20355] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1518.600935][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 1518.600945][ T3066] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1518.771014][T10134] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[ 1519.130891][T10134] usb 3-1: Using ep0 maxpacket: 32
[ 1519.291257][T10134] usb 3-1: config 4 has an invalid interface number: 128 but max is 0
[ 1519.306734][T10134] usb 3-1: config 4 has no interface number 0
[ 1519.339707][T10134] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1519.418845][T10134] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1519.429216][T10134] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1519.462484][T10134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1519.529374][T10134] hub 3-1:4.128: USB hub found
[ 1519.710987][  T423] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1519.745531][T10134] hub 3-1:4.128: config failed, hub doesn't have any ports! (err -19)
[ 1519.761573][T20385] loop6: detected capacity change from 0 to 16
[ 1519.768025][T20385] erofs: Unknown parameter '˙˙˙˙'
[ 1520.131424][  T423] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1520.213421][  T423] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1520.252105][T20389] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5046'.
[ 1520.265481][  T423] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1520.298934][  T423] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1520.381439][T20378] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1521.002195][  T423] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[ 1521.010009][  T423] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input39
[ 1521.022889][  T423] usb 2-1: USB disconnect, device number 20
[ 1521.076559][T20392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5047'.
[ 1521.085421][T20394] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5048'.
[ 1521.101132][T10134] usb 3-1: USB disconnect, device number 121
[ 1521.610948][T10134] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[ 1521.630924][  T298] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1521.889917][T20409] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1521.897114][T10134] usb 3-1: Using ep0 maxpacket: 16
[ 1521.911261][  T311] syz_tun: tun_net_xmit 110
[ 1521.990986][  T298] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1522.002213][  T298] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1522.013544][  T298] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1522.022479][  T298] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1522.050958][T20401] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1522.278603][T11959] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1522.290943][T10134] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1522.291074][  T298] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[ 1522.299938][T10134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1522.314623][T10134] usb 3-1: Product: syz
[ 1522.315449][  T298] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input40
[ 1522.318640][T10134] usb 3-1: Manufacturer: syz
[ 1522.330537][  T298] usb 7-1: USB disconnect, device number 48
[ 1522.332397][T10134] usb 3-1: SerialNumber: syz
[ 1522.344382][T10134] r8152-cfgselector 3-1: config 0 descriptor??
[ 1522.649382][T10134] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1522.690913][T10134] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1522.697064][T10134] r8152-cfgselector 3-1: bad CDC descriptors
[ 1522.721032][T10134] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1522.730195][T10134] r8152-cfgselector 3-1: USB disconnect, device number 122
[ 1522.851020][  T311] syz_tun: tun_net_xmit 110
[ 1523.279732][T20428] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5059'.
[ 1523.290938][T10134] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 1523.310118][T20430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5060'.
[ 1523.330290][T20432] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5061'.
[ 1523.440895][  T423] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1523.558979][T20438] netlink: 180 bytes leftover after parsing attributes in process `syz.2.5062'.
[ 1523.573809][T10134] usb 7-1: Using ep0 maxpacket: 8
[ 1523.791025][T10134] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1523.816730][T10134] usb 7-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1523.828760][T10134] usb 7-1: config 179 has no interface number 0
[ 1523.835898][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1523.847053][T10134] usb 7-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1523.861564][T10134] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1523.871881][T10134] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1524.060892][  T423] usb 2-1: Using ep0 maxpacket: 32
[ 1524.180949][  T423] usb 2-1: config 4 has an invalid interface number: 128 but max is 0
[ 1524.218569][  T423] usb 2-1: config 4 has no interface number 0
[ 1524.224609][  T423] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1524.269032][  T423] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1524.279338][  T423] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1524.288372][  T423] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1524.296106][ T3066] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1524.686562][  T423] hub 2-1:4.128: USB hub found
[ 1524.771046][  T423] hub 2-1:4.128: config failed, hub doesn't have any ports! (err -19)
[ 1524.840945][  T298] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[ 1525.053312][T10134] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1525.091072][  T298] usb 3-1: Using ep0 maxpacket: 16
[ 1525.121632][  T423] usb 2-1: USB disconnect, device number 21
[ 1525.363297][T10134] usb 4-1: Using ep0 maxpacket: 8
[ 1525.371041][  T298] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1525.380571][  T298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1525.388547][  T298] usb 3-1: Product: syz
[ 1525.393111][  T298] usb 3-1: Manufacturer: syz
[ 1525.397665][  T298] usb 3-1: SerialNumber: syz
[ 1525.428366][  T298] r8152-cfgselector 3-1: config 0 descriptor??
[ 1525.574522][T10134] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1525.587042][T10134] usb 4-1: config 179 has no interface number 0
[ 1525.595282][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1525.721691][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1525.733768][T10134] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1525.739589][  T298] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1525.745083][T10134] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1525.782261][  T298] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1525.788766][  T298] r8152-cfgselector 3-1: bad CDC descriptors
[ 1525.815207][  T298] r8152-cfgselector 3-1: Unknown version 0x0000
[ 1525.875493][T10134] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1525.881666][  T298] r8152-cfgselector 3-1: USB disconnect, device number 123
[ 1525.885586][T10134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1526.027452][  T311] usb 7-1: USB disconnect, device number 49
[ 1526.091690][T20466] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5071'.
[ 1526.117820][T20469] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5072'.
[ 1526.200921][  T423] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[ 1526.561220][  T423] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1526.572331][  T423] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1526.620919][  T423] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1526.621319][T20477] sch_fq: defrate 0 ignored.
[ 1526.640916][  T423] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1526.701012][T20461] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1527.296345][T20485] 9pnet_fd: Insufficient options for proto=fd
[ 1527.480938][  T423] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[ 1527.488662][  T423] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input41
[ 1527.499269][  T423] usb 2-1: USB disconnect, device number 22
[ 1527.510871][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[ 1527.768349][T12016] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1527.948566][T20494] loop6: detected capacity change from 0 to 2048
[ 1527.964154][T20494] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[ 1527.973159][  T423] usb 4-1: USB disconnect, device number 126
[ 1528.281414][T20502] netlink: 180 bytes leftover after parsing attributes in process `syz.3.5080'.
[ 1528.780903][  T311] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1528.806279][T15381] EXT4-fs (loop6): unmounting filesystem.
[ 1528.896114][T20510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5083'.
[ 1529.020905][  T311] usb 2-1: Using ep0 maxpacket: 16
[ 1529.111098][T10134] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[ 1529.310935][  T311] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1529.319831][  T311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1529.327719][  T311] usb 2-1: Product: syz
[ 1529.331626][  T311] usb 2-1: Manufacturer: syz
[ 1529.336035][  T311] usb 2-1: SerialNumber: syz
[ 1529.341250][  T311] r8152-cfgselector 2-1: config 0 descriptor??
[ 1529.351017][T10134] usb 7-1: Using ep0 maxpacket: 8
[ 1529.480990][T10134] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[ 1529.489161][T10134] usb 7-1: config 179 has no interface number 0
[ 1529.495204][T10134] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64
[ 1529.506058][T10134] usb 7-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1529.516544][T10134] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1529.529673][T10134] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1529.538527][T10134] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1529.600996][  T311] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1529.620992][  T311] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1529.627126][  T311] r8152-cfgselector 2-1: bad CDC descriptors
[ 1529.650938][  T311] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1529.657596][  T311] r8152-cfgselector 2-1: USB disconnect, device number 23
[ 1529.800911][ T3395] Bluetooth: hci0: command 0x1003 tx timeout
[ 1529.811038][ T3066] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1529.835983][T20522] syz.3.5087[20522] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1529.836066][T20522] syz.3.5087[20522] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1531.352595][T20541] sch_fq: defrate 0 ignored.
[ 1531.865144][  T311] usb 7-1: USB disconnect, device number 50
[ 1531.883464][T20550] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5094'.
[ 1533.812822][T20562] 9pnet_fd: Insufficient options for proto=fd
[ 1534.171007][  T423] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1534.520950][  T423] usb 4-1: Using ep0 maxpacket: 32
[ 1534.641252][  T423] usb 4-1: config 4 has an invalid interface number: 128 but max is 0
[ 1534.675115][  T423] usb 4-1: config 4 has no interface number 0
[ 1535.124896][  T423] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1535.137684][  T423] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1535.147674][  T423] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1535.158082][  T423] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1535.385274][  T423] hub 4-1:4.128: USB hub found
[ 1535.811545][  T423] hub 4-1:4.128: config failed, hub doesn't have any ports! (err -19)
[ 1536.128702][T20587] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5106'.
[ 1536.265357][  T423] usb 4-1: USB disconnect, device number 127
[ 1537.999968][T20597] netlink: 180 bytes leftover after parsing attributes in process `syz.6.5108'.
[ 1538.020479][T10134] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[ 1538.130931][T15256] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1690.106135][   T29] INFO: task syz.1.5105:20585 blocked for more than 128 seconds.
[ 1691.140798][   T29]       Not tainted 6.1.112-syzkaller-00034-g226e9f92a06c #0
[ 1691.148014][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1700.140804][   T29] task:syz.1.5105      state:D stack:25384 pid:20585 ppid:13096  flags:0x00004006
[ 1700.150001][   T29] Call Trace:
[ 1705.110797][   T29]  <TASK>
[ 1705.113704][   T29]  __schedule+0xcb5/0x1560
[ 1705.117957][   T29]  ? __sched_text_start+0x8/0x8
[ 1709.140785][   T29]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 1709.146458][   T29]  ? prepare_to_wait_event+0x3e6/0x420
[ 1714.110798][   T29]  schedule+0xc3/0x180
[ 1714.114737][   T29]  synchronize_rcu_expedited+0x6bd/0x860
[ 1714.120553][   T29]  ? synchronize_rcu+0x3d0/0x3d0
[ 1719.080785][    C0] BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 176s!
[ 1719.089522][    C0] Showing busy workqueues and worker pools:
[ 1719.095271][    C0] workqueue events: flags=0x0
[ 1719.099761][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.099811][    C0]     pending: psi_avgs_work
[ 1719.099852][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.099894][    C0]     pending: vmstat_shepherd
[ 1719.099931][    C0] workqueue events_long: flags=0x0
[ 1719.128807][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.128861][    C0]     pending: br_fdb_cleanup
[ 1719.128899][    C0] workqueue events_unbound: flags=0x2
[ 1719.145988][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/512 refcnt=3
[ 1719.146043][    C0]     pending: toggle_allocation_gate
[ 1719.146074][    C0] workqueue mm_percpu_wq: flags=0x8
[ 1719.163275][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.163319][    C0]     pending: vmstat_update
[ 1719.163356][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.163411][    C0]     pending: vmstat_update
[ 1719.163454][    C0] workqueue usb_hub_wq: flags=0x4
[ 1719.192081][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=4/256 refcnt=5
[ 1719.192178][    C0]     in-flight: 15256:hub_event hub_event, 10134:hub_event hub_event
[ 1719.192281][    C0] workqueue ipv6_addrconf: flags=0x40008
[ 1719.213183][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=5
[ 1719.213233][    C0]     pending: addrconf_verify_work
[ 1719.213268][    C0]     inactive: addrconf_verify_work, addrconf_verify_work, addrconf_verify_work
[ 1719.213345][    C0] workqueue wg-kex-wg0: flags=0x6
[ 1719.239464][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1719.239520][    C0]     pending: wg_packet_handshake_send_worker
[ 1719.239564][    C0] workqueue wg-kex-wg2: flags=0x24
[ 1719.257519][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.257576][    C0]     pending: wg_packet_handshake_receive_worker
[ 1719.257614][    C0] workqueue wg-kex-wg2: flags=0x6
[ 1719.276082][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1719.276127][    C0]     pending: wg_packet_handshake_send_worker
[ 1719.276165][    C0] workqueue wg-kex-wg0: flags=0x6
[ 1719.293974][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1719.294018][    C0]     pending: wg_packet_handshake_send_worker
[ 1719.294076][    C0] workqueue wg-kex-wg2: flags=0x24
[ 1719.311946][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.311995][    C0]     pending: wg_packet_handshake_receive_worker
[ 1719.312044][    C0] workqueue wg-kex-wg0: flags=0x6
[ 1719.330502][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1719.330547][    C0]     pending: wg_packet_handshake_send_worker
[ 1719.330586][    C0] workqueue wg-kex-wg2: flags=0x6
[ 1719.348383][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1719.348427][    C0]     pending: wg_packet_handshake_send_worker
[ 1719.348466][    C0] workqueue wg-kex-wg0: flags=0x24
[ 1719.366345][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.366396][    C0]     pending: wg_packet_handshake_receive_worker
[ 1719.366433][    C0] workqueue wg-crypt-wg0: flags=0x28
[ 1719.385203][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.385261][    C0]     pending: wg_packet_encrypt_worker
[ 1719.385301][    C0] workqueue wg-kex-wg1: flags=0x24
[ 1719.403099][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.403159][    C0]     pending: wg_packet_handshake_receive_worker
[ 1719.403202][    C0] workqueue wg-crypt-wg1: flags=0x28
[ 1719.422070][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
[ 1719.422139][    C0]     pending: wg_packet_tx_worker, wg_packet_encrypt_worker
[ 1719.422202][    C0] workqueue wg-kex-wg2: flags=0x24
[ 1719.441904][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.441957][    C0]     pending: wg_packet_handshake_receive_worker
[ 1719.441997][    C0] workqueue wg-crypt-wg2: flags=0x28
[ 1719.460725][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
[ 1719.460783][    C0]     pending: wg_packet_encrypt_worker, wg_packet_tx_worker, wg_packet_decrypt_worker
[ 1719.477830][    C0] workqueue wg-kex-wg0: flags=0x24
[ 1719.482759][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.482809][    C0]     pending: wg_packet_handshake_receive_worker
[ 1719.482847][    C0] workqueue wg-kex-wg0: flags=0x6
[ 1719.501334][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1719.501380][    C0]     pending: wg_packet_handshake_send_worker
[ 1719.501417][    C0] workqueue wg-crypt-wg0: flags=0x28
[ 1719.519458][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
[ 1719.519512][    C0]     pending: wg_packet_encrypt_worker, wg_packet_decrypt_worker
[ 1719.519573][    C0] workqueue wg-crypt-wg1: flags=0x28
[ 1719.539678][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.539731][    C0]     pending: wg_packet_encrypt_worker
[ 1719.539771][    C0] workqueue wg-kex-wg2: flags=0x24
[ 1719.557469][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1719.557524][    C0]     pending: wg_packet_handshake_receive_worker
[ 1719.557564][    C0] workqueue wg-crypt-wg2: flags=0x28
[ 1719.576310][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
[ 1719.576362][    C0]     pending: wg_packet_encrypt_worker, wg_packet_decrypt_worker
[ 1719.576436][    C0] pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=177s workers=5 idle: 311 3048 1919
[ 1722.130814][   T29]  ? kasan_save_stack+0x4d/0x60
[ 1722.135538][   T29]  ? kasan_save_stack+0x3b/0x60
[ 1722.140226][   T29]  ? __kasan_record_aux_stack+0xb4/0xc0