last executing test programs:

14.636033928s ago: executing program 4 (id=3016):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x10002, &(0x7f0000000300), 0x0, 0x639, &(0x7f0000000580)="$eJzs3c9vG1kdAPDv2PkdIGmEgHKASAhaCZo0aYsqhEQrJE5VVX4ckLhgmrQqdX+oCYKUoqZSuSAhLhxAnDhQDvwPbKWV9rT/wB72sqdVV9Fq1cuuql2vxhl7ncTj2NnY08afj+R63ryJ33eafP2en9/YAQyt+fSfUsTxiLibRMy11I1EVjm/fdzzDx5cTW9J1Go/fz+JBw+TzdbHSrL76YhIKz6eieSNiJgr7213beP+zUq1unovKy+u37q7uLZx/9SNW5Xrq9dXby9/f/n8ubPnzi+dbvmpaz/p9fyOtWxfevzb38/85fKv/vOvF8nSf9++nMSFZszpefX62PuZj/moZVr3p/+v5w+7sYKUm38nn0l279jtx30MiJ40fn+jEfHVmIlyy29zJv7800KDA/qqlkSzjwKGTSL/YUg1xgGN1/bdvQ4e6/OoBBiErYsR32nm/2hENPJ/ZHtuMCbqcwNTz5Md8zxJRJw+hPbTNt58/fLj9BZ9mocD2tt8NJ7Nge/u/5N6bs7GRL009by0I/9L2TTubDZ/+LPOzczkVczvKmftjx/0fIDubT6KiK+1G//vn/+/zu7T/b/J9vf6yiAn/wEAAAAAAIADeHoxIr7X7v2/UnP9z1ib9T/TEXHhENrf//2/0rNDaAZoY+tixA/brv8tNQ6ZLWelL9bXA4wm125UV09HxJci4mSMjqflpdYH/V/LT0fEqb/O/SOv/db1f+ktbb+xFjCL49nIrtVAK5X1yiGcOgy9rUcRXx/JX/+T9v9Jm/4/ze+7XbYx9+0nV/Lq9s9/oF9q/4440bb/T5rHJJ0/n2OxPh5YbIwK9vrGH//2/7z25T8UJ+3/pzrn/3jS+nk9a709/lhEnNkYqeXVH3T8P5b8ohwt643/UFlfv7cUMZZc2rt/ubeY4VUy0bF2tLXwp4io50MjX9L8P/mtzvN/zfF/Sx5OZp/x1Y2vfDL9Tl6d/h+Ks1WOWOnc/8/u7P9731h+MvtaXvtXIv6ZPX916P/P1vv0k9ke83/QWbcJWnScAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAqKkXEFyIpLTS3S6WFhYjpiPhyTJWqd9bWv3vtzu9ur6R19e//LzW+6Xdmu5w0vv9/tqW8vKt8JiKORcTfy5P18sLVO9WVok8eAAAAAAAAAAAAAAAAAAAAXhLT23d7rv9PvVsuNDRgEEaye/kOw2ek6ACAwsh/GF7yH4ZXfv5/+KJWN9BwgAHqtv+vPexzIMDAHXD87+0COAK8/odhNdrdYRP9jgMowo7+f6m4OAAAAAAAgENx7JtP30oiYvMHk/Vbaiyra74xOFlUdEA/lfIqxmNzsJEAg2YNLwwvS39heLVf/Ds78DiA4iTNrY/aXuyfv/o/6U9AAAAAAAAAAAAAAMAeJ453cf0/cCTlXv8PHHkdrv9vd2GPjwuAI8T1/zC8xosOAChcY7Cf903/rv8HAAAAAAAAAAAAgJfAxP2blWp19d7aRtcbD3s5+PNvvBd5VT8aZBiHtbFZeSnCeBU2RiNiV1VtZvvP9mal+ssYbDyNjBlEW2MDbCtno6DnIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYI9PAwAA//+pCyTe")

14.520460208s ago: executing program 4 (id=3017):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000800"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8a, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x54, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "ca0c734891a263a2ef1df715fb24b095"}, @mptcp=@synack={0x1e, 0x10}, @md5sig={0x13, 0x12, "2bdd4b74a1f6aa675459bc4d77085aa8"}]}}}}}}}}, 0x0)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0x2acf, 0x11, 0x0, 0x27)
recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0xa, 0x0, 0x46, 0x407006}, 0x104)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000b80))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x30000000000001f, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4003, 0x1}, 0x48)

13.673917018s ago: executing program 4 (id=3021):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1808014, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b048000000000000072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f0378072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd78997da864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4bff1d00"/716], 0x5, 0x558b, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64auumCJWPBPEEisWPIbWMASdogFiB1SkWcmULdJC63jQPs80vjMHL8+874jK9KZiRzAU2sp/e2XJI7FoYhYiIijSeT7SblF3I44X4x9LiKOR0Tlri0p838m9kfE4Yg4Nile1EzKtz47OT5x9uc3f/362wP7jnz+1Xd7unBgTz0fEf31Yv9mv4hZJw93Fsp8Y9zNY//MuIzrUzX6WZG/2V7LK9xsbI1r5PF0pxifrd8YTuLVXqM5iZ3u1Ty/PihOOBx3tupMPpBea2zkx632Wh67wyyPnVvFeTdvFX/bbg1HRZ1WWe+jvHyMRluxyLc328V61q/nsTkYlfmibtZqb07iuIzl6aKZ9Vr5PNYe9Sr/+73VHdzYTMftjWE3G6Rna/UXavVz1fpG1mqP2meqjX7r3Jl0udObDKuO2o3++U6WdXrtWjPrr6TLnWazWq+nyxfaa93GIK3Xa6drp6pnV8q9k+lrl99Le610eRJf6Q5ujLq9YXo120iLT6ykq7XTL66kJ+rpO5eupFfevnjx0pV3P7jw/uWXL73xajnovmmly6unVler9VPV1frKU7T+j8tJ/4P1J9unf/j+8S4bFHb4ggGws/v6/7i3/w/9PzBzD+j/49pD+v/+9fJ4d/r/2Lb/r0z3/zHL/n/SUun/H97/Vvag/10M/f8urh8ey6P1//tnPg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObux8UvXs93lorjI2X+f2XqmfI4iYhKRNzZxkLsn6q5UNZZ3GH84j1z+CaJvMLkHAfK7XBEnC+33/+/21cBAAAAnlxf3j7+adGtFy9Lez0h5qm4aVM5+uGM6iURsbj004yqVSYvz86oWP793hebM6qW38A6OKNixS23fbOq9rcsTIWDd4WkCJW5TgcAAJiL6U5gvl0IAAAA8/TJA999aW7zYM6S2HqUufUsOP/P+78eCB6aeg8AAAD4D0r2egIAAADArsv7f7//BwAAAE+24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+ctMGojgAPxsM/auiqvtepTs4Ro/QZZeFA/QSHIGeoFIvwBmolEWOkIQIe4LkBKRIjHGCvk+ynRlHP88AmzeWBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu/a9Wsz+/vv4+Mebv7fY0maYDAAAAHLCpVrP6j0nTfp/6P6auz6ldREQZEYdq90GMWpmDlFMd+f/q0Rj+RdQJu/5xOt5FxLd03Hzq+lMAAACAy7VeLKdNtd6c0hLAVb+j4kyaRZvyw/dMeUVEVJPrTGnl7vQlU1j9+x7Gz0xp9QLWm0xhzZLb8PC9Ua6HtA1al4eZzOsvsW6V3TwXAADoU7sSOFKFAAAAcAF+9D0AzuFpaV/sT/v3jOPmkl4Ivm21AAAAgFeo6HsAAAAAQOfq+v8l7f9X2P8PAAAAsmv2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2o1Wy+W02P358/MudueJt+MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB79ucdBUIgDMJg7/rOZO5/WGnQ0NikCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYt2PfNqowAOCffbbbFBAhoEgEUJE6wEJTt7R0RQgUMfAnIEWpUwIuhTYDrSJKFjaUuQuCESEkUNjyP3RupC5l65AhSEwMQXe+S8+JoVFp79zm95Oe3+fz9b3vna0qn98ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCw9W682szjJH2YHMTFsdvbKwtpv7mnT22s3ZlJWxo3Ks77CfBa+cnx6foSAQAA4PBIivo+Iu621+fSvjmZ1f/t4py05v/huUFc1PN76/7N7ZWj+UszRf3/+2/3XtqdaDLJ5kkHXVzq907tT6X1mJY49p5/4Bmt7Mpn370k2RvS/HD1xa12dj0b39269X4nC49UkS0A8DBOFn0eFH8PpX23zsQAODRapcK7qP+TyXpzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjC1mo8U8SNiJhp3Y9Tm9srC6P6b9buzGzk7dzNm2vlMdMh2hGxuNTvnapwLeOruJrXP5vv93tXrl6rOjgeESNeunGwf57k6f/rOZ2IGDpy4uUR43x8gLn2jLMvyD+eUe01nEjX98CTG0NHGvsu+Hs7A3V8AKoKmvn7My75PMqg+Ow9+pEr/u8IAICnXjtvaSV6t70+lx5rTEXs/Dhc/79RimOo7t+5MTgyeL5Rqv/vfXLudnmucv3frWh9T4LZ5UtfzF69dv2tpUvzF3sXe5+/fbr7TvfM+bNnz89m35XMLkbTNyYAAAD8D528lev/5tT+/f9jpTj+Y/+/XP9/+X336/Jcifp/pPubfnVnAgAAcBh1dqMXXv/rz8aIMxqdTnw1v7x8pTt43H1+evBYaboP6UjeyvV/MlV3VgAAAEAVtlYbQ/v/F0pxHHD//9mfXvmlPGYSERMRlyOid3Lhcv9CdcsZa1X8UDmbqFP3SgEAAKjLRN7K+//t7P7/5u4tD82IePNExN/5b/jjgPV/8sG3P5fnKt//f6bSVY6f5vTgemT9dERruu6MAAAAeJodzVta7P/RXp/79NdjH3Xc/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQtX8CAAD//4ztMoY=")
syz_mount_image$fuse(0x0, &(0x7f0000000640)='./file0/../file0/file0/file0\x00', 0x0, &(0x7f0000000780)=ANY=[], 0x0, 0x0, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000040)=0x6, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000480)='\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x2, 0xc, 0x18, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x8c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(r5, &(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r6, &(0x7f0000000040)='./file1\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)

12.288408823s ago: executing program 4 (id=3027):
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0x5, 0x7fe2, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x48942, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)

11.189903863s ago: executing program 4 (id=3029):
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="b000000000000000", @ANYRES64=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000035e600"/108, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="000000f6ff00000000000000000000edfff5ff000400000000008e00c2e4000000000000"], 0xb0)
write$FUSE_INIT(r3, &(0x7f0000000300)={0x50}, 0x50)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r4=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',privport,access=', @ANYRESDEC=r4])
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
symlinkat(&(0x7f0000000040)='./file0\x00', r5, &(0x7f0000000080)='./file0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x6, 0x8002, 0x2, 0x806, r3, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x2, 0x1, 0x3}, 0x48)
accept4$tipc(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000200)=0x10, 0xc00)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b8000000140001000000000000000000e0000002000000000000000000000000fc01000000000000000000000000000000000000000000000a"], 0xb8}}, 0x0)

11.156570696s ago: executing program 4 (id=3030):
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kmem_cache_free\x00'}, 0x10)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r0, 0x0, r0)
readv(r1, &(0x7f0000000440)=[{&(0x7f0000000100)=""/78, 0x4e}], 0x1)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)

8.09102797s ago: executing program 2 (id=3046):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000000020fd1f7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYRES64=r1], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000008000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r8}, 0x10)
open(&(0x7f00000001c0)='./bus\x00', 0x400141042, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0xf28)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40, 0x8)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
dup3(r9, r10, 0x0)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
r11 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000040)={'gretap0\x00'})

7.222058732s ago: executing program 1 (id=3048):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000001800010000000000000000000a000000000000000000000018001600140001000200000000000000000010000068000008000400", @ANYRES32, @ANYBLOB="1400050000000000000000000000ff"], 0x50}}, 0x0)

7.202307893s ago: executing program 2 (id=3049):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001100)='/proc/locks\x00', 0x0, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
close(r3)

7.140978498s ago: executing program 1 (id=3050):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0, 0x24}}, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
fallocate(r3, 0x0, 0x0, 0x6)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2491b300188f00014900000000000000001d010000080009", @ANYRES32=0x0, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4, @ANYBLOB], 0x24}, 0x1, 0x4}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
timer_create(0x0, &(0x7f0000004040)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000004080))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
write$UHID_INPUT(r8, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r9}, 0x10)
setsockopt$inet_udp_encap(r5, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000180)=ANY=[@ANYBLOB="aa90c077aa01000000010000000000080045000030000000000011907800000000bfffffff00004e20001c908d52780100000047a861e9af84821816101e"], 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffecc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r11 = socket$netlink(0x10, 0x3, 0x0)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r12}, 0x10)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r13}, 0x10)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x1c}, 0x1c}}, 0x0)

6.52078906s ago: executing program 0 (id=3053):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000480)=ANY=[@ANYBLOB="9802"], 0x298)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}})

6.417146858s ago: executing program 0 (id=3054):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00', r0}, 0x10)
getpeername$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000300)=0x14)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESHEX=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', r1, 0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000001500)=[{&(0x7f0000001480)=""/95, 0x5f}], 0x1, 0x0, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r3, 0x11, 0x1, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r3, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000180)={<r5=>0xffffffffffffffff, 0x3f, 0x0, 0xe7})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000061c0)=ANY=[@ANYBLOB="01000000000000009a000040"])
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETSF(r7, 0x5404, &(0x7f0000000000)={0x0, 0x9, 0x0, 0x0, 0x0, "0e80706e6c06a79874342a0e0d13343972d01f"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sync()
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000020305000000000000000000000000000800010002000000f514e16c02d155da14773f12ed39291ef79899f28712cccb4f6d720191a577602f93bae2e9d972b7379f01b853809e7a453b31a9d926b79adfd979d916"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
write$UHID_INPUT(r7, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
read$FUSE(r7, &(0x7f0000002080)={0x2020}, 0x535)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x13, r9, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
write$P9_RGETLOCK(r5, &(0x7f0000000240)=ANY=[@ANYBLOB="3100000037023834a2b11879000200000000000104000000000000000000", @ANYRES32=0x0, @ANYBLOB="13002e2f62696e64657266732f62696e6465723000"], 0x31)

6.27811091s ago: executing program 2 (id=3055):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sys_enter\x00', r1}, 0x10)
capget(&(0x7f0000000000)={0x20080522}, 0x0)

6.27782255s ago: executing program 2 (id=3056):
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080))
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5)
sched_setscheduler(0x0, 0x0, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
close(0xffffffffffffffff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
getpid()
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4188aec6, &(0x7f00000001c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {0x0, 0xfe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x2}]}})
listen(r2, 0x0)
r3 = eventfd2(0x0, 0x0)
io_getevents(0x0, 0x1, 0x1, &(0x7f0000000080)=[{}], 0x0)
ppoll(&(0x7f0000000180)=[{r3, 0x11}], 0x1, 0x0, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x3, r3}])
shutdown(r2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)

6.252045752s ago: executing program 1 (id=3057):
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040), 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f1000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b708000000000010"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, &(0x7f0000000380), &(0x7f00000003c0)=r3}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x0, 0x4040011)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus/file0\x00', 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
syz_clone(0x0, 0x0, 0xffffffffffffffad, 0x0, 0x0, 0x0)

5.67015317s ago: executing program 0 (id=3059):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
epoll_create1(0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{}], 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x500, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0)

5.66931069s ago: executing program 0 (id=3060):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x400, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x510, 0x0, 0x0, 0x428, 0x428, 0x428, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
syz_open_dev$evdev(&(0x7f0000000e80), 0x0, 0x902)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe2, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17ef, 0x6067, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(r6, &(0x7f0000000980)={0x2c, &(0x7f0000000580)={0x20, 0x2d, 0x24, {0x24, 0xd, "254cd66c421f40e48d4a4c59c9efa1edd61ce5da377d22454ce258e6e5b96d4a8af1"}}, &(0x7f00000008c0)={0x0, 0x3, 0xab, @string={0xab, 0x3, "00417659196b779977a219a4a66dd1f0713c8e6028c183edc2e2243045da250c6bad1c0c1567b00b8aa37ab51a258a524246430b960eb85d87278f75e0741796b587aecd7b38677de4719e1e7adac4a0b7adca97f2386a4a55cedbb8833b0173b3405fa4a97694da9ee32e4f31009d52f3871f4befb8dde92b7516f66a59e36c9e6c0d8115bca5d37867fc6525d7258462ffcafe372ebdd2a362136b83944682014542b4bd6df08edb"}}, &(0x7f00000005c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000640)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x0, 0x1, 0x2, "fb041ce6", "e45c15dd"}}, &(0x7f0000000800)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x2, 0x93, 0x37, 0x81, 0x41, 0xf2db}}}, &(0x7f0000000dc0)={0x84, &(0x7f00000009c0)={0x40, 0x5, 0x4, "ca223d42"}, &(0x7f0000000a00)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a40)={0x0, 0x8, 0x1, 0xd1}, &(0x7f0000000a80)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000ac0)={0x20, 0x0, 0x4, {0xe0, 0x2}}, &(0x7f0000000b00)={0x40, 0x7, 0x2}, &(0x7f0000000b40)={0x40, 0x9, 0xfffffffffffffccb, 0x48}, &(0x7f0000000b80)={0x40, 0xb, 0x2, "d519"}, &(0x7f0000000bc0)={0x40, 0xf, 0x2, 0x81}, &(0x7f0000000c00)={0x40, 0x13, 0x6}, &(0x7f0000000ec0)={0x40, 0x17, 0x6}, &(0x7f0000000c80)={0x40, 0x19, 0x2, "1cc0"}, &(0x7f0000000cc0)={0x40, 0x1a, 0x2, 0x9}, &(0x7f0000000d00)={0x40, 0x1c, 0x1, 0x80}, &(0x7f0000000d40)={0x40, 0x1e, 0x1, 0x13}, &(0x7f0000000d80)={0x40, 0x21, 0x1, 0x8}})
syz_usb_control_io$hid(r6, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x22, 0x5, {[@main=@item_012={0x1, 0x0, 0x0, "96"}, @main=@item_012={0x2, 0x0, 0x0, 'ud'}]}}, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r4}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r7}, 0x10)
ioctl$TUNSETOFFLOAD(r2, 0x40086607, 0x20001412)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x42, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

5.335604168s ago: executing program 1 (id=3061):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r2}, &(0x7f0000000680)=0x2, &(0x7f00000006c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r0}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r3}, 0x10)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = dup(r5)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000076fd820d000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r9}, 0x10)
r10 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r11, 0x0)
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r12, 0x0)
r13 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r13, 0x0)
r14 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r14, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

5.181867361s ago: executing program 1 (id=3064):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x400, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000740)="dad6b687f79aaa1e08905c71e7f9621e47664aaa9fc3c2c0fad0be640f69d094abd9e13ae5ea6995fdc5885a23d4894914240c073069df0fe0af5ba212ea370250db2bd79c2a81157e9c4028e1f16cc783d51d3ee139249c10b49cdb735cb0ff16bbd7021638ece6dc3221afedb23ece17c353660d971b19cd0bbfaa6369159ae693f9e3bb974eb94fb93555c502724f4d66d52b2e32320f2d2695d21eee250400"/174, &(0x7f0000000680)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x510, 0x0, 0x0, 0x428, 0x428, 0x428, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
syz_open_dev$evdev(&(0x7f0000000e80), 0x0, 0x902)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe2, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17ef, 0x6067, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(r6, &(0x7f0000000980)={0x2c, &(0x7f0000000580)={0x20, 0x2d, 0x24, {0x24, 0xd, "254cd66c421f40e48d4a4c59c9efa1edd61ce5da377d22454ce258e6e5b96d4a8af1"}}, &(0x7f00000008c0)={0x0, 0x3, 0xab, @string={0xab, 0x3, "00417659196b779977a219a4a66dd1f0713c8e6028c183edc2e2243045da250c6bad1c0c1567b00b8aa37ab51a258a524246430b960eb85d87278f75e0741796b587aecd7b38677de4719e1e7adac4a0b7adca97f2386a4a55cedbb8833b0173b3405fa4a97694da9ee32e4f31009d52f3871f4befb8dde92b7516f66a59e36c9e6c0d8115bca5d37867fc6525d7258462ffcafe372ebdd2a362136b83944682014542b4bd6df08edb"}}, &(0x7f00000005c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000640)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x0, 0x1, 0x2, "fb041ce6", "e45c15dd"}}, &(0x7f0000000800)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x2, 0x93, 0x37, 0x81, 0x41, 0xf2db}}}, &(0x7f0000000dc0)={0x84, &(0x7f00000009c0)={0x40, 0x5, 0x4, "ca223d42"}, &(0x7f0000000a00)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a40)={0x0, 0x8, 0x1, 0xd1}, &(0x7f0000000a80)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000ac0)={0x20, 0x0, 0x4, {0xe0, 0x2}}, &(0x7f0000000b00)={0x40, 0x7, 0x2}, &(0x7f0000000b40)={0x40, 0x9, 0xfffffffffffffccb, 0x48}, &(0x7f0000000b80)={0x40, 0xb, 0x2, "d519"}, &(0x7f0000000bc0)={0x40, 0xf, 0x2, 0x81}, &(0x7f0000000c00)={0x40, 0x13, 0x6}, &(0x7f0000000ec0)={0x40, 0x17, 0x6}, &(0x7f0000000c80)={0x40, 0x19, 0x2, "1cc0"}, &(0x7f0000000cc0)={0x40, 0x1a, 0x2, 0x9}, &(0x7f0000000d00)={0x40, 0x1c, 0x1, 0x80}, &(0x7f0000000d40)={0x40, 0x1e, 0x1, 0x13}, &(0x7f0000000d80)={0x40, 0x21, 0x1, 0x8}})
syz_usb_control_io$hid(r6, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x22, 0x5, {[@main=@item_012={0x1, 0x0, 0x0, "96"}, @main=@item_012={0x2, 0x0, 0x0, 'ud'}]}}, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r4}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r7}, 0x10)
ioctl$TUNSETOFFLOAD(r2, 0x40086607, 0x20001412)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x42, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

4.34815396s ago: executing program 3 (id=3065):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001100)='/proc/locks\x00', 0x0, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
close(r3)

3.546173826s ago: executing program 3 (id=3066):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x400, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000740)="dad6b687f79aaa1e08905c71e7f9621e47664aaa9fc3c2c0fad0be640f69d094abd9e13ae5ea6995fdc5885a23d4894914240c073069df0fe0af5ba212ea370250db2bd79c2a81157e9c4028e1f16cc783d51d3ee139249c10b49cdb735cb0ff16bbd7021638ece6dc3221afedb23ece17c353660d971b19cd0bbfaa6369159ae693f9e3bb974eb94fb93555c502724f4d66d52b2e32320f2d2695d21eee250400"/174, &(0x7f0000000680)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x510, 0x0, 0x0, 0x428, 0x428, 0x428, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
syz_open_dev$evdev(&(0x7f0000000e80), 0x0, 0x902)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe2, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17ef, 0x6067, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(r6, &(0x7f0000000980)={0x2c, &(0x7f0000000580)={0x20, 0x2d, 0x24, {0x24, 0xd, "254cd66c421f40e48d4a4c59c9efa1edd61ce5da377d22454ce258e6e5b96d4a8af1"}}, &(0x7f00000008c0)={0x0, 0x3, 0xab, @string={0xab, 0x3, "00417659196b779977a219a4a66dd1f0713c8e6028c183edc2e2243045da250c6bad1c0c1567b00b8aa37ab51a258a524246430b960eb85d87278f75e0741796b587aecd7b38677de4719e1e7adac4a0b7adca97f2386a4a55cedbb8833b0173b3405fa4a97694da9ee32e4f31009d52f3871f4befb8dde92b7516f66a59e36c9e6c0d8115bca5d37867fc6525d7258462ffcafe372ebdd2a362136b83944682014542b4bd6df08edb"}}, &(0x7f00000005c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000640)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x0, 0x1, 0x2, "fb041ce6", "e45c15dd"}}, &(0x7f0000000800)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x2, 0x93, 0x37, 0x81, 0x41, 0xf2db}}}, &(0x7f0000000dc0)={0x84, &(0x7f00000009c0)={0x40, 0x5, 0x4, "ca223d42"}, &(0x7f0000000a00)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a40)={0x0, 0x8, 0x1, 0xd1}, &(0x7f0000000a80)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000ac0)={0x20, 0x0, 0x4, {0xe0, 0x2}}, &(0x7f0000000b00)={0x40, 0x7, 0x2}, &(0x7f0000000b40)={0x40, 0x9, 0xfffffffffffffccb, 0x48}, &(0x7f0000000b80)={0x40, 0xb, 0x2, "d519"}, &(0x7f0000000bc0)={0x40, 0xf, 0x2, 0x81}, &(0x7f0000000c00)={0x40, 0x13, 0x6}, &(0x7f0000000ec0)={0x40, 0x17, 0x6}, &(0x7f0000000c80)={0x40, 0x19, 0x2, "1cc0"}, &(0x7f0000000cc0)={0x40, 0x1a, 0x2, 0x9}, &(0x7f0000000d00)={0x40, 0x1c, 0x1, 0x80}, &(0x7f0000000d40)={0x40, 0x1e, 0x1, 0x13}, &(0x7f0000000d80)={0x40, 0x21, 0x1, 0x8}})
syz_usb_control_io$hid(r6, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x22, 0x5, {[@main=@item_012={0x1, 0x0, 0x0, "96"}, @main=@item_012={0x2, 0x0, 0x0, 'ud'}]}}, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r4}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r7}, 0x10)
ioctl$TUNSETOFFLOAD(r2, 0x40086607, 0x20001412)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x42, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

3.271042349s ago: executing program 2 (id=3067):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x2)
syz_emit_ethernet(0x92, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x10}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x5c, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x17, 0xc2, 0x0, 0x0, 0x0, {[@generic={0xfe, 0x2}, @mptcp=@generic={0x44, 0x5, "cec28d"}, @timestamp={0x8, 0xa}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}, @mptcp=@capable={0x1e, 0x14, 0x0, 0x8, 0x0, 0x0, [0x0]}, @mptcp=@synack={0x1e, 0x10}]}}}}}}}}, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x22, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r5}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fcntl$lock(r2, 0x7, &(0x7f0000000200))
syz_usb_control_io$hid(r1, 0x0, 0x0)

2.640795591s ago: executing program 0 (id=3068):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000700)='mm_lru_insertion\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r4, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x2, 0x80, 0xc2, 0xc}})
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = syz_usb_connect$uac1(0x0, 0xcf, &(0x7f0000000680)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbd, 0x3, 0x1, 0xde, 0x18, 0x81, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x73}, [@processing_unit={0x8, 0x24, 0x7, 0x5, 0x0, 0x1, "ac"}, @extension_unit={0xb, 0x24, 0x8, 0x6, 0x8, 0x6, "40c6bb4a"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x1ff, 0x6, 0x5, 0x1}, @feature_unit={0xb, 0x24, 0x6, 0x2, 0x4, 0x2, [0x2, 0x3], 0x33}, @feature_unit={0xd, 0x24, 0x6, 0x4, 0x5, 0x3, [0xa, 0x7, 0x3], 0xfe}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x81, 0x40, 0x1001}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x9, 0x23, 0x71, {0x7, 0x25, 0x1, 0x2, 0x40, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x1, 0x81, 0x3}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x2, 0x6, 0x80, "67c28fea976698791e"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x3, 0x4, 0x7, 0x20, "cd", "03"}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x43, 0x3, 0x6, {0x7, 0x25, 0x1, 0x82, 0x2, 0xf7}}}}}}}]}}, &(0x7f0000000a80)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x1, 0x19, 0x80, 0x20, 0x1}, 0x24, &(0x7f0000000200)={0x5, 0xf, 0x24, 0x2, [@wireless={0xb, 0x10, 0x1, 0x4, 0x40, 0x7a, 0x0, 0x9, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x40, "9bc6652cd78f43cbff127ee631e6c21f"}]}, 0x8, [{0xa8, &(0x7f0000000280)=@string={0xa8, 0x3, "37f5f60741a373209ca251fb264dd73ea6b261720ee5f66735139790c17a3964f70bc37b3bafed09d6fad212156ec82533efdf78f8c169d38e1581f4d8cc6ef8943d0d02b22304fb43f0f9af0398a0c7a241356a3065085a76d0bbffcade3ea1eab53aeaa6aa9df6efe8f99112f053a92e062f61254f94eb2d1dbab5d27d6e2dd328ef7d36bb96b39de729553bfd9779462a42021b77ab8ac9079f2f18569d88284085ed3923"}}, {0xb4, &(0x7f0000000780)=@string={0xb4, 0x3, "abbfdd82b0f3fc35a269fb4db9f256edbb4cee457d229d52b408d93c602414825cf28722de2057e1f8a07e486240e2a2460e1670e3a8138d170852cd487c92ac6478efbe726a2e1909d97f270110732a7c423dea24d766b1384bc9ca41f27e2536363ab4a91e4f06ad8e4df41f61c576318ba1e5519aeca7c695fc0b523ba8d5082b9a570a641bc80f0c1f30211bdadff26904bc2aaa092cd8a23893735003bd02f364179c3ec671f996c8bb14c05ffafb0a"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x444}}, {0xf5, &(0x7f0000000840)=@string={0xf5, 0x3, "da36555ecb3f6073afbe325111126f3d67f9d01452c39dbf8961f8ed4b56e6d43c075b684bdbd80cf848c906e50b441fad7fd504e1a24f7e2a0f239b2d11a94f4bc6804731ca2e19b0bc360247cd6817e01a36386808823e486408c411fc690bfb22157cfcba01c05b49bfb76ed8480f0841aea9d01d10afe69d15d1a52fae9044eabda86cbbda6cf998ac332bb6362778ba573d65ed0fe81cff5eaa167e4a278976ae4e0d4cfc1f4189bee9085d12caa442fad0189007a24bad3214aea6b05fa35d93784cb547c18e3e18ad3f6e62d6f8352ab849a43440f3c2baa7598a37f17b3677ec477ab9ce3194baeed52beb201fc45a"}}, {0xdf, &(0x7f0000000940)=@string={0xdf, 0x3, "0cf45dd434bd793a393bdcb062b0f52157c8446614bf75ee4c71416c69f55c00daac13b63e158c4e1e2a71d0cbe765d90b87af95e7ccc34fa73e109571e93fb4a47af0dc0613e7be6823a8c3c6fd90a5e71ef1b164d097410e58a63c500330940c5751a6eb3c317312b5d7091e32f91b7392f2920ff37322b9a0e64f3337b18d7f2e891ce8a6eb0e04a6bbde96d225590e475fe43f13a84b253cceb3c5489bd4300a81c1ecb819ef596be021c7e925ca919810fc944c807a97e17ccc9b09593b419c6326109d10364f2bc9567c2c0b182a816b04130d4e24f9c2e34035"}}, {0x3b, &(0x7f0000000500)=@string={0x3b, 0x3, "a43652a6c547c12f1f74c7d71cc293f2b35df0d4b032095ff28baaa26989b8a4f209fb6b2620f5b56211437f495a1279b512acdbe14bc62f59"}}, {0x31, &(0x7f0000000540)=@string={0x31, 0x3, "3c9606a962300ddb5571f99eadea417120f658e5112f7f4d22ac7e40454cafbe5069953532b8c2c06ffce21b8e1453"}}, {0x4, &(0x7f0000000a40)=@lang_id={0x4, 0x3, 0x40e}}]})
syz_usb_control_io$uac1(r5, &(0x7f0000000bc0)={0x14, &(0x7f0000000b00)={0x0, 0x31, 0x76, {0x76, 0x23, "b44436121b45ad04088f63a444cb8aa3b8fdab6edb0c86ec5ce2cfb8a4d58adfde66da485fc0fb4e9b0f0fbd85c7f78f02f4eb0bbc847bc0bf3822a3831d6afa1151bdf896ebbc16e48f76b584ec418408ba2131d074a1188acf6b6313f6a1d50d91b58c75b9f6f8c9560b1a968b5c1b95e9e620"}}, &(0x7f0000000b80)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x4001}}}, &(0x7f0000000e40)={0x44, &(0x7f0000000c00)={0x20, 0x17, 0x69, "8cacf099c8c45051697d5cfb6f3aea76b22dc52babb0f211070752fa5a93d5a0d9b7ee65a8f92db1f203c939eb99f75ce15c1051fd5e27e8275a8192ab698dec16eedbdcfd2545c2106f7c3e2b6a2fc96533e5a661e91aa0b88909851327b5b732932a771e9b29ef20"}, &(0x7f0000000c80)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000000cc0)={0x0, 0x8, 0x1, 0x27}, &(0x7f0000000d00)={0x20, 0x81, 0x2, "e3eb"}, &(0x7f0000000d40)={0x20, 0x82, 0x2, "b3e3"}, &(0x7f0000000d80)={0x20, 0x83, 0x2, "950e"}, &(0x7f0000000dc0)={0x20, 0x84, 0x1, ']'}, &(0x7f0000000e00)={0x20, 0x85, 0x3, "903e51"}})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

2.165752341s ago: executing program 1 (id=3069):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4d8, 0xc002, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000a50000002a00000095"], &(0x7f0000000b40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x541c, &(0x7f00000000c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) (fail_nth: 13)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r4}, 0x0, &(0x7f0000000040)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r5}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r6 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0xf, 0x4, @tid=r6}, &(0x7f0000000080))
rt_sigtimedwait(&(0x7f0000000700)={[0x4f26]}, 0x0, 0x0, 0x8)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='swiotlb_bounced\x00', r3}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000680)={0x24, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00f4d7538825fc2c7c220b0000000b00528400339700975404"], 0x0}, 0x0)

1.301616552s ago: executing program 2 (id=3070):
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x20040, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x15, 0x0, &(0x7f0000000140)="69015438a420bbea40bb7d94bc9db57325f4528ae6", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000500000000000000000000001801000020a0702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
syz_emit_ethernet(0x7e, &(0x7f0000000300)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x48, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "ebebbea5a6bc54a5cf79050aa689c7c0a4feeec8a95f84b6", "56261dcf421246c7fa0f68f32aea17b14d6285984901f27cfcfc7d9f632ca88e"}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r2}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, 0x0)
r7 = syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0)
syz_usb_control_io$uac1(r7, &(0x7f0000000280)={0x14, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0003040000002203"]}, 0x0)
syz_usb_control_io$uac1(r7, &(0x7f0000000680)={0x14, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00032a0000002a03"]}, 0x0)

510.214848ms ago: executing program 3 (id=3072):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f00000001c0), 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f00000007c0)=ANY=[@ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX=r0], 0x9, 0x2b7, &(0x7f0000000880)="$eJzs3E1IG3kYx/Envm8WTZBlYRd299n1srssg8l5QcOiy7IBl12z2AqFsU7akGkSMiFtpJgUCl566KVv57ZQiiCUHgoFsYeeilK89dCbNw+1p0opnRJHa7SjFqtG6vdz0Ic8/9/kPy8Zkn8gi79fPpNOOkbSLEhDW0AaeqUiywEJS4OsqcgvZ6eefvffseN/x+Lxvn9V+2ODkaiqdvwwPXx+8qeZwpf/3+942Cqz4ROLS9GF2a9nv1l8O3g65WjK0Uy2oKaOZLMFc8S2dPSqkzZU/7Et07E0lXGs/IZ+0s7mciU1M6PtwVzechw1MyVNW80iooV8Sc1TZiqjhmFoe1CwvcnijdjW3cTdZdeVpcIT122tiOu61QfbDnB6qLOV8++6Nef/Ur2nhANUc1NvE7Enioliwvvv9WNJSYktlnRLSN5I9Rpxb065K5dK9e+56FR8/tfHj1Q1LON2eTVfLiYaN+YjEpKwl/F4df9f8b6Ierx8Z9DLN0uwNh+VkHzln49uyK89f4v83FWTNyQk8yclK7bMTf/4amFg4tpafjyi+sdAfFP+CxldP0x3Xtbp/AAAAAAAAAAAsBuGvue7fm9UB1wcU9X2TX0v7/f9wOb1+W7f9fkm+bapvvsOAAAAAMBR4ZTG0qZtW/lPLKof5fdiO59fcevCxw/+vn/7MV09jXO9zyq5w7BfPkWgyb/1euiwzLCmkNXVp50GN+7xK2W9eLEn2wmszm/rMX8OP7+343ZaPjg+W5nZ/7sSAAAAgP2w/qa/R8rJB8Xy0G9X6j0nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOml385Njcdb+WVovO236teu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdt4FAAD//xyozRw=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, 0x0, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r6 = openat$cgroup_procs(r0, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f0000000c40), 0x12)

129.002559ms ago: executing program 3 (id=3073):
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r1)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000380)=ANY=[@ANYBLOB="b000000000000000", @ANYRES64=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000035e600"/108, @ANYRES32, @ANYRES32=0x0], 0xb0)
write$FUSE_INIT(r3, &(0x7f0000000300)={0x50}, 0x50)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r4=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',privport,access=', @ANYRESDEC=r4])
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
symlinkat(&(0x7f0000000040)='./file0\x00', r5, &(0x7f0000000080)='./file0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x6, 0x8002, 0x2, 0x806, r3, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x2, 0x1, 0x3}, 0x48)
accept4$tipc(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000200)=0x10, 0xc00)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b8000000140001000000000000000000e0000002000000000000000000000000fc01000000000000000000000000000000000000000000000a"], 0xb8}}, 0x0)

68.368544ms ago: executing program 3 (id=3074):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)="c8f41c288d409ef0e169a340295f36d4b4", &(0x7f0000000500), 0x5, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0x2c}, 0x4)

9.922299ms ago: executing program 0 (id=3075):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
utime(&(0x7f0000000e00)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x0, 0x8, 0x7, 0x3, 0xffffffffffffffff, 0xda, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x5, 0xd}, 0x48)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000280)={[{}, {@noblock_validity}, {@resuid}, {@nobh}, {@lazytime}, {@usrquota}, {@mblk_io_submit}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9d})
mkdir(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000006140)={0x2020, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000014c0)={&(0x7f0000001380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0xa, [@ptr, @const, @typedef={0x5}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x8, 0x1}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x61, 0x5f, 0x5f, 0x5f]}}, &(0x7f0000001400)=""/149, 0x5e, 0x95, 0x1}, 0x20)
lchown(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, r2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440))
r5 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
fallocate(r5, 0x0, 0x400000000000000, 0x7)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r6}, 0x10)

0s ago: executing program 3 (id=3076):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001100)='/proc/locks\x00', 0x0, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
close(r3)

kernel console output (not intermixed with test programs):

ings: Mfr=0, Product=0, SerialNumber=0
[  618.279212][  T658] usb 3-1: config 0 descriptor??
[  618.634985][T11288] udc-core: couldn't find an available UDC or it's busy
[  618.691228][T11288] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  619.138616][T11334] x_tables: unsorted underflow at hook 3
[  619.711834][   T15] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  619.834628][T11346] FAULT_INJECTION: forcing a failure.
[  619.834628][T11346] name failslab, interval 1, probability 0, space 0, times 0
[  619.881243][T11346] CPU: 1 PID: 11346 Comm: syz.1.2811 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  619.893688][T11346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  619.905134][T11346] Call Trace:
[  619.908666][T11346]  dump_stack_lvl+0x1e2/0x24b
[  619.914956][T11346]  ? panic+0x812/0x812
[  619.920793][T11346]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  619.926858][T11346]  dump_stack+0x15/0x17
[  619.933009][T11346]  should_fail+0x3c6/0x510
[  619.937592][T11346]  ? __request_module+0x2ad/0x8d0
[  619.944036][T11346]  __should_failslab+0xa4/0xe0
[  619.949218][T11346]  should_failslab+0x9/0x20
[  619.955826][T11346]  __kmalloc_track_caller+0x5f/0x320
[  619.961749][T11346]  ? __kasan_kmalloc+0x9/0x10
[  619.967757][T11346]  kstrdup+0x34/0x70
[  619.972405][T11346]  __request_module+0x2ad/0x8d0
[  619.977285][T11346]  ? copy_regset_to_user+0x210/0x210
[  619.982683][T11346]  ? sysvec_reschedule_ipi+0x83/0x160
[  619.988673][T11346]  ? __rcu_read_unlock+0x90/0x90
[  619.994135][T11346]  ? inet_create+0xaa/0xf70
[  619.999005][T11346]  inet_create+0x20f/0xf70
[  620.003845][T11346]  __sock_create+0x3a6/0x760
[  620.008434][T11346]  __sys_socketpair+0x29f/0x6e0
[  620.013478][T11346]  ? __ia32_sys_socket+0x90/0x90
[  620.019056][T11346]  __x64_sys_socketpair+0x9b/0xb0
[  620.024438][T11346]  do_syscall_64+0x34/0x70
[  620.030660][T11346]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  620.037629][T11346] RIP: 0033:0x7f0c44b8fbd9
[  620.044609][T11346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  620.067775][T11346] RSP: 002b:00007f0c43e11048 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  620.078727][T11346] RAX: ffffffffffffffda RBX: 00007f0c44d1df60 RCX: 00007f0c44b8fbd9
[  620.090293][T11346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  620.099227][T11346] RBP: 00007f0c43e110a0 R08: 0000000000000000 R09: 0000000000000000
[  620.108702][T11346] R10: 0000000020000400 R11: 0000000000000246 R12: 0000000000000001
[  620.117221][T11346] R13: 000000000000000b R14: 00007f0c44d1df60 R15: 00007ffe33c0dc78
[  620.133408][ T2731] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  620.161005][  T658] usb 3-1: USB disconnect, device number 75
[  620.551876][ T2731] usb 4-1: Using ep0 maxpacket: 16
[  620.751879][ T2731] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  620.769849][ T2731] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  620.791435][ T2731] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  620.809891][ T2731] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.832621][ T2731] usb 4-1: config 0 descriptor??
[  620.838649][   T15] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  620.855769][   T15] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  620.866304][   T15] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  620.875833][   T15] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.885521][   T15] usb 5-1: config 0 descriptor??
[  620.922672][   T15] usb 5-1: MIDIStreaming interface descriptor not found
[  621.126003][  T485] usb 5-1: USB disconnect, device number 81
[  621.241805][  T331] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  621.314900][ T2731] lenovo 0003:17EF:6067.006B: item fetching failed at offset 4/5
[  621.324232][ T2731] lenovo 0003:17EF:6067.006B: hid_parse failed
[  621.331573][ T2731] lenovo: probe of 0003:17EF:6067.006B failed with error -22
[  621.491877][  T331] usb 2-1: Using ep0 maxpacket: 8
[  621.612248][  T331] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  621.622722][  T331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  621.705618][  T331] usb 2-1: config 0 descriptor??
[  622.203134][T11363] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  622.204821][   T24] audit: type=1400 audit(1720528042.190:7148): avc:  denied  { create } for  pid=11362 comm="syz.1.2815" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=2321202E2F6367726F75702F66696C6530616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161
[  622.302295][   T24] audit: type=1400 audit(1720528042.190:7149): avc:  denied  { associate } for  pid=11362 comm="syz.1.2815" name="file0" scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon=2321202E2F6367726F75702F66696C653061616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616
[  622.418146][   T24] audit: type=1400 audit(1720528042.390:7150): avc:  denied  { mounton } for  pid=11362 comm="syz.1.2815" path="/199/file0" dev="tmpfs" ino=1115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=2321202E2F6367726F75702F66696C6530616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616
[  622.626199][T11394] x_tables: unsorted underflow at hook 3
[  623.368016][   T15] usb 4-1: USB disconnect, device number 77
[  623.377098][   T24] audit: type=1326 audit(1720528043.360:7151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11402 comm="syz.0.2824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ded938bd9 code=0x7ffc0000
[  623.401186][   T24] audit: type=1326 audit(1720528043.360:7152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11402 comm="syz.0.2824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f3ded938bd9 code=0x7ffc0000
[  623.432402][   T24] audit: type=1326 audit(1720528043.360:7153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11402 comm="syz.0.2824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ded938bd9 code=0x7ffc0000
[  623.469666][   T24] audit: type=1326 audit(1720528043.360:7154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11402 comm="syz.0.2824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ded938bd9 code=0x7ffc0000
[  623.498018][   T24] audit: type=1326 audit(1720528043.360:7155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11402 comm="syz.0.2824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ded938bd9 code=0x7ffc0000
[  623.532278][   T24] audit: type=1326 audit(1720528043.360:7156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11402 comm="syz.0.2824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3ded938bd9 code=0x7ffc0000
[  623.557164][   T24] audit: type=1326 audit(1720528043.360:7157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11402 comm="syz.0.2824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3ded938c13 code=0x7ffc0000
[  623.601975][  T331] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  623.614904][  T331] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  623.625937][  T331] asix: probe of 2-1:0.0 failed with error -71
[  623.633954][  T331] usb 2-1: USB disconnect, device number 76
[  623.717482][T11410] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  623.820827][   T52] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  624.901986][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  624.942239][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  624.952796][   T52] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  624.962700][   T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.975496][   T52] usb 1-1: config 0 descriptor??
[  624.983535][T11423] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  624.994249][T11423] ext4 filesystem being mounted at /23/bus supports timestamps until 2038 (0x7fffffff)
[  625.981573][T11449] device pim6reg1 entered promiscuous mode
[  625.991838][   T52] usbhid 1-1:0.0: can't add hid device: -71
[  625.999117][   T52] usbhid: probe of 1-1:0.0 failed with error -71
[  626.011001][   T52] usb 1-1: USB disconnect, device number 69
[  626.056674][T11454] x_tables: unsorted underflow at hook 3
[  626.471868][  T485] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  626.956108][   T15] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  627.011840][  T485] usb 3-1: Using ep0 maxpacket: 16
[  627.151945][  T485] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  627.164946][  T485] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  627.177083][  T485] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  627.187745][  T485] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.198201][  T485] usb 3-1: config 0 descriptor??
[  627.233498][T11471] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  627.341911][   T15] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  627.353198][   T15] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  627.363499][   T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.814108][   T15] usb 4-1: config 0 descriptor??
[  628.013136][  T485] lenovo 0003:17EF:6067.006C: item fetching failed at offset 4/5
[  628.029830][  T485] lenovo 0003:17EF:6067.006C: hid_parse failed
[  628.038837][  T485] lenovo: probe of 0003:17EF:6067.006C failed with error -22
[  628.173150][T11486] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  628.184033][T11486] ext4 filesystem being mounted at /74/bus supports timestamps until 2038 (0x7fffffff)
[  629.242858][  T328] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  629.401964][   T15] usbhid 4-1:0.0: can't add hid device: -71
[  629.408010][   T15] usbhid: probe of 4-1:0.0 failed with error -71
[  629.416937][   T15] usb 4-1: USB disconnect, device number 78
[  629.779865][  T331] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  629.795376][ T6763] usb 3-1: USB disconnect, device number 76
[  629.911873][  T328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  629.938666][  T328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  629.962743][  T328] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  629.974494][  T328] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.266223][T11514] x_tables: unsorted underflow at hook 3
[  630.272815][T11517] x_tables: unsorted underflow at hook 3
[  630.552198][  T328] usb 1-1: config 0 descriptor??
[  630.813922][T11525] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.2853: bad orphan inode 8192
[  630.825875][T11525] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  630.861917][  T331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 119, changing to 10
[  630.886213][  T331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 49449, setting to 1024
[  630.910530][  T331] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  630.938481][  T331] usb 5-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00
[  630.960482][  T331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.972691][  T331] usb 5-1: config 0 descriptor??
[  631.018325][T11495] udc-core: couldn't find an available UDC or it's busy
[  631.031315][T11495] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  631.121872][  T328] usbhid 1-1:0.0: can't add hid device: -71
[  631.133191][  T328] usbhid: probe of 1-1:0.0 failed with error -71
[  631.149388][  T328] usb 1-1: USB disconnect, device number 70
[  631.541868][  T331] usbhid 5-1:0.0: can't add hid device: -71
[  631.548362][  T331] usbhid: probe of 5-1:0.0 failed with error -71
[  631.575296][  T331] usb 5-1: USB disconnect, device number 82
[  631.657353][T11541] x_tables: unsorted underflow at hook 3
[  632.321825][  T331] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  632.381809][  T288] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  632.829863][T11563] x_tables: unsorted underflow at hook 3
[  633.022436][  T331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  633.092456][  T288] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  633.108111][  T331] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  633.122898][  T288] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.134386][  T331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.147285][  T288] usb 5-1: config 0 descriptor??
[  633.247254][  T331] usb 3-1: config 0 descriptor??
[  634.051192][   T24] kauditd_printk_skb: 21 callbacks suppressed
[  634.051206][   T24] audit: type=1400 audit(1720528054.030:7179): avc:  denied  { map } for  pid=11580 comm="syz.1.2867" path="socket:[60531]" dev="sockfs" ino=60531 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  634.341917][  T288] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  634.357806][  T288] asix: probe of 5-1:0.0 failed with error -71
[  634.368957][  T288] usb 5-1: USB disconnect, device number 83
[  634.376448][  T568] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  634.622016][  T568] usb 2-1: Using ep0 maxpacket: 16
[  634.782093][  T568] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  634.794157][  T568] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  634.812798][  T568] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  634.824499][  T568] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.855934][T11594] x_tables: unsorted underflow at hook 3
[  634.930123][  T568] usb 2-1: config 0 descriptor??
[  635.105418][T11604] FAULT_INJECTION: forcing a failure.
[  635.105418][T11604] name failslab, interval 1, probability 0, space 0, times 0
[  635.161606][   T24] audit: type=1326 audit(1720528055.090:7180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  635.202949][T11607] FAULT_INJECTION: forcing a failure.
[  635.202949][T11607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  635.221795][T11607] CPU: 1 PID: 11607 Comm: syz.2.2874 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  635.233899][T11607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  635.248229][T11607] Call Trace:
[  635.252397][T11607]  dump_stack_lvl+0x1e2/0x24b
[  635.258124][T11607]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  635.264567][T11607]  ? release_firmware_map_entry+0x192/0x192
[  635.271527][T11607]  dump_stack+0x15/0x17
[  635.276078][T11607]  should_fail+0x3c6/0x510
[  635.281560][T11607]  should_fail_usercopy+0x1a/0x20
[  635.287616][T11607]  _copy_from_iter_full+0x1ef/0xa20
[  635.293287][T11607]  ? irqentry_exit+0x4f/0x60
[  635.298406][T11607]  ? sysvec_reschedule_ipi+0x83/0x160
[  635.303949][T11607]  ? copyin+0x90/0x90
[  635.307748][T11607]  packet_sendmsg+0x3793/0x60a0
[  635.312469][T11607]  ? avc_has_perm+0x14d/0x400
[  635.317399][T11607]  ? avc_has_perm+0x275/0x400
[  635.323142][T11607]  ? selinux_socket_sendmsg+0x243/0x340
[  635.328610][T11607]  ? selinux_socket_accept+0x5b0/0x5b0
[  635.333959][T11607]  ? packet_getsockopt+0xea0/0xea0
[  635.339609][T11607]  ? check_stack_object+0xf4/0x130
[  635.344858][T11607]  ? security_socket_sendmsg+0x82/0xb0
[  635.350430][T11607]  ? packet_getsockopt+0xea0/0xea0
[  635.357478][T11607]  __sys_sendto+0x545/0x700
[  635.362299][T11607]  ? __ia32_sys_getpeername+0x90/0x90
[  635.368215][T11607]  ? finish_task_switch+0x130/0x5a0
[  635.374093][T11607]  ? __ia32_sys_read+0x90/0x90
[  635.376040][T11606] x_tables: unsorted underflow at hook 3
[  635.378870][T11607]  ? fpu__clear_all+0x20/0x20
[  635.378894][T11607]  __x64_sys_sendto+0xe5/0x100
[  635.397470][T11607]  do_syscall_64+0x34/0x70
[  635.402269][T11607]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  635.409309][T11607] RIP: 0033:0x7fa3ce53abd9
[  635.414874][T11607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  635.437652][T11607] RSP: 002b:00007fa3cd77a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  635.446321][T11607] RAX: ffffffffffffffda RBX: 00007fa3ce6c9110 RCX: 00007fa3ce53abd9
[  635.457480][T11607] RDX: 000000000001fffc RSI: 0000000020000180 RDI: 0000000000000009
[  635.468300][T11607] RBP: 00007fa3cd77a0a0 R08: 0000000020000140 R09: 0000000000000014
[  635.477576][T11607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  635.487622][T11607] R13: 000000000000006e R14: 00007fa3ce6c9110 R15: 00007fff99697698
[  635.628611][T11604] CPU: 1 PID: 11604 Comm: syz.3.2876 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  635.639489][T11604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  635.651098][T11604] Call Trace:
[  635.655240][T11604]  dump_stack_lvl+0x1e2/0x24b
[  635.661225][T11604]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  635.666706][T11604]  ? wake_up_klogd+0xb8/0xf0
[  635.672238][T11604]  dump_stack+0x15/0x17
[  635.676313][T11604]  should_fail+0x3c6/0x510
[  635.681296][T11604]  ? audit_log_d_path+0xa1/0x2b0
[  635.686665][T11604]  __should_failslab+0xa4/0xe0
[  635.691617][T11604]  should_failslab+0x9/0x20
[  635.698629][T11604]  kmem_cache_alloc_trace+0x3a/0x2e0
[  635.703933][T11604]  ? audit_log_n_string+0x3ad/0x590
[  635.708951][T11604]  audit_log_d_path+0xa1/0x2b0
[  635.714086][T11604]  ? get_mm_exe_file+0xd5/0x100
[  635.718876][T11604]  audit_log_d_path_exe+0x42/0x70
[  635.724595][T11604]  audit_log_task+0x20d/0x2e0
[  635.730256][T11604]  ? audit_core_dumps+0x100/0x100
[  635.735743][T11604]  ? __fsnotify_parent+0x4b9/0x6c0
[  635.740983][T11604]  audit_seccomp+0x7a/0x1e0
[  635.746520][T11604]  __seccomp_filter+0xd03/0x1e10
[  635.753912][T11604]  ? vfs_write+0x854/0xe70
[  635.758318][T11604]  ? __secure_computing+0x300/0x300
[  635.764078][T11604]  ? kernel_write+0x3d0/0x3d0
[  635.769019][T11604]  ? __kasan_check_write+0x14/0x20
[  635.775396][T11604]  ? mutex_lock+0xa5/0x110
[  635.781158][T11604]  ? mutex_trylock+0xa0/0xa0
[  635.787516][T11604]  ? fput_many+0x160/0x1b0
[  635.793925][T11604]  ? fput+0x1a/0x20
[  635.798424][T11604]  ? ksys_write+0x260/0x2c0
[  635.804351][T11604]  ? __ia32_sys_read+0x90/0x90
[  635.809238][T11604]  __secure_computing+0xf0/0x300
[  635.815411][T11604]  syscall_enter_from_user_mode+0xbf/0x1a0
[  635.821842][T11604]  do_syscall_64+0x13/0x70
[  635.826539][T11604]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  635.833778][T11604] RIP: 0033:0x7f83ea0b1bd9
[  635.839907][T11604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  635.862402][T11604] RSP: 002b:00007f83e9333048 EFLAGS: 00000246 ORIG_RAX: 000000000000000d
[  635.871047][T11604] RAX: ffffffffffffffda RBX: 00007f83ea23ff60 RCX: 00007f83ea0b1bd9
[  635.880000][T11604] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000019
[  635.888498][T11604] RBP: 00007f83e93330a0 R08: 0000000020000440 R09: 0000000000000000
[  635.897257][T11604] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  635.906692][T11604] R13: 000000000000000b R14: 00007f83ea23ff60 R15: 00007ffcf2cdfbb8
[  635.916043][  T331] usbhid 3-1:0.0: can't add hid device: -71
[  635.928155][  T331] usbhid: probe of 3-1:0.0 failed with error -71
[  635.937389][  T331] usb 3-1: USB disconnect, device number 77
[  635.965849][   T24] audit: type=1326 audit(1720528055.090:7181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f83ea0b0610 code=0x7ffc0000
[  635.994658][   T24] audit: type=1326 audit(1720528055.090:7182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f83ea0b075f code=0x7ffc0000
[  636.114088][   T24] audit: type=1326 audit(1720528055.090:7183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="<no_memory>" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  636.146744][   T24] audit: type=1326 audit(1720528055.920:7184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f83ea0b06bc code=0x7ffc0000
[  636.225621][   T24] audit: type=1326 audit(1720528055.920:7185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f83ea0b075f code=0x7ffc0000
[  636.259609][   T24] audit: type=1326 audit(1720528055.920:7186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f83ea0b090a code=0x7ffc0000
[  636.288328][   T24] audit: type=1326 audit(1720528055.920:7187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  636.309960][  T568] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.006D/input/input18
[  636.348755][   T24] audit: type=1326 audit(1720528055.920:7188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11603 comm="syz.3.2876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  636.510678][T11627] x_tables: unsorted underflow at hook 3
[  636.712918][  T568] microsoft 0003:045E:07DA.006D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  637.361878][   T15] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  637.369812][  T328] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  637.551879][  T568] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  637.782003][   T15] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  637.796346][  T328] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  637.808120][  T328] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  637.820299][   T15] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  637.832109][  T328] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  637.844976][   T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.856349][  T328] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.868604][   T15] usb 4-1: config 0 descriptor??
[  637.875872][  T328] usb 3-1: config 0 descriptor??
[  637.912011][  T568] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  637.921375][  T568] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.932684][  T568] usb 5-1: config 0 descriptor??
[  638.014322][    T5] usb 2-1: USB disconnect, device number 77
[  638.021885][  T485] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  638.382571][T11638] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  638.393524][T11638] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,journal_dev=0x0000000000000008,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue
[  638.431894][  T485] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  638.446177][T11638] EXT4-fs error (device loop2): ext4_find_dest_de:2076: inode #2: block 16: comm syz.2.2885: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=33261, rec_len=1050, size=1024 fake=0
[  638.447430][  T485] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  638.479826][  T485] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  638.488927][  T485] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.498511][  T485] usb 1-1: config 0 descriptor??
[  638.689634][T11638] EXT4-fs error (device loop2): ext4_find_dest_de:2076: inode #2: block 16: comm syz.2.2885: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=33261, rec_len=1050, size=1024 fake=0
[  638.715292][  T314] Bluetooth: hci0: Frame reassembly failed (-84)
[  638.909393][T11653] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2889'.
[  638.923729][T11653] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.933229][T11653] device bridge_slave_1 left promiscuous mode
[  638.941566][T11653] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.949685][T11653] bridge1: port 1(bridge_slave_1) entered blocking state
[  638.957426][T11653] bridge1: port 1(bridge_slave_1) entered disabled state
[  638.965790][T11653] device bridge_slave_1 entered promiscuous mode
[  639.051924][  T568] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  639.064167][  T568] asix: probe of 5-1:0.0 failed with error -71
[  639.072476][  T568] usb 5-1: USB disconnect, device number 84
[  639.232090][  T485] usbhid 1-1:0.0: can't add hid device: -71
[  639.239141][  T485] usbhid: probe of 1-1:0.0 failed with error -71
[  639.247189][  T485] usb 1-1: USB disconnect, device number 71
[  639.990687][T11669] FAULT_INJECTION: forcing a failure.
[  639.990687][T11669] name failslab, interval 1, probability 0, space 0, times 0
[  640.004425][T11669] CPU: 1 PID: 11669 Comm: syz.0.2892 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  640.015245][T11669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  640.025584][T11669] Call Trace:
[  640.029064][T11669]  dump_stack_lvl+0x1e2/0x24b
[  640.033766][T11669]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  640.039373][T11669]  ? wake_up_klogd+0xb8/0xf0
[  640.044136][T11669]  dump_stack+0x15/0x17
[  640.049414][T11669]  should_fail+0x3c6/0x510
[  640.055584][T11669]  ? getname_kernel+0x59/0x2e0
[  640.060862][T11669]  __should_failslab+0xa4/0xe0
[  640.065803][T11669]  should_failslab+0x9/0x20
[  640.070939][T11669]  kmem_cache_alloc+0x3d/0x2e0
[  640.076696][T11669]  getname_kernel+0x59/0x2e0
[  640.082695][T11669]  kern_path+0x1f/0x40
[  640.086658][T11669]  lookup_bdev+0xb3/0x220
[  640.091430][T11669]  ? blkdev_get_by_path+0x480/0x480
[  640.098487][T11669]  __se_sys_quotactl+0x309/0x6e50
[  640.106110][T11669]  ? 0xffffffffa0016220
[  640.111228][T11669]  ? __x64_sys_quotactl+0xb0/0xb0
[  640.117058][T11669]  ? stack_trace_save+0x1c0/0x1c0
[  640.122262][T11669]  ? __kernel_text_address+0x9b/0x110
[  640.128215][T11669]  ? unwind_get_return_address+0x4d/0x90
[  640.133732][T11669]  ? arch_stack_walk+0xf3/0x140
[  640.138881][T11669]  ? stack_trace_save+0x113/0x1c0
[  640.144602][T11669]  ? stack_trace_snprint+0xf0/0xf0
[  640.149880][T11669]  ? stack_trace_save+0x113/0x1c0
[  640.154741][T11669]  ? __kasan_slab_alloc+0xc3/0xe0
[  640.159857][T11669]  ? __kasan_slab_alloc+0xb1/0xe0
[  640.165044][T11669]  ? slab_post_alloc_hook+0x61/0x2f0
[  640.170298][T11669]  ? kmem_cache_alloc+0x168/0x2e0
[  640.176387][T11669]  ? security_inode_alloc+0x29/0x120
[  640.181917][T11669]  ? inode_init_always+0x767/0x9f0
[  640.188072][T11669]  ? new_inode_pseudo+0x93/0x220
[  640.193367][T11669]  ? new_inode+0x28/0x1c0
[  640.197629][T11669]  ? proc_pid_make_inode+0x27/0x1d0
[  640.203541][T11669]  ? proc_pident_instantiate+0x7a/0x2e0
[  640.209455][T11669]  ? proc_pident_lookup+0x1c4/0x260
[  640.215360][T11669]  ? proc_tid_base_lookup+0x2b/0x30
[  640.221135][T11669]  ? path_openat+0x11ab/0x3000
[  640.226314][T11669]  ? do_filp_open+0x21c/0x460
[  640.230992][T11669]  ? do_sys_openat2+0x13f/0x6f0
[  640.237187][T11669]  ? __x64_sys_openat+0x243/0x290
[  640.242331][T11669]  ? do_syscall_64+0x34/0x70
[  640.248187][T11669]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  640.254250][T11669]  ? avc_has_perm+0x14d/0x400
[  640.259116][T11669]  ? memcpy+0x56/0x70
[  640.263001][T11669]  ? avc_has_perm+0x275/0x400
[  640.267692][T11669]  ? avc_has_perm_noaudit+0x240/0x240
[  640.273200][T11669]  ? 0xffffffffa0016220
[  640.277271][T11669]  ? is_bpf_text_address+0x172/0x190
[  640.282588][T11669]  ? stack_trace_save+0x1c0/0x1c0
[  640.287443][T11669]  ? __kernel_text_address+0x9b/0x110
[  640.292966][T11669]  ? unwind_get_return_address+0x4d/0x90
[  640.299207][T11669]  ? arch_stack_walk+0xf3/0x140
[  640.305135][T11669]  ? stack_trace_save+0x113/0x1c0
[  640.311088][T11669]  ? terminate_walk+0x407/0x4f0
[  640.315930][T11669]  ? stack_trace_snprint+0xf0/0xf0
[  640.321048][T11669]  ? kmem_cache_free+0xa9/0x1e0
[  640.325732][T11669]  ? kmem_cache_free+0xa9/0x1e0
[  640.332435][T11669]  ? kasan_set_track+0x5d/0x70
[  640.337034][T11669]  ? kasan_set_track+0x4b/0x70
[  640.342713][T11669]  ? kasan_set_free_info+0x23/0x40
[  640.347807][T11669]  ? ____kasan_slab_free+0x121/0x160
[  640.353324][T11669]  ? __kasan_slab_free+0x11/0x20
[  640.358297][T11669]  ? slab_free_freelist_hook+0xc0/0x190
[  640.363845][T11669]  ? kmem_cache_free+0xa9/0x1e0
[  640.369640][T11669]  ? putname+0xe7/0x140
[  640.373635][T11669]  ? do_sys_openat2+0x5e1/0x6f0
[  640.378328][T11669]  ? __x64_sys_openat+0x243/0x290
[  640.383556][T11669]  ? do_syscall_64+0x34/0x70
[  640.388245][T11669]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  640.394504][T11669]  ? _kstrtoull+0x3a0/0x4a0
[  640.398889][T11669]  ? kstrtouint_from_user+0x20a/0x2a0
[  640.405073][T11669]  ? kstrtol_from_user+0x310/0x310
[  640.410719][T11669]  ? memset+0x35/0x40
[  640.414815][T11669]  ? __fsnotify_parent+0x4b9/0x6c0
[  640.420148][T11669]  ? __fsnotify_update_child_dentry_flags+0x2b0/0x2b0
[  640.426855][T11669]  ? proc_fail_nth_write+0x20b/0x290
[  640.433063][T11669]  ? proc_fail_nth_read+0x210/0x210
[  640.438549][T11669]  ? security_file_permission+0x86/0xb0
[  640.444042][T11669]  ? rw_verify_area+0x1c3/0x360
[  640.448899][T11669]  ? preempt_count_add+0x92/0x1a0
[  640.454694][T11669]  ? vfs_write+0x854/0xe70
[  640.459521][T11669]  ? kernel_write+0x3d0/0x3d0
[  640.464094][T11669]  ? __kasan_check_write+0x14/0x20
[  640.469044][T11669]  ? mutex_lock+0xa5/0x110
[  640.473406][T11669]  ? mutex_trylock+0xa0/0xa0
[  640.477798][T11669]  ? __kasan_check_write+0x14/0x20
[  640.482949][T11669]  ? fput_many+0x160/0x1b0
[  640.488219][T11669]  ? fput+0x1a/0x20
[  640.492673][T11669]  ? ksys_write+0x260/0x2c0
[  640.496990][T11669]  __x64_sys_quotactl+0x9b/0xb0
[  640.502715][T11669]  do_syscall_64+0x34/0x70
[  640.508885][T11669]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  640.514982][T11669] RIP: 0033:0x7f3ded938bd9
[  640.519473][T11669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.542054][T11669] RSP: 002b:00007f3decb78048 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  640.550529][T11669] RAX: ffffffffffffffda RBX: 00007f3dedac7110 RCX: 00007f3ded938bd9
[  640.558821][T11669] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000000
[  640.566616][T11669] RBP: 00007f3decb780a0 R08: 0000000000000000 R09: 0000000000000000
[  640.574831][T11669] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001
[  640.583415][T11669] R13: 000000000000006e R14: 00007f3dedac7110 R15: 00007ffe7090ff98
[  640.645948][   T24] kauditd_printk_skb: 6 callbacks suppressed
[  640.645963][   T24] audit: type=1326 audit(1720528060.630:7195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11675 comm="syz.3.2895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  640.652019][   T15] usbhid 4-1:0.0: can't add hid device: -71
[  640.686605][   T24] audit: type=1326 audit(1720528060.660:7196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11675 comm="syz.3.2895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  640.734541][   T15] usbhid: probe of 4-1:0.0 failed with error -71
[  640.753959][   T15] usb 4-1: USB disconnect, device number 79
[  640.796154][  T568] Bluetooth: hci0: command 0x1003 tx timeout
[  640.802389][  T841] Bluetooth: hci0: sending frame failed (-49)
[  640.809958][T11680] 9pnet: Insufficient options for proto=fd
[  640.827438][   T24] audit: type=1326 audit(1720528060.660:7197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11675 comm="syz.3.2895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  640.860554][T11680] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2897'.
[  640.878397][   T24] audit: type=1326 audit(1720528060.660:7198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11675 comm="syz.3.2895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  640.904866][   T24] audit: type=1326 audit(1720528060.660:7199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11675 comm="syz.3.2895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83ea0b1bd9 code=0x7ffc0000
[  641.271901][  T568] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  641.391277][   T15] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  641.541878][    T5] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  641.631941][   T15] usb 4-1: Using ep0 maxpacket: 8
[  641.721866][  T568] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  641.732657][  T568] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  641.741604][  T568] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.750162][  T568] usb 2-1: config 0 descriptor??
[  641.753714][   T15] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  641.766564][   T15] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  641.776395][   T15] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  641.786526][   T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.795613][   T15] usb 4-1: config 0 descriptor??
[  641.931883][    T5] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  641.944512][    T5] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  641.956385][    T5] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  641.965315][    T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.975403][    T5] usb 1-1: config 0 descriptor??
[  642.332761][   T15] steelseries_srws1 0003:1038:1410.006E: item fetching failed at offset 4/7
[  642.351823][   T15] steelseries_srws1 0003:1038:1410.006E: parse failed
[  642.358679][   T15] steelseries_srws1: probe of 0003:1038:1410.006E failed with error -22
[  642.372176][  T568] usbhid 2-1:0.0: can't add hid device: -71
[  642.378586][  T568] usbhid: probe of 2-1:0.0 failed with error -71
[  642.385868][  T568] usb 2-1: USB disconnect, device number 78
[  642.703855][T11702] device pim6reg1 entered promiscuous mode
[  642.715596][    T5] usbhid 1-1:0.0: can't add hid device: -71
[  642.731969][    T5] usbhid: probe of 1-1:0.0 failed with error -71
[  642.749743][    T5] usb 1-1: USB disconnect, device number 72
[  642.900108][ T6763] Bluetooth: hci0: command 0x1001 tx timeout
[  642.909611][  T841] Bluetooth: hci0: sending frame failed (-49)
[  642.939664][T11709] bridge0: port 1(bridge_slave_0) entered blocking state
[  642.952249][T11709] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.968051][T11709] device bridge_slave_0 entered promiscuous mode
[  642.976007][T11709] bridge0: port 2(bridge_slave_1) entered blocking state
[  642.984613][T11709] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.992384][T11709] device bridge_slave_1 entered promiscuous mode
[  643.063918][T11709] bridge0: port 2(bridge_slave_1) entered blocking state
[  643.071184][T11709] bridge0: port 2(bridge_slave_1) entered forwarding state
[  643.078447][T11709] bridge0: port 1(bridge_slave_0) entered blocking state
[  643.086631][T11709] bridge0: port 1(bridge_slave_0) entered forwarding state
[  643.121235][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  643.130632][  T331] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.140193][  T331] bridge0: port 2(bridge_slave_1) entered disabled state
[  643.160663][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  643.180179][ T6763] bridge0: port 1(bridge_slave_0) entered blocking state
[  643.187792][ T6763] bridge0: port 1(bridge_slave_0) entered forwarding state
[  643.197593][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  643.209722][ T6763] bridge0: port 2(bridge_slave_1) entered blocking state
[  643.217362][ T6763] bridge0: port 2(bridge_slave_1) entered forwarding state
[  643.236385][  T288] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  643.245999][  T288] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  643.267791][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  643.290404][T11709] device veth0_vlan entered promiscuous mode
[  643.304711][  T288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  643.320930][  T288] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  643.340511][  T288] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  643.363977][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  643.379532][T11709] device veth1_macvtap entered promiscuous mode
[  643.403763][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  643.428941][  T288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  643.503009][T11720] FAULT_INJECTION: forcing a failure.
[  643.503009][T11720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  643.518251][T11720] CPU: 0 PID: 11720 Comm: syz.1.2909 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  643.528925][T11720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  643.539788][T11720] Call Trace:
[  643.543120][T11720]  dump_stack_lvl+0x1e2/0x24b
[  643.547878][T11720]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  643.554981][T11720]  dump_stack+0x15/0x17
[  643.559405][T11720]  should_fail+0x3c6/0x510
[  643.564174][T11720]  should_fail_usercopy+0x1a/0x20
[  643.569140][T11720]  _copy_from_user+0x20/0xd0
[  643.573748][T11720]  __se_sys_memfd_create+0x131/0x3c0
[  643.579233][T11720]  __x64_sys_memfd_create+0x5b/0x70
[  643.584237][T11720]  do_syscall_64+0x34/0x70
[  643.588494][T11720]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  643.597107][T11720] RIP: 0033:0x7eff7ea1bbd9
[  643.603264][T11720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  643.624633][T11720] RSP: 002b:00007eff7dc9ce28 EFLAGS: 00000206 ORIG_RAX: 000000000000013f
[  643.633065][T11720] RAX: ffffffffffffffda RBX: 00000000000004fe RCX: 00007eff7ea1bbd9
[  643.641094][T11720] RDX: 00007eff7dc9cf00 RSI: 0000000000000000 RDI: 00007eff7ea89d24
[  643.649380][T11720] RBP: 0000000020001080 R08: 00007eff7dc9cbc7 R09: 00007eff7dc9ce50
[  643.658197][T11720] R10: 000000000000000a R11: 0000000000000206 R12: 0000000020000500
[  643.666186][T11720] R13: 00007eff7dc9cf00 R14: 00007eff7dc9cec0 R15: 0000000020000440
[  643.698067][  T328] usbhid 3-1:0.0: can't add hid device: -32
[  643.706412][  T328] usbhid: probe of 3-1:0.0 failed with error -32
[  643.733666][T11724] 9pnet: Insufficient options for proto=fd
[  643.753404][    T7] device bridge_slave_1 left promiscuous mode
[  643.756220][T11724] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2910'.
[  643.760285][    T7] bridge1: port 1(bridge_slave_1) entered disabled state
[  643.784930][    T7] device bridge_slave_0 left promiscuous mode
[  643.791393][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.841044][    T7] device veth1_macvtap left promiscuous mode
[  643.861838][    T7] device veth0_vlan left promiscuous mode
[  644.019742][T11734] x_tables: unsorted underflow at hook 3
[  644.934446][   T52] Bluetooth: hci0: command 0x1009 tx timeout
[  645.092422][   T52] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  645.501993][   T52] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  645.529459][   T52] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  645.567620][   T52] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  645.602051][   T52] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.626440][   T52] usb 5-1: config 0 descriptor??
[  646.086086][T11754] 9pnet: Insufficient options for proto=fd
[  646.102229][   T52] hid (null): bogus close delimiter
[  646.241897][  T842] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  646.331857][   T52] usb 5-1: string descriptor 0 read error: -71
[  646.361834][   T52] uclogic 0003:256C:006D.006F: failed retrieving string descriptor #200: -71
[  646.372959][   T52] uclogic 0003:256C:006D.006F: failed retrieving pen parameters: -71
[  646.383816][   T52] uclogic 0003:256C:006D.006F: failed probing pen v2 parameters: -71
[  646.393782][   T52] uclogic 0003:256C:006D.006F: failed probing parameters: -71
[  646.403876][   T52] uclogic: probe of 0003:256C:006D.006F failed with error -71
[  646.419766][   T52] usb 5-1: USB disconnect, device number 85
[  646.611895][  T842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  646.624465][  T842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  646.636634][  T842] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  646.647348][  T842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.672031][  T842] usb 2-1: config 0 descriptor??
[  646.891535][T11760] bridge0: port 1(bridge_slave_0) entered blocking state
[  646.901092][T11760] bridge0: port 1(bridge_slave_0) entered disabled state
[  646.909485][T11760] device bridge_slave_0 entered promiscuous mode
[  646.920537][T11760] bridge0: port 2(bridge_slave_1) entered blocking state
[  646.929997][T11760] bridge0: port 2(bridge_slave_1) entered disabled state
[  646.939371][T11760] device bridge_slave_1 entered promiscuous mode
[  647.073502][T11760] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.082210][T11760] bridge0: port 2(bridge_slave_1) entered forwarding state
[  647.089948][T11760] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.096995][T11760] bridge0: port 1(bridge_slave_0) entered forwarding state
[  647.143621][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  647.153248][  T331] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.166270][  T331] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.186215][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  647.196029][  T331] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.205841][  T331] bridge0: port 1(bridge_slave_0) entered forwarding state
[  647.216370][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  647.231402][  T331] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.240483][  T331] bridge0: port 2(bridge_slave_1) entered forwarding state
[  647.310777][   T52] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  647.326742][   T52] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  647.373402][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  647.409323][T11769] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.412114][  T842] usbhid 2-1:0.0: can't add hid device: -71
[  647.426784][  T842] usbhid: probe of 2-1:0.0 failed with error -71
[  647.428480][T11769] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.439556][  T842] usb 2-1: USB disconnect, device number 79
[  647.462491][T11769] device bridge_slave_0 entered promiscuous mode
[  647.483152][T11760] device veth0_vlan entered promiscuous mode
[  647.494026][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  647.512621][T11769] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.598285][T11769] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.605941][T11769] device bridge_slave_1 entered promiscuous mode
[  647.612399][  T568] usb 4-1: USB disconnect, device number 80
[  647.638611][    T7] device bridge_slave_1 left promiscuous mode
[  647.646401][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.658592][    T7] device bridge_slave_0 left promiscuous mode
[  647.674411][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.684823][    T7] device veth1_macvtap left promiscuous mode
[  647.691642][    T7] device veth0_vlan left promiscuous mode
[  647.844199][T11787] x_tables: unsorted underflow at hook 3
[  647.891925][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  647.927825][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  648.129153][T11789] 9pnet: Insufficient options for proto=fd
[  648.154456][   T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  648.165457][   T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  648.177225][T11760] device veth1_macvtap entered promiscuous mode
[  648.253987][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  648.266669][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  648.276928][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  648.286037][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  648.295740][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  648.401865][   T24] audit: type=1326 audit(1720528068.390:7200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.443519][   T24] audit: type=1326 audit(1720528068.410:7201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.491787][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  648.510049][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  648.532563][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  648.542357][   T24] audit: type=1326 audit(1720528068.410:7202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.570961][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  648.581102][  T568] bridge0: port 1(bridge_slave_0) entered blocking state
[  648.588566][  T568] bridge0: port 1(bridge_slave_0) entered forwarding state
[  648.599775][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  648.608576][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  648.620913][  T568] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.628934][  T568] bridge0: port 2(bridge_slave_1) entered forwarding state
[  648.654175][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  648.662870][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  648.669047][   T24] audit: type=1326 audit(1720528068.410:7203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.684648][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  648.742035][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  648.744584][   T24] audit: type=1326 audit(1720528068.410:7204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.762337][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  648.788480][   T24] audit: type=1326 audit(1720528068.410:7205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.821431][   T24] audit: type=1326 audit(1720528068.410:7206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.822867][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  648.864158][   T24] audit: type=1326 audit(1720528068.410:7207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.892068][  T568] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  648.910296][T11769] device veth0_vlan entered promiscuous mode
[  648.929502][   T24] audit: type=1326 audit(1720528068.410:7208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  648.941969][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  648.983022][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  648.987207][  T842] usb 3-1: USB disconnect, device number 78
[  649.001082][T11769] device veth1_macvtap entered promiscuous mode
[  649.025645][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  649.062921][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  649.081838][   T24] audit: type=1326 audit(1720528068.410:7209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11797 comm="syz.4.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdea22a0bd9 code=0x7ffc0000
[  649.092818][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  649.200717][T11812] FAULT_INJECTION: forcing a failure.
[  649.200717][T11812] name failslab, interval 1, probability 0, space 0, times 0
[  649.220031][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  649.236390][T11812] CPU: 0 PID: 11812 Comm: syz.1.2937 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  649.237146][ T6763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  649.248492][T11812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  649.248498][T11812] Call Trace:
[  649.248521][T11812]  dump_stack_lvl+0x1e2/0x24b
[  649.248534][T11812]  ? panic+0x812/0x812
[  649.248547][T11812]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  649.248560][T11812]  dump_stack+0x15/0x17
[  649.248572][T11812]  should_fail+0x3c6/0x510
[  649.248586][T11812]  ? __d_alloc+0xad/0x6c0
[  649.248600][T11812]  __should_failslab+0xa4/0xe0
[  649.248614][T11812]  should_failslab+0x9/0x20
[  649.248624][T11812]  __kmalloc+0x60/0x330
[  649.248645][T11812]  ? kmem_cache_alloc+0x168/0x2e0
[  649.328332][T11812]  ? __d_alloc+0x2d/0x6c0
[  649.332761][T11812]  __d_alloc+0xad/0x6c0
[  649.338143][T11812]  d_alloc+0x4b/0x1d0
[  649.342318][T11812]  __lookup_hash+0xe7/0x290
[  649.347845][T11812]  do_renameat2+0x768/0x1240
[  649.353553][T11812]  ? fsnotify_move+0x290/0x290
[  649.359861][T11812]  __x64_sys_renameat2+0xdd/0xf0
[  649.365905][T11812]  do_syscall_64+0x34/0x70
[  649.370499][T11812]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  649.377997][T11812] RIP: 0033:0x7eff7ea1bbd9
[  649.382707][T11812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.407941][T11812] RSP: 002b:00007eff7dc9d048 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  649.416981][T11812] RAX: ffffffffffffffda RBX: 00007eff7eba9f60 RCX: 00007eff7ea1bbd9
[  649.426591][T11812] RDX: 0000000000000007 RSI: 0000000020000380 RDI: 0000000000000006
[  649.435614][T11812] RBP: 00007eff7dc9d0a0 R08: 0000000000000000 R09: 0000000000000000
[  649.445312][T11812] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[  649.454313][T11812] R13: 000000000000000b R14: 00007eff7eba9f60 R15: 00007ffc662834c8
[  649.594563][T11817] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2923'.
[  649.768724][T11823] 9pnet: Insufficient options for proto=fd
[  649.977353][T11831] FAULT_INJECTION: forcing a failure.
[  649.977353][T11831] name failslab, interval 1, probability 0, space 0, times 0
[  649.992704][T11831] CPU: 1 PID: 11831 Comm: syz.3.2942 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  650.004532][T11831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  650.017234][T11831] Call Trace:
[  650.021425][T11831]  dump_stack_lvl+0x1e2/0x24b
[  650.027341][T11831]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  650.034214][T11831]  ? __radix_tree_replace+0x248/0x2c0
[  650.041214][T11831]  dump_stack+0x15/0x17
[  650.047226][T11831]  should_fail+0x3c6/0x510
[  650.051873][T11831]  ? tcf_idr_create+0x5f/0x770
[  650.059181][T11831]  __should_failslab+0xa4/0xe0
[  650.064637][T11831]  should_failslab+0x9/0x20
[  650.070413][T11831]  __kmalloc+0x60/0x330
[  650.076536][T11831]  ? tcf_action_init_1+0x29c/0x830
[  650.083267][T11831]  tcf_idr_create+0x5f/0x770
[  650.088877][T11831]  ? tcf_idr_check_alloc+0x2c2/0x3b0
[  650.095480][T11831]  tcf_police_init+0x40d/0x1510
[  650.101885][T11831]  ? tcf_police_search+0x90/0x90
[  650.107845][T11831]  ? tcf_police_search+0x90/0x90
[  650.114757][T11831]  tcf_action_init_1+0x584/0x830
[  650.122095][T11831]  ? tc_action_load_ops+0x520/0x520
[  650.128240][T11831]  ? _raw_read_unlock+0x25/0x40
[  650.135936][T11831]  ? tc_action_load_ops+0x2b5/0x520
[  650.145567][T11831]  tcf_action_init+0x2b5/0x800
[  650.152303][T11831]  ? tcf_action_init_1+0x830/0x830
[  650.157445][T11831]  ? __nla_validate_parse+0x1e53/0x2700
[  650.164193][T11831]  ? cap_capable+0x1ce/0x270
[  650.169794][T11831]  ? security_capable+0x87/0xb0
[  650.176637][T11831]  tc_ctl_action+0x42b/0x9c0
[  650.183447][T11831]  ? tcf_free_cookie_rcu+0x50/0x50
[  650.188430][T11831]  ? _raw_spin_lock+0xa4/0x1b0
[  650.194254][T11831]  ? _raw_spin_trylock_bh+0x190/0x190
[  650.199482][T11831]  ? mutex_trylock+0xa0/0xa0
[  650.207067][T11831]  ? ns_capable+0x89/0xe0
[  650.212498][T11831]  ? netlink_net_capable+0x125/0x160
[  650.219339][T11831]  ? tcf_free_cookie_rcu+0x50/0x50
[  650.225738][T11831]  rtnetlink_rcv_msg+0x955/0xc50
[  650.231520][T11831]  ? is_bpf_text_address+0x172/0x190
[  650.238315][T11831]  ? rtnetlink_bind+0x80/0x80
[  650.244386][T11831]  ? arch_stack_walk+0xf3/0x140
[  650.249601][T11831]  ? stack_trace_save+0x113/0x1c0
[  650.256648][T11831]  ? stack_trace_snprint+0xf0/0xf0
[  650.263173][T11831]  ? avc_has_perm+0x14d/0x400
[  650.268778][T11831]  ? memcpy+0x56/0x70
[  650.272884][T11831]  ? avc_has_perm+0x275/0x400
[  650.279645][T11831]  ? __kasan_slab_alloc+0xb1/0xe0
[  650.286901][T11831]  ? slab_post_alloc_hook+0x61/0x2f0
[  650.292792][T11831]  ? kmem_cache_alloc+0x168/0x2e0
[  650.298503][T11831]  ? avc_has_perm_noaudit+0x240/0x240
[  650.304295][T11831]  ? iov_iter_advance+0x258/0xb20
[  650.309614][T11831]  netlink_rcv_skb+0x1cf/0x410
[  650.315725][T11831]  ? rtnetlink_bind+0x80/0x80
[  650.322461][T11831]  ? netlink_ack+0xb30/0xb30
[  650.327955][T11831]  ? __netlink_lookup+0x37b/0x3a0
[  650.333954][T11831]  rtnetlink_rcv+0x1c/0x20
[  650.339945][T11831]  netlink_unicast+0x8df/0xac0
[  650.345108][T11831]  ? netlink_detachskb+0x90/0x90
[  650.350285][T11831]  ? security_netlink_send+0x7b/0xa0
[  650.358140][T11831]  netlink_sendmsg+0xa46/0xd00
[  650.364310][T11831]  ? netlink_getsockopt+0x5c0/0x5c0
[  650.370000][T11831]  ? security_socket_sendmsg+0x82/0xb0
[  650.376011][T11831]  ? netlink_getsockopt+0x5c0/0x5c0
[  650.382452][T11831]  ____sys_sendmsg+0x59e/0x8f0
[  650.387029][T11831]  ? __sys_sendmsg_sock+0x40/0x40
[  650.392375][T11831]  ? import_iovec+0xe5/0x120
[  650.396951][T11831]  ___sys_sendmsg+0x252/0x2e0
[  650.402218][T11831]  ? __sys_sendmsg+0x280/0x280
[  650.407058][T11831]  ? rw_verify_area+0x1c3/0x360
[  650.413518][T11831]  ? __fdget+0x1bc/0x240
[  650.417943][T11831]  __se_sys_sendmsg+0x1b1/0x280
[  650.423959][T11831]  ? __x64_sys_sendmsg+0x90/0x90
[  650.430237][T11831]  ? ksys_write+0x260/0x2c0
[  650.436618][T11831]  ? debug_smp_processor_id+0x17/0x20
[  650.444320][T11831]  __x64_sys_sendmsg+0x7b/0x90
[  650.450283][T11831]  do_syscall_64+0x34/0x70
[  650.457096][T11831]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  650.463328][T11831] RIP: 0033:0x7f83ea0b1bd9
[  650.469062][T11831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.489902][T11831] RSP: 002b:00007f83e92f1048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  650.500396][T11831] RAX: ffffffffffffffda RBX: 00007f83ea240110 RCX: 00007f83ea0b1bd9
[  650.514542][T11831] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000007
[  650.524873][T11831] RBP: 00007f83e92f10a0 R08: 0000000000000000 R09: 0000000000000000
[  650.534761][T11831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  650.546091][T11831] R13: 000000000000006e R14: 00007f83ea240110 R15: 00007ffcf2cdfbb8
[  650.560735][  T288] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  650.722767][  T314] device bridge_slave_1 left promiscuous mode
[  650.729733][  T314] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.752404][  T314] device bridge_slave_0 left promiscuous mode
[  650.758686][  T314] bridge0: port 1(bridge_slave_0) entered disabled state
[  650.782023][  T314] device veth1_macvtap left promiscuous mode
[  650.798713][  T314] device veth0_vlan left promiscuous mode
[  650.952307][  T288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  650.990038][  T288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  651.032384][  T288] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  651.047386][  T288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.068717][  T288] usb 3-1: config 0 descriptor??
[  651.132964][T11810] FAULT_INJECTION: forcing a failure.
[  651.132964][T11810] name failslab, interval 1, probability 0, space 0, times 0
[  651.152579][T11810] CPU: 0 PID: 11810 Comm: syz.0.2936 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  651.167051][T11810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  651.184685][T11810] Call Trace:
[  651.188525][T11810]  dump_stack_lvl+0x1e2/0x24b
[  651.197284][T11810]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  651.204550][T11810]  dump_stack+0x15/0x17
[  651.211618][T11810]  should_fail+0x3c6/0x510
[  651.217166][T11810]  ? security_file_alloc+0x29/0x120
[  651.223903][T11810]  __should_failslab+0xa4/0xe0
[  651.230639][T11810]  should_failslab+0x9/0x20
[  651.237151][T11810]  kmem_cache_alloc+0x3d/0x2e0
[  651.243760][T11810]  ? __alloc_file+0x29/0x330
[  651.249769][T11810]  security_file_alloc+0x29/0x120
[  651.256029][T11810]  __alloc_file+0xbf/0x330
[  651.262680][T11810]  alloc_empty_file+0x95/0x180
[  651.268137][T11810]  path_openat+0x105/0x3000
[  651.274433][T11810]  ? __kasan_slab_alloc+0xc3/0xe0
[  651.280755][T11810]  ? __kasan_slab_alloc+0xb1/0xe0
[  651.286333][T11810]  ? slab_post_alloc_hook+0x61/0x2f0
[  651.293664][T11810]  ? kmem_cache_alloc+0x168/0x2e0
[  651.300501][T11810]  ? getname_flags+0xba/0x520
[  651.306551][T11810]  ? getname+0x19/0x20
[  651.312327][T11810]  ? __x64_sys_open+0x221/0x270
[  651.319976][T11810]  ? do_syscall_64+0x34/0x70
[  651.325761][T11810]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  651.333320][T11810]  ? do_filp_open+0x460/0x460
[  651.339685][T11810]  do_filp_open+0x21c/0x460
[  651.344255][T11810]  ? vfs_tmpfile+0x2b0/0x2b0
[  651.349671][T11810]  ? get_unused_fd_flags+0x94/0xa0
[  651.355423][T11810]  do_sys_openat2+0x13f/0x6f0
[  651.361452][T11810]  ? __kasan_check_write+0x14/0x20
[  651.368101][T11810]  ? mutex_lock+0xa5/0x110
[  651.375248][T11810]  ? mutex_trylock+0xa0/0xa0
[  651.382827][T11810]  ? do_sys_open+0x220/0x220
[  651.388033][T11810]  ? __kasan_check_write+0x14/0x20
[  651.394166][T11810]  ? ksys_write+0x260/0x2c0
[  651.399502][T11810]  __x64_sys_open+0x221/0x270
[  651.406247][T11810]  ? do_sys_openat2+0x6f0/0x6f0
[  651.412590][T11810]  ? debug_smp_processor_id+0x17/0x20
[  651.418478][T11810]  do_syscall_64+0x34/0x70
[  651.423490][T11810]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  651.429649][T11810] RIP: 0033:0x7f3ded938bd9
[  651.436376][T11810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  651.460680][T11810] RSP: 002b:00007f3decbba048 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  651.470743][T11810] RAX: ffffffffffffffda RBX: 00007f3dedac6f60 RCX: 00007f3ded938bd9
[  651.479864][T11810] RDX: 0000000000000000 RSI: 0000000000024142 RDI: 00000000200000c0
[  651.487694][T11810] RBP: 00007f3decbba0a0 R08: 0000000000000000 R09: 0000000000000000
[  651.496675][T11810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  651.507619][T11810] R13: 000000000000000b R14: 00007f3dedac6f60 R15: 00007ffe7090ff98
[  651.770332][T11850] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2949'.
[  651.790970][T11855] udc-core: couldn't find an available UDC or it's busy
[  651.799906][T11855] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  651.832032][  T288] usbhid 3-1:0.0: can't add hid device: -71
[  651.843855][  T288] usbhid: probe of 3-1:0.0 failed with error -71
[  651.955364][  T288] usb 3-1: USB disconnect, device number 79
[  652.173080][T11862] tipc: Started in network mode
[  652.181547][T11862] tipc: Own node identity 00000000000000000000000000000001, cluster identity 4711
[  652.185373][T11855] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  652.195537][T11862] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  652.217960][T11862] tipc: Enabled bearer <udp:syz1>, priority 10
[  652.281901][  T306] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  652.375906][T11874] overlayfs: missing 'lowerdir'
[  652.831827][T11887] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2960'.
[  653.056043][T11898] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2963'.
[  653.068351][T11898] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2963'.
[  653.331857][   T15] tipc: 32-bit node address hash set to 1000000
[  653.465629][   T24] kauditd_printk_skb: 36 callbacks suppressed
[  653.465645][   T24] audit: type=1326 audit(1720528073.450:7246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  653.501024][   T24] audit: type=1326 audit(1720528073.450:7247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  653.561886][  T288] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  653.634930][T11911] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x38db593b, utbl_chksum : 0xe619d30d)
[  654.002070][  T288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  654.068922][  T288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  654.083407][  T288] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  654.096588][  T288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.109039][  T288] usb 2-1: config 0 descriptor??
[  654.120624][T11929] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2972'.
[  654.147477][   T24] audit: type=1326 audit(1720528074.130:7248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  654.187750][   T24] audit: type=1326 audit(1720528074.130:7249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  654.221133][   T24] audit: type=1326 audit(1720528074.130:7250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  654.265615][   T24] audit: type=1326 audit(1720528074.130:7251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  654.300164][   T24] audit: type=1326 audit(1720528074.130:7252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  654.335964][   T24] audit: type=1326 audit(1720528074.130:7253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  654.376066][   T24] audit: type=1326 audit(1720528074.170:7254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  654.408294][   T24] audit: type=1326 audit(1720528074.170:7255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f7202bd9 code=0x7fc00000
[  655.591828][  T306] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  655.821875][  T288] uclogic 0003:256C:006D.0070: failed retrieving string descriptor #200: -71
[  655.831411][  T288] uclogic 0003:256C:006D.0070: failed retrieving pen parameters: -71
[  655.837380][  T314] Bluetooth: hci0: Frame reassembly failed (-84)
[  655.841215][  T288] uclogic 0003:256C:006D.0070: failed probing pen v2 parameters: -71
[  655.849321][  T306] usb 3-1: Using ep0 maxpacket: 8
[  655.859173][  T288] uclogic 0003:256C:006D.0070: failed probing parameters: -71
[  655.876358][  T288] uclogic: probe of 0003:256C:006D.0070 failed with error -71
[  655.887940][  T288] usb 2-1: USB disconnect, device number 80
[  655.981916][  T306] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  655.997796][  T306] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  656.013503][  T306] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  656.028774][  T306] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.042072][  T306] usb 3-1: config 0 descriptor??
[  656.522906][  T306] steelseries_srws1 0003:1038:1410.0071: item fetching failed at offset 4/7
[  656.534555][  T306] steelseries_srws1 0003:1038:1410.0071: parse failed
[  656.542894][  T306] steelseries_srws1: probe of 0003:1038:1410.0071 failed with error -22
[  656.872999][T11957] device pim6reg1 entered promiscuous mode
[  657.231460][ T2608] Bluetooth: hci1: Frame reassembly failed (-84)
[  657.431811][   T15] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  657.523017][T11964] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2984'.
[  657.681790][   T15] usb 4-1: Using ep0 maxpacket: 8
[  657.801969][   T15] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  657.816208][   T15] usb 4-1: config 0 interface 0 has no altsetting 0
[  657.892000][  T306] Bluetooth: hci0: command 0x1003 tx timeout
[  657.898659][  T688] Bluetooth: hci0: sending frame failed (-49)
[  657.905302][   T15] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  657.918799][   T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  657.929514][   T15] usb 4-1: SerialNumber: syz
[  657.943696][   T15] usb 4-1: config 0 descriptor??
[  658.261874][   T15] uvcvideo: Found UVC 0.00 device <unnamed> (05ac:8501)
[  658.269554][   T15] uvcvideo: No valid video chain found.
[  658.278755][   T15] usb 4-1: USB disconnect, device number 81
[  658.437447][T11970] FAULT_INJECTION: forcing a failure.
[  658.437447][T11970] name failslab, interval 1, probability 0, space 0, times 0
[  658.456108][T11970] CPU: 1 PID: 11970 Comm: syz.0.2986 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  658.469134][T11970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  658.480557][T11970] Call Trace:
[  658.484667][T11970]  dump_stack_lvl+0x1e2/0x24b
[  658.489421][T11970]  ? asm_common_interrupt+0x1e/0x40
[  658.494833][T11970]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  658.500228][T11970]  dump_stack+0x15/0x17
[  658.504435][T11970]  should_fail+0x3c6/0x510
[  658.508651][T11970]  ? __alloc_file+0x29/0x330
[  658.513454][T11970]  __should_failslab+0xa4/0xe0
[  658.518666][T11970]  should_failslab+0x9/0x20
[  658.526217][T11970]  kmem_cache_alloc+0x3d/0x2e0
[  658.531939][T11970]  __alloc_file+0x29/0x330
[  658.538064][T11970]  ? alloc_empty_file+0x42/0x180
[  658.543116][T11970]  alloc_empty_file+0x95/0x180
[  658.549311][T11970]  path_openat+0x105/0x3000
[  658.554413][T11970]  ? __kasan_slab_alloc+0xc3/0xe0
[  658.560243][T11970]  ? __kasan_slab_alloc+0xb1/0xe0
[  658.565370][T11970]  ? slab_post_alloc_hook+0x61/0x2f0
[  658.571811][T11970]  ? kmem_cache_alloc+0x168/0x2e0
[  658.576664][T11970]  ? getname_flags+0xba/0x520
[  658.581590][T11970]  ? getname+0x19/0x20
[  658.586384][T11970]  ? __x64_sys_openat+0x243/0x290
[  658.591226][T11970]  ? do_syscall_64+0x34/0x70
[  658.595660][T11970]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  658.601574][T11970]  ? do_filp_open+0x460/0x460
[  658.606365][T11970]  do_filp_open+0x21c/0x460
[  658.610912][T11970]  ? vfs_tmpfile+0x2b0/0x2b0
[  658.615838][T11970]  ? get_unused_fd_flags+0x94/0xa0
[  658.621413][T11970]  do_sys_openat2+0x13f/0x6f0
[  658.627593][T11970]  ? __kasan_check_write+0x14/0x20
[  658.633163][T11970]  ? mutex_lock+0xa5/0x110
[  658.638005][T11970]  ? mutex_trylock+0xa0/0xa0
[  658.642999][T11970]  ? do_sys_open+0x220/0x220
[  658.648137][T11970]  ? __kasan_check_write+0x14/0x20
[  658.655044][T11970]  ? ksys_write+0x260/0x2c0
[  658.659711][T11970]  __x64_sys_openat+0x243/0x290
[  658.664561][T11970]  ? __ia32_sys_open+0x270/0x270
[  658.670001][T11970]  ? debug_smp_processor_id+0x17/0x20
[  658.676385][T11970]  do_syscall_64+0x34/0x70
[  658.681464][T11970]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  658.687892][T11970] RIP: 0033:0x7f3ded938bd9
[  658.692942][T11970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.716596][T11970] RSP: 002b:00007f3decbba048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  658.727160][T11970] RAX: ffffffffffffffda RBX: 00007f3dedac6f60 RCX: 00007f3ded938bd9
[  658.735396][T11970] RDX: 0000000000084400 RSI: 00000000200000c0 RDI: ffffffffffffff9c
[  658.743816][T11970] RBP: 00007f3decbba0a0 R08: 0000000000000000 R09: 0000000000000000
[  658.752039][T11970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  658.761277][T11970] R13: 000000000000000b R14: 00007f3dedac6f60 R15: 00007ffe7090ff98
[  659.018808][   T24] kauditd_printk_skb: 185 callbacks suppressed
[  659.018823][   T24] audit: type=1326 audit(1720528079.000:7441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11982 comm="syz.3.2992" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f83ea0b1bd9 code=0x0
[  659.251780][  T288] Bluetooth: hci1: command 0x1003 tx timeout
[  659.258661][  T688] Bluetooth: hci1: sending frame failed (-49)
[  659.288090][T11989] tipc: Started in network mode
[  659.293067][T11989] tipc: Own node identity 00000000000000000000000000000001, cluster identity 4711
[  659.303311][T11989] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  659.313455][T11989] FAULT_INJECTION: forcing a failure.
[  659.313455][T11989] name failslab, interval 1, probability 0, space 0, times 0
[  659.327483][T11989] CPU: 1 PID: 11989 Comm: syz.0.2993 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  659.337275][T11989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  659.347449][T11989] Call Trace:
[  659.350592][T11989]  dump_stack_lvl+0x1e2/0x24b
[  659.355098][T11989]  ? panic+0x812/0x812
[  659.359127][T11989]  ? stack_trace_save+0x113/0x1c0
[  659.364082][T11989]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  659.370186][T11989]  ? stack_trace_snprint+0xf0/0xf0
[  659.376497][T11989]  ? ____sys_sendmsg+0x59e/0x8f0
[  659.382382][T11989]  dump_stack+0x15/0x17
[  659.386807][T11989]  should_fail+0x3c6/0x510
[  659.391125][T11989]  ? __alloc_skb+0x80/0x510
[  659.395973][T11989]  __should_failslab+0xa4/0xe0
[  659.400999][T11989]  should_failslab+0x9/0x20
[  659.405808][T11989]  kmem_cache_alloc+0x3d/0x2e0
[  659.411394][T11989]  ? __se_sys_sendmsg+0x1b1/0x280
[  659.416845][T11989]  ? __x64_sys_sendmsg+0x7b/0x90
[  659.422372][T11989]  __alloc_skb+0x80/0x510
[  659.427117][T11989]  ? enqueue_timer+0x1b5/0x4c0
[  659.433243][T11989]  __pskb_copy_fclone+0xae/0x1180
[  659.439266][T11989]  tipc_udp_send_msg+0x1f3/0x2e0
[  659.444407][T11989]  tipc_bearer_xmit_skb+0x2b1/0x3b0
[  659.449776][T11989]  ? tipc_bearer_mtu+0x160/0x160
[  659.455040][T11989]  ? tipc_mon_create+0x448/0x5e0
[  659.460338][T11989]  __tipc_nl_bearer_enable+0xdf0/0x1110
[  659.466490][T11989]  ? tipc_nl_bearer_disable+0x2d0/0x2d0
[  659.473235][T11989]  ? __nla_validate+0x50/0x50
[  659.478454][T11989]  ? __kasan_check_write+0x14/0x20
[  659.485120][T11989]  ? mutex_lock+0xa5/0x110
[  659.489545][T11989]  ? mutex_trylock+0xa0/0xa0
[  659.494491][T11989]  tipc_nl_bearer_enable+0x22/0x30
[  659.499532][T11989]  genl_rcv_msg+0x115d/0x16e0
[  659.504570][T11989]  ? genl_rcv+0x40/0x40
[  659.512375][T11989]  ? stack_trace_snprint+0xf0/0xf0
[  659.518069][T11989]  ? kasan_unpoison+0x61/0x80
[  659.523882][T11989]  ? __kasan_slab_alloc+0x63/0xe0
[  659.530495][T11989]  ? __kasan_slab_alloc+0xc3/0xe0
[  659.535851][T11989]  ? __kasan_slab_alloc+0xb1/0xe0
[  659.541071][T11989]  ? slab_post_alloc_hook+0x61/0x2f0
[  659.548196][T11989]  ? kmem_cache_alloc+0x168/0x2e0
[  659.553169][T11989]  ? __alloc_skb+0x80/0x510
[  659.557601][T11989]  ? netlink_sendmsg+0x7a4/0xd00
[  659.562879][T11989]  ? ____sys_sendmsg+0x59e/0x8f0
[  659.568027][T11989]  ? ___sys_sendmsg+0x252/0x2e0
[  659.572874][T11989]  ? __se_sys_sendmsg+0x1b1/0x280
[  659.577832][T11989]  ? __x64_sys_sendmsg+0x7b/0x90
[  659.583111][T11989]  ? do_syscall_64+0x34/0x70
[  659.588098][T11989]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  659.594685][T11989]  ? __tipc_nl_bearer_enable+0x1110/0x1110
[  659.600584][T11989]  ? iov_iter_advance+0x258/0xb20
[  659.605833][T11989]  netlink_rcv_skb+0x1cf/0x410
[  659.610921][T11989]  ? genl_rcv+0x40/0x40
[  659.615414][T11989]  ? netlink_ack+0xb30/0xb30
[  659.620102][T11989]  ? down_read+0xf0/0x210
[  659.624691][T11989]  ? __down_common+0x530/0x530
[  659.629298][T11989]  ? __netlink_lookup+0x37b/0x3a0
[  659.634232][T11989]  genl_rcv+0x28/0x40
[  659.638392][T11989]  netlink_unicast+0x8df/0xac0
[  659.643097][T11989]  ? netlink_detachskb+0x90/0x90
[  659.648375][T11989]  ? security_netlink_send+0x7b/0xa0
[  659.653499][T11989]  netlink_sendmsg+0xa46/0xd00
[  659.658901][T11989]  ? netlink_getsockopt+0x5c0/0x5c0
[  659.664449][T11989]  ? kasan_set_track+0x5d/0x70
[  659.670086][T11989]  ? security_socket_sendmsg+0x82/0xb0
[  659.676761][T11989]  ? netlink_getsockopt+0x5c0/0x5c0
[  659.682485][T11989]  ____sys_sendmsg+0x59e/0x8f0
[  659.687196][T11989]  ? __sys_sendmsg_sock+0x40/0x40
[  659.692714][T11989]  ? import_iovec+0xe5/0x120
[  659.698095][T11989]  ___sys_sendmsg+0x252/0x2e0
[  659.702718][T11989]  ? __sys_sendmsg+0x280/0x280
[  659.708121][T11989]  ? rw_verify_area+0x1c3/0x360
[  659.713718][T11989]  ? __fdget+0x1bc/0x240
[  659.718388][T11989]  __se_sys_sendmsg+0x1b1/0x280
[  659.723452][T11989]  ? __x64_sys_sendmsg+0x90/0x90
[  659.728708][T11989]  ? __bpf_trace_sys_enter+0x62/0x70
[  659.735058][T11989]  __x64_sys_sendmsg+0x7b/0x90
[  659.740245][T11989]  do_syscall_64+0x34/0x70
[  659.744838][T11989]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  659.750625][T11989] RIP: 0033:0x7f3ded938bd9
[  659.754935][T11989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  659.776701][T11989] RSP: 002b:00007f3decbba048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  659.785097][T11989] RAX: ffffffffffffffda RBX: 00007f3dedac6f60 RCX: 00007f3ded938bd9
[  659.793773][T11989] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  659.802109][T11989] RBP: 00007f3decbba0a0 R08: 0000000000000000 R09: 0000000000000000
[  659.809931][T11989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  659.818287][T11989] R13: 000000000000000b R14: 00007f3dedac6f60 R15: 00007ffe7090ff98
[  659.829780][T11989] tipc: Enabled bearer <udp:syz1>, priority 10
[  659.923494][T11992] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2995'.
[  659.949412][  T288] usb 3-1: USB disconnect, device number 80
[  659.971838][  T568] Bluetooth: hci0: command 0x1001 tx timeout
[  659.980239][  T688] Bluetooth: hci0: sending frame failed (-49)
[  660.040417][T12016] udc-core: couldn't find an available UDC or it's busy
[  660.048682][T12016] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  660.222258][T12071] x_tables: unsorted underflow at hook 3
[  660.281871][T12067] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  660.391834][T12069] tipc: 32-bit node address hash set to 1000000
[  660.461937][  T288] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  660.681933][T12067] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  660.693863][T12067] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  660.704140][T12067] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  660.719572][T12067] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  660.729523][T12067] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.738732][T12067] usb 1-1: config 0 descriptor??
[  660.771904][  T288] usb 3-1: device descriptor read/64, error -71
[  661.171863][   T15] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  661.201858][  T288] usb 3-1: device descriptor read/64, error -71
[  661.233000][T12067] plantronics 0003:047F:FFFF.0072: unknown main item tag 0x0
[  661.244129][T12067] plantronics 0003:047F:FFFF.0072: No inputs registered, leaving
[  661.257506][T12067] plantronics 0003:047F:FFFF.0072: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  661.332071][T12067] Bluetooth: hci1: command 0x1001 tx timeout
[  661.340033][  T688] Bluetooth: hci1: sending frame failed (-49)
[  661.421898][   T15] usb 4-1: Using ep0 maxpacket: 8
[  661.474712][  T842] usb 1-1: USB disconnect, device number 73
[  661.491872][  T288] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  661.541955][   T15] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  661.554600][   T15] usb 4-1: config 0 interface 0 has no altsetting 0
[  661.641985][   T15] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  661.654765][   T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  661.663813][   T15] usb 4-1: SerialNumber: syz
[  661.669029][   T15] usb 4-1: config 0 descriptor??
[  661.781841][  T288] usb 3-1: device descriptor read/64, error -71
[  662.011836][   T15] uvcvideo: Found UVC 0.00 device <unnamed> (05ac:8501)
[  662.021294][   T15] uvcvideo: No valid video chain found.
[  662.038694][   T15] usb 4-1: USB disconnect, device number 82
[  662.051848][T12069] Bluetooth: hci0: command 0x1009 tx timeout
[  662.171787][  T288] usb 3-1: device descriptor read/64, error -71
[  662.292005][  T288] usb usb3-port1: attempt power cycle
[  662.701829][  T288] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  662.811800][T12070] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  662.881869][  T288] usb 3-1: device descriptor read/8, error -71
[  663.027135][T12087] syz.0.3005 (12087): /proc/12084/oom_adj is deprecated, please use /proc/12084/oom_score_adj instead.
[  663.072050][T12070] usb 4-1: Using ep0 maxpacket: 16
[  663.162190][  T288] usb 3-1: device descriptor read/8, error -71
[  663.205464][T12091] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3007'.
[  663.361941][T12070] usb 4-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82
[  663.375248][T12070] usb 4-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10
[  663.388350][T12070] usb 4-1: Product: syz
[  663.395227][T12070] usb 4-1: Manufacturer: syz
[  663.403149][T12070] usb 4-1: SerialNumber: syz
[  663.410481][T12070] usb 4-1: config 0 descriptor??
[  663.418452][T12069] Bluetooth: hci1: command 0x1009 tx timeout
[  663.452670][T12070] usb 4-1: selecting invalid altsetting 1
[  663.460398][T12070] snd-usb-audio: probe of 4-1:0.0 failed with error -22
[  663.655124][   T15] usb 4-1: USB disconnect, device number 83
[  663.661820][  T288] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  663.735338][   T24] audit: type=1400 audit(1720528083.720:7442): avc:  denied  { nlmsg_write } for  pid=12095 comm="syz.0.3009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  663.751984][  T288] usb 3-1: Using ep0 maxpacket: 8
[  663.931920][  T288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  663.944777][  T288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  663.955849][  T288] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  663.966500][  T288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.980886][  T288] usb 3-1: config 0 descriptor??
[  664.383894][   T24] audit: type=1400 audit(1720528084.150:7443): avc:  denied  { mounton } for  pid=12104 comm="syz.0.3012" path="/64/file0" dev="tmpfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  664.644015][  T288] steelseries_srws1 0003:1038:1410.0073: item fetching failed at offset 4/7
[  664.655443][  T288] steelseries_srws1 0003:1038:1410.0073: parse failed
[  664.669154][  T288] steelseries_srws1: probe of 0003:1038:1410.0073 failed with error -22
[  664.731833][   T15] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  664.884506][   T24] audit: type=1400 audit(1720528084.870:7444): avc:  denied  { read } for  pid=12112 comm="syz.0.3014" name="file1" dev="tmpfs" ino=389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  664.909380][   T24] audit: type=1400 audit(1720528084.870:7445): avc:  denied  { open } for  pid=12112 comm="syz.0.3014" path="/65/bus/file1" dev="overlay" ino=389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  665.099047][T12116] overlayfs: './file1' not a directory
[  665.391872][   T15] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  665.399394][T12114] device pim6reg1 entered promiscuous mode
[  665.411823][   T15] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  665.441880][   T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.456049][   T15] usb 4-1: config 0 descriptor??
[  665.848501][T12122] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.856167][T12122] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.864706][T12122] device bridge_slave_0 entered promiscuous mode
[  665.874418][T12122] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.883226][T12122] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.892318][T12122] device bridge_slave_1 entered promiscuous mode
[  665.953761][T12122] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.963142][T12122] bridge0: port 2(bridge_slave_1) entered forwarding state
[  665.975942][T12122] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.984524][T12122] bridge0: port 1(bridge_slave_0) entered forwarding state
[  666.014627][  T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  666.025092][  T306] bridge0: port 1(bridge_slave_0) entered disabled state
[  666.035167][  T306] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.073464][  T842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  666.084143][  T842] bridge0: port 1(bridge_slave_0) entered blocking state
[  666.092056][  T842] bridge0: port 1(bridge_slave_0) entered forwarding state
[  666.103578][  T842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  666.114983][  T842] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.124027][  T842] bridge0: port 2(bridge_slave_1) entered forwarding state
[  666.132736][  T842] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  666.151961][  T842] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  666.172848][  T842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  666.185029][  T842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  666.195780][  T842] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  666.205836][  T842] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  666.223084][T12122] device veth0_vlan entered promiscuous mode
[  666.249075][T12070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  666.261948][T12122] device veth1_macvtap entered promiscuous mode
[  666.276630][T12070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  666.297585][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  666.349258][T12128] JBD2: no valid journal superblock found
[  666.358681][T12128] EXT4-fs (loop4): error loading journal
[  666.703233][T12136] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3018'.
[  666.812739][  T314] device bridge_slave_1 left promiscuous mode
[  666.820867][  T314] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.831131][  T314] device bridge_slave_0 left promiscuous mode
[  666.840022][  T314] bridge0: port 1(bridge_slave_0) entered disabled state
[  666.850579][  T314] device veth1_macvtap left promiscuous mode
[  666.860089][  T314] device veth0_vlan left promiscuous mode
[  667.392312][T12144] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.411387][T12144] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.454439][T12144] device bridge_slave_0 entered promiscuous mode
[  667.495515][T12144] bridge0: port 2(bridge_slave_1) entered blocking state
[  667.521979][   T15] usbhid 4-1:0.0: can't add hid device: -71
[  667.528566][   T15] usbhid: probe of 4-1:0.0 failed with error -71
[  667.551873][T12144] bridge0: port 2(bridge_slave_1) entered disabled state
[  667.559717][T12144] device bridge_slave_1 entered promiscuous mode
[  667.573783][   T15] usb 4-1: USB disconnect, device number 84
[  667.753555][T12143] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  667.765533][T12143] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  667.792456][T12143] F2FS-fs (loop4): invalid crc value
[  667.803185][  T314] tipc: Disabling bearer <udp:syz1>
[  667.809846][  T314] tipc: Left network mode
[  667.882553][T12143] F2FS-fs (loop4): Found nat_bits in checkpoint
[  668.009074][  T288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  668.025625][  T288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  668.060526][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  668.074846][T12143] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  668.087884][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  668.102946][T12143] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  668.125343][T12067] bridge0: port 1(bridge_slave_0) entered blocking state
[  668.135379][T12067] bridge0: port 1(bridge_slave_0) entered forwarding state
[  668.244695][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  668.257340][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  668.266636][T12067] bridge0: port 2(bridge_slave_1) entered blocking state
[  668.275250][T12067] bridge0: port 2(bridge_slave_1) entered forwarding state
[  668.290603][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  668.302609][  T842] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  668.335235][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  668.583184][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  668.636874][ T2608] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  668.647985][ T2608] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  668.653442][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  668.691354][T12067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  668.726732][T12144] device veth0_vlan entered promiscuous mode
[  668.736860][T12066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  668.746902][T12066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  668.781960][T12144] device veth1_macvtap entered promiscuous mode
[  668.802792][T12068] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  668.811564][T12068] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  668.841960][T12068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  668.850691][T12068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  668.876638][T12068] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  668.891201][   T24] audit: type=1400 audit(1720528088.870:7446): avc:  denied  { watch_reads } for  pid=12166 comm="syz.4.3027" path="/3" dev="tmpfs" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  668.922790][  T842] usb 1-1: Using ep0 maxpacket: 16
[  668.943241][T12169] tmpfs: Unknown parameter 'ys'
[  668.946893][T12066] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  668.959857][T12066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  668.970002][T12066] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  668.982403][T12066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  668.991915][   T24] audit: type=1326 audit(1720528088.930:7447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12166 comm="syz.4.3027" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb8dfa28bd9 code=0x0
[  669.151871][  T842] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  669.181790][  T842] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  669.202548][  T314] device bridge_slave_1 left promiscuous mode
[  669.209456][  T314] bridge0: port 2(bridge_slave_1) entered disabled state
[  669.220883][  T314] device bridge_slave_0 left promiscuous mode
[  669.228064][  T314] bridge0: port 1(bridge_slave_0) entered disabled state
[  669.239058][  T314] device veth1_macvtap left promiscuous mode
[  669.247470][  T314] device veth0_vlan left promiscuous mode
[  669.341914][    T5] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  669.371941][  T842] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  669.382859][  T842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.392712][  T842] usb 1-1: Product: ф
[  669.397496][  T842] usb 1-1: Manufacturer: 뾫苝㗼榢䷻䲻䗮≽劝ࢴ㳙①舔⊇⃞ꃸ䡾䁢ꋢๆ瀖꣣贓ࠗ쵒籈겒硤뻯橲᤮❿ခ⩳䉼휤녦䬸쫉╾㘶됺ẩُ躭感盅謱驑꟬闆௼㭒햨⬈垚搊젛ఏ〟ᬡ槲밄ꨪⰉꋘ錸偳봃ᝤ㺜燆雹믈쀔著ૻ
[  669.430310][  T842] usb 1-1: SerialNumber: 㛚幕㿋獠뺯儲ሑ㵯不ᓐ썒뾝憉噋퓦ܼ桛೘䣸ۉ௥ὄ羭ӕꋡ繏༪鬣ᄭ侩왋䞀쨱᤮벰ȶ쵇ᝨ᫠㠶ࡨ㺂摈쐈ﰑ୩⋻簕뫼쀁䥛랿཈䄈ꦮ᷐꼐鷦턕⾥邮ꢽ뭬泚飹㎬똫✶멸㵗＜꩞縖❊皉亮䰍ῼ襁崈쨒䊤탺逘ꈇ굋ᐲꚮ徰嶣碓때셇㺎괘渿홢㗸렪ꑉ䀴싳Ꞻ詙㙻穇캹鐱⯕⃫쐟
[  669.611763][    T5] usb 2-1: Using ep0 maxpacket: 16
[  669.762715][    T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  669.777172][T12178] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3029'.
[  669.786069][    T5] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  669.808729][    T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.823422][    T5] usb 2-1: config 0 descriptor??
[  669.827453][T12067] usb 3-1: USB disconnect, device number 84
[  670.111906][  T842] usb 1-1: 0:2 : does not exist
[  670.128818][  T842] usb 1-1: USB disconnect, device number 74
[  670.331845][T12067] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  670.362264][T12172] udc-core: couldn't find an available UDC or it's busy
[  670.374152][T12172] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  670.403499][    T5] hid (null): report_id 0 is invalid
[  670.414336][    T5] hid-generic 0003:0158:0100.0074: unknown main item tag 0x1
[  670.423107][    T5] hid-generic 0003:0158:0100.0074: unexpected long global item
[  670.432563][    T5] hid-generic: probe of 0003:0158:0100.0074 failed with error -22
[  670.608590][    T5] usb 2-1: USB disconnect, device number 81
[  670.752190][T12067] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  670.807157][T12067] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  670.820067][T12067] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.845942][T12067] usb 3-1: config 0 descriptor??
[  671.362596][T12204] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3037'.
[  671.467995][T12214] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3040'.
[  671.515703][T12212] FAULT_INJECTION: forcing a failure.
[  671.515703][T12212] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  671.535954][T12212] CPU: 0 PID: 12212 Comm: syz.0.3039 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  671.546596][T12212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  671.560120][T12212] Call Trace:
[  671.563950][T12212]  dump_stack_lvl+0x1e2/0x24b
[  671.569335][T12212]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  671.575345][T12212]  ? down_read_trylock+0x179/0x1d0
[  671.580894][T12212]  ? __init_rwsem+0x1c0/0x1c0
[  671.586389][T12212]  dump_stack+0x15/0x17
[  671.591339][T12212]  should_fail+0x3c6/0x510
[  671.596305][T12212]  should_fail_alloc_page+0x52/0x60
[  671.602044][T12212]  __alloc_pages_nodemask+0x1b3/0xaf0
[  671.608187][T12212]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  671.614628][T12212]  ? copy_user_enhanced_fast_string+0xe/0x40
[  671.622601][T12212]  pipe_write+0x551/0x18c0
[  671.627048][T12212]  ? pipe_read+0x1040/0x1040
[  671.632146][T12212]  ? fsnotify_perm+0x67/0x4e0
[  671.636915][T12212]  ? security_file_permission+0x7b/0xb0
[  671.642593][T12212]  ? security_file_permission+0x86/0xb0
[  671.649005][T12212]  ? iov_iter_init+0x3f/0x120
[  671.654819][T12212]  vfs_write+0xb55/0xe70
[  671.659341][T12212]  ? kernel_write+0x3d0/0x3d0
[  671.664157][T12212]  ? __fdget_pos+0x209/0x3a0
[  671.668897][T12212]  ? ksys_write+0x77/0x2c0
[  671.673858][T12212]  ksys_write+0x199/0x2c0
[  671.678875][T12212]  ? kvm_sched_clock_read+0x18/0x40
[  671.684828][T12212]  ? __ia32_sys_read+0x90/0x90
[  671.689583][T12212]  ? debug_smp_processor_id+0x17/0x20
[  671.694875][T12212]  __x64_sys_write+0x7b/0x90
[  671.700101][T12212]  do_syscall_64+0x34/0x70
[  671.704608][T12212]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  671.710680][T12212] RIP: 0033:0x7f3ded938bd9
[  671.715649][T12212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.737455][T12212] RSP: 002b:00007f3decbba048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  671.747504][T12212] RAX: ffffffffffffffda RBX: 00007f3dedac6f60 RCX: 00007f3ded938bd9
[  671.756730][T12212] RDX: 00000000fffffdef RSI: 0000000020000000 RDI: 0000000000000000
[  671.764830][T12212] RBP: 00007f3decbba0a0 R08: 0000000000000000 R09: 0000000000000000
[  671.773146][T12212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  671.781258][T12212] R13: 000000000000000b R14: 00007f3dedac6f60 R15: 00007ffe7090ff98
[  671.891921][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  671.922295][ T6872] Bluetooth: hci0: sending frame failed (-49)
[  672.201801][T12065] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  672.211376][T12068] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  672.451954][T12068] usb 4-1: Using ep0 maxpacket: 16
[  672.458746][T12065] usb 1-1: Using ep0 maxpacket: 32
[  672.662085][T12068] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  672.676038][T12068] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  672.752033][T12065] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=3a.75
[  672.764132][T12065] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.774869][T12065] usb 1-1: Product: syz
[  672.779295][T12065] usb 1-1: Manufacturer: syz
[  672.784063][T12065] usb 1-1: SerialNumber: syz
[  672.798009][T12065] usb 1-1: config 0 descriptor??
[  672.874275][T12068] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  672.885634][T12065] usb_ehset_test: probe of 1-1:0.0 failed with error -32
[  672.955521][T12068] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.964559][T12068] usb 4-1: Product: ф
[  672.970208][T12068] usb 4-1: Manufacturer: 뾫苝㗼榢䷻䲻䗮≽劝ࢴ㳙①舔⊇⃞ꃸ䡾䁢ꋢๆ瀖꣣贓ࠗ쵒籈겒硤뻯橲᤮❿ခ⩳䉼휤녦䬸쫉╾㘶됺ẩُ躭感盅謱驑꟬闆௼㭒햨⬈垚搊젛ఏ〟ᬡ槲밄ꨪⰉꋘ錸偳봃ᝤ㺜燆雹믈쀔著ૻ
[  673.498032][T12068] usb 4-1: SerialNumber: 㛚幕㿋獠뺯儲ሑ㵯不ᓐ썒뾝憉噋퓦ܼ桛೘䣸ۉ௥ὄ羭ӕꋡ繏༪鬣ᄭ侩왋䞀쨱᤮벰ȶ쵇ᝨ᫠㠶ࡨ㺂摈쐈ﰑ୩⋻簕뫼쀁䥛랿཈䄈ꦮ᷐꼐鷦턕⾥邮ꢽ뭬泚飹㎬똫✶멸㵗＜꩞縖❊皉亮䰍ῼ襁崈쨒䊤탺逘ꈇ굋ᐲꚮ徰嶣碓때셇㺎괘渿홢㗸렪ꑉ䀴싳Ꞻ詙㙻穇캹鐱⯕⃫쐟
[  673.541467][T12066] usb 1-1: USB disconnect, device number 75
[  673.551982][T12067] usbhid 3-1:0.0: can't add hid device: -71
[  673.558079][T12067] usbhid: probe of 3-1:0.0 failed with error -71
[  673.569106][T12067] usb 3-1: USB disconnect, device number 85
[  673.984920][  T306] Bluetooth: hci0: command 0x1001 tx timeout
[  673.992353][ T6872] Bluetooth: hci0: sending frame failed (-49)
[  674.272290][T12068] usb 4-1: 0:2 : does not exist
[  674.294034][T12068] usb 4-1: USB disconnect, device number 85
[  674.342554][T12250] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3051'.
[  674.611011][T12246] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12246 comm=syz.1.3050
[  675.264925][T12274] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  675.521865][  T306] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  675.631146][T12067] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  675.683205][T12278] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3062'.
[  675.736244][T12283] syz.1.3061[12283] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  675.736309][T12283] syz.1.3061[12283] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  675.802056][T12287] syz.3.3063[12287] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  675.821139][T12287] syz.3.3063[12287] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  675.881895][T12067] usb 1-1: Using ep0 maxpacket: 16
[  675.912024][  T306] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  675.926813][  T306] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  675.938013][  T306] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.952346][  T306] usb 3-1: config 0 descriptor??
[  676.021951][T12067] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  676.042265][T12067] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  676.058604][T12067] usb 1-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  676.061964][   T15] Bluetooth: hci0: command 0x1009 tx timeout
[  676.072960][T12067] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.082227][  T842] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  676.093018][T12067] usb 1-1: config 0 descriptor??
[  676.361888][  T842] usb 2-1: Using ep0 maxpacket: 16
[  676.501942][  T842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  676.513540][  T842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  676.524177][  T842] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  676.536437][  T842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.549649][  T842] usb 2-1: config 0 descriptor??
[  676.583165][T12067] lenovo 0003:17EF:6067.0075: item fetching failed at offset 4/5
[  676.591646][T12067] lenovo 0003:17EF:6067.0075: hid_parse failed
[  676.600416][T12067] lenovo: probe of 0003:17EF:6067.0075 failed with error -22
[  677.032964][  T842] lenovo 0003:17EF:6067.0076: item fetching failed at offset 4/5
[  677.044021][  T842] lenovo 0003:17EF:6067.0076: hid_parse failed
[  677.055364][  T842] lenovo: probe of 0003:17EF:6067.0076 failed with error -22
[  677.691857][  T842] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  677.791855][  T306] usbhid 3-1:0.0: can't add hid device: -71
[  677.800229][  T306] usbhid: probe of 3-1:0.0 failed with error -71
[  677.808729][  T306] usb 3-1: USB disconnect, device number 86
[  677.951829][  T842] usb 4-1: Using ep0 maxpacket: 16
[  678.081948][  T842] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  678.095847][  T842] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  678.111125][  T842] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  678.123554][  T842] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.134878][  T842] usb 4-1: config 0 descriptor??
[  678.161824][  T306] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  678.308830][   T15] usb 1-1: USB disconnect, device number 76
[  678.401823][  T306] usb 3-1: Using ep0 maxpacket: 16
[  678.572068][  T306] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  678.585016][  T306] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  678.598756][  T842] lenovo 0003:17EF:6067.0077: item fetching failed at offset 4/5
[  678.608756][  T306] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  678.623338][  T842] lenovo 0003:17EF:6067.0077: hid_parse failed
[  678.629902][  T842] lenovo: probe of 0003:17EF:6067.0077 failed with error -22
[  678.640952][  T306] usb 3-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00
[  678.653416][  T306] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.666163][  T306] usb 3-1: config 0 descriptor??
[  678.721850][   T15] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  678.784361][T12066] usb 2-1: USB disconnect, device number 82
[  678.971845][   T15] usb 1-1: Using ep0 maxpacket: 16
[  679.191856][T12066] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  679.191995][   T15] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  679.210893][   T15] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  679.220987][  T306] usbhid 3-1:0.0: can't add hid device: -71
[  679.227183][  T306] usbhid: probe of 3-1:0.0 failed with error -71
[  679.235766][  T306] usb 3-1: USB disconnect, device number 87
[  679.411900][   T15] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  679.422917][   T15] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.431344][   T15] usb 1-1: Product: ф
[  679.435563][   T15] usb 1-1: Manufacturer: 뾫苝㗼榢䷻䲻䗮≽劝ࢴ㳙①舔⊇⃞ꃸ䡾䁢ꋢๆ瀖꣣贓ࠗ쵒籈겒硤뻯橲᤮❿ခ⩳䉼휤녦䬸쫉╾㘶됺ẩُ躭感盅謱驑꟬闆௼㭒햨⬈垚搊젛ఏ〟ᬡ槲밄ꨪⰉꋘ錸偳봃ᝤ㺜燆雹믈쀔著ૻ
[  679.467425][   T15] usb 1-1: SerialNumber: 㛚幕㿋獠뺯儲ሑ㵯不ᓐ썒뾝憉噋퓦ܼ桛೘䣸ۉ௥ὄ羭ӕꋡ繏༪鬣ᄭ侩왋䞀쨱᤮벰ȶ쵇ᝨ᫠㠶ࡨ㺂摈쐈ﰑ୩⋻簕뫼쀁䥛랿཈䄈ꦮ᷐꼐鷦턕⾥邮ꢽ뭬泚飹㎬똫✶멸㵗＜꩞縖❊皉亮䰍ῼ襁崈쨒䊤탺逘ꈇ굋ᐲꚮ徰嶣碓때셇㺎괘渿홢㗸렪ꑉ䀴싳Ꞻ詙㙻穇캹鐱⯕⃫쐟
[  679.551846][T12066] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  679.564029][T12066] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  679.576143][T12066] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  679.587429][T12066] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  679.601352][T12066] usb 2-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  679.612101][T12066] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.622241][T12066] usb 2-1: config 0 descriptor??
[  679.864024][T12305] FAULT_INJECTION: forcing a failure.
[  679.864024][T12305] name failslab, interval 1, probability 0, space 0, times 0
[  679.888089][T12305] CPU: 0 PID: 12305 Comm: syz.1.3069 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  679.899937][T12305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  679.910810][T12305] Call Trace:
[  679.914081][T12305]  dump_stack_lvl+0x1e2/0x24b
[  679.918984][T12305]  ? bfq_pos_tree_add_move+0x43b/0x43b
[  679.924825][T12305]  dump_stack+0x15/0x17
[  679.929914][T12305]  should_fail+0x3c6/0x510
[  679.931831][T12065] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  679.935653][T12305]  ? call_usermodehelper_setup+0x72/0x1e0
[  679.935678][T12305]  __should_failslab+0xa4/0xe0
[  679.956925][T12305]  should_failslab+0x9/0x20
[  679.961844][T12305]  kmem_cache_alloc_trace+0x3a/0x2e0
[  679.967199][T12305]  call_usermodehelper_setup+0x72/0x1e0
[  679.972535][T12305]  ? __request_module+0x8d0/0x8d0
[  679.977389][T12305]  __request_module+0x37d/0x8d0
[  679.983119][T12305]  ? make_kuid+0x700/0x700
[  679.988255][T12305]  ? crypto_alg_mod_lookup+0xae/0x730
[  679.993637][T12305]  ? copy_regset_to_user+0x210/0x210
[  679.998896][T12305]  ? __crypto_alg_lookup+0x473/0x4a0
[  680.004630][T12305]  ? bpf_trace_run1+0x210/0x210
[  680.009761][T12305]  ? __kasan_check_write+0x14/0x20
[  680.015388][T12305]  ? up_read+0x14/0x90
[  680.019573][T12305]  ? crypto_alg_lookup+0x19b/0x1e0
[  680.026775][T12305]  crypto_alg_mod_lookup+0xea/0x730
[  680.033687][T12305]  crypto_find_alg+0x98/0xf0
[  680.038391][T12305]  crypto_type_has_alg+0x2d/0x60
[  680.043695][T12305]  crypto_has_ahash+0x2c/0x40
[  680.049766][T12305]  xfrm_probe_algs+0x79/0x360
[  680.056041][T12305]  pfkey_register+0x115/0x8d0
[  680.061774][T12305]  pfkey_sendmsg+0xb65/0xfa0
[  680.067617][T12305]  ? exc_page_fault+0x33d/0x5b0
[  680.073845][T12305]  ? pfkey_release+0x340/0x340
[  680.081167][T12305]  ? selinux_socket_sendmsg+0x243/0x340
[  680.089236][T12305]  ? check_stack_object+0x114/0x130
[  680.095619][T12305]  ? security_socket_sendmsg+0x82/0xb0
[  680.103795][T12305]  ? pfkey_release+0x340/0x340
[  680.110850][T12305]  ____sys_sendmsg+0x59e/0x8f0
[  680.116989][T12305]  ? __sys_sendmsg_sock+0x40/0x40
[  680.122588][T12305]  ? import_iovec+0xe5/0x120
[  680.128633][T12305]  ___sys_sendmsg+0x252/0x2e0
[  680.135508][T12305]  ? __sys_sendmsg+0x280/0x280
[  680.142076][T12305]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  680.148576][T12305]  ? __lock_task_sighand+0x100/0x100
[  680.154663][T12305]  ? __fdget+0x1bc/0x240
[  680.159442][T12305]  __se_sys_sendmsg+0x1b1/0x280
[  680.164537][T12305]  ? __x64_sys_sendmsg+0x90/0x90
[  680.169462][T12305]  ? bpf_trace_run2+0xf4/0x280
[  680.175199][T12305]  ? debug_smp_processor_id+0x17/0x20
[  680.180747][T12305]  __x64_sys_sendmsg+0x7b/0x90
[  680.186060][T12305]  do_syscall_64+0x34/0x70
[  680.190839][T12305]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  680.197225][T12305] RIP: 0033:0x7f5314566bd9
[  680.202021][T12305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.222910][T12305] RSP: 002b:00007f53137e8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  680.231726][T12305] RAX: ffffffffffffffda RBX: 00007f53146f4f60 RCX: 00007f5314566bd9
[  680.240229][T12305] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006
[  680.248732][T12305] RBP: 00007f53137e80a0 R08: 0000000000000000 R09: 0000000000000000
[  680.257160][T12305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  680.265509][T12305] R13: 000000000000000b R14: 00007f53146f4f60 R15: 00007ffd274798a8
[  680.391847][   T15] usb 1-1: 0:2 : does not exist
[  680.412475][   T15] usb 1-1: USB disconnect, device number 77
[  680.435097][  T485] usb 4-1: USB disconnect, device number 86
[  680.561831][T12065] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  680.582251][T12065] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  680.661921][T12065] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  680.677322][T12065] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  680.708116][T12065] usb 3-1: SerialNumber: syz
[  680.807459][T12323] bridge0: port 1(bridge_slave_0) entered blocking state
[  680.821890][T12066] usbhid 2-1:0.0: can't add hid device: -71
[  680.829451][T12066] usbhid: probe of 2-1:0.0 failed with error -71
[  680.850207][T12323] bridge0: port 1(bridge_slave_0) entered disabled state
[  680.861897][T12066] usb 2-1: USB disconnect, device number 83
[  680.874326][T12332] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3073'.
[  680.891348][T12323] device bridge_slave_0 entered promiscuous mode
[  680.914251][   T24] audit: type=1326 audit(1720528100.900:7448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12334 comm="syz.0.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ded938bd9 code=0x7ffc0000
[  680.992692][T12065] usb 3-1: 0:2 : does not exist
[  681.004768][T12323] bridge0: port 2(bridge_slave_1) entered blocking state
[  681.019015][   T24] audit: type=1326 audit(1720528100.920:7449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12334 comm="syz.0.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ded938bd9 code=0x7ffc0000
[  681.031781][T12323] bridge0: port 2(bridge_slave_1) entered disabled state
[  781.121710][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  781.129535][    C1] rcu: 	0-...!: (1 GPs behind) idle=01a/1/0x4000000000000000 softirq=64053/64054 fqs=1 last_accelerate: 9401/bba3 dyntick_enabled: 1
[  781.147748][    C1] 	(detected by 1, t=10002 jiffies, g=74489, q=416)
[  781.154962][    C1] Sending NMI from CPU 1 to CPUs 0:
[  781.162870][    C1] NMI backtrace for cpu 0
[  781.162879][    C1] CPU: 0 PID: 12335 Comm: syz.0.3075 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  781.162886][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  781.162889][    C1] RIP: 0010:kvm_wait+0xec/0x150
[  781.162901][    C1] Code: 03 42 0f b6 04 20 84 c0 75 6a 41 0f b6 45 00 44 38 f0 75 26 41 f7 c7 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d 95 52 d5 03 f4 <eb> 0e 0f 1f 44 00 00 0f 00 2d 86 52 d5 03 fb f4 4c 89 7c 24 18 ff
[  781.162905][    C1] RSP: 0000:ffffc90000cc6f20 EFLAGS: 00000046
[  781.162914][    C1] RAX: 0000000000000003 RBX: 1ffff92000198de8 RCX: ffffffff8150b5a4
[  781.162919][    C1] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffc90000cc6f60
[  781.162924][    C1] RBP: ffffc90000cc6fd0 R08: dffffc0000000000 R09: ffffed1021998349
[  781.162929][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  781.162934][    C1] R13: ffff88810ccc1a40 R14: 0000000000000003 R15: 0000000000000046
[  781.162939][    C1] FS:  00007f3decbba6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  781.162944][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  781.162949][    C1] CR2: 0000000000000000 CR3: 0000000121a08000 CR4: 00000000003506b0
[  781.162953][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  781.162958][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  781.162961][    C1] Call Trace:
[  781.162963][    C1]  <NMI>
[  781.162966][    C1]  ? show_regs+0x58/0x60
[  781.162970][    C1]  ? nmi_cpu_backtrace+0x133/0x160
[  781.162973][    C1]  ? kvm_wait+0xec/0x150
[  781.162977][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  781.162980][    C1]  ? nmi_handle+0xa8/0x280
[  781.162983][    C1]  ? kvm_wait+0xec/0x150
[  781.162986][    C1]  ? default_do_nmi+0x69/0x160
[  781.162989][    C1]  ? exc_nmi+0xad/0x100
[  781.162993][    C1]  ? end_repeat_nmi+0x16/0x31
[  781.162997][    C1]  ? __pv_queued_spin_lock_slowpath+0x6d4/0xc70
[  781.163000][    C1]  ? kvm_wait+0xec/0x150
[  781.163003][    C1]  ? kvm_wait+0xec/0x150
[  781.163006][    C1]  ? kvm_wait+0xec/0x150
[  781.163009][    C1]  </NMI>
[  781.163013][    C1]  ? kvm_arch_para_hints+0x30/0x30
[  781.163017][    C1]  __pv_queued_spin_lock_slowpath+0x72f/0xc70
[  781.163021][    C1]  ? __pv_queued_spin_unlock_slowpath+0x280/0x280
[  781.163025][    C1]  _raw_spin_lock_irqsave+0x1a0/0x210
[  781.163028][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[  781.163032][    C1]  ? stack_trace_save+0x113/0x1c0
[  781.163035][    C1]  ? __set_page_owner+0x3b/0x2d0
[  781.163039][    C1]  force_sig_info_to_task+0x67/0x320
[  781.163042][    C1]  ? bsearch+0x96/0xc0
[  781.163045][    C1]  force_sig_fault+0x125/0x1c0
[  781.163049][    C1]  ? force_sig_fault_to_task+0x1c0/0x1c0
[  781.163052][    C1]  ? ex_handler_uaccess+0x3e/0xc0
[  781.163056][    C1]  ? ex_handler_fprestore+0xf0/0xf0
[  781.163059][    C1]  ? fixup_exception+0x94/0xd0
[  781.163062][    C1]  no_context+0x2e1/0xf20
[  781.163065][    C1]  ? is_prefetch+0x5c0/0x5c0
[  781.163069][    C1]  ? stack_trace_save+0x113/0x1c0
[  781.163072][    C1]  __bad_area_nosemaphore+0xcd/0x440
[  781.163076][    C1]  bad_area_nosemaphore+0x2d/0x40
[  781.163079][    C1]  exc_page_fault+0x3ea/0x5b0
[  781.163082][    C1]  asm_exc_page_fault+0x1e/0x30
[  781.163086][    C1] RIP: 0010:strncpy_from_user+0x2b8/0x2d0
[  781.163096][    C1] Code: fb fe 45 31 f6 eb e4 e8 76 d2 fb fe 49 c7 c6 f2 ff ff ff eb d6 e8 68 d2 fb fe 49 c7 c6 f2 ff ff ff eb c8 e8 5a d2 fb fe eb a9 <e8> 53 d2 fb fe 4d 29 f5 4c 8b 7d d0 e9 28 ff ff ff cc cc cc cc cc
[  781.163100][    C1] RSP: 0000:ffffc90000cc7620 EFLAGS: 00050046
[  781.163107][    C1] RAX: 0000000000000000 RBX: 00007ffffffff000 RCX: ffff888125e14f00
[  781.163112][    C1] RDX: ffffc90002da9000 RSI: 0000000000000008 RDI: 0000000000000007
[  781.163117][    C1] RBP: ffffc90000cc7668 R08: ffffffff826ed64a R09: ffffffff81aefd33
[  781.163122][    C1] R10: 0000000000000003 R11: ffff888125e14f00 R12: 0000000000000008
[  781.163127][    C1] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc90000cc76e8
[  781.163130][    C1]  ? __check_object_size+0x73/0x3c0
[  781.163134][    C1]  ? strncpy_from_user+0xda/0x2d0
[  781.163137][    C1]  strncpy_from_user_nofault+0x73/0x150
[  781.163141][    C1]  bpf_probe_read_user_str+0x2a/0x70
[  781.163145][    C1]  bpf_prog_78f9c3f13797e2ae+0x35/0x534
[  781.163148][    C1]  bpf_trace_run5+0x176/0x320
[  781.163151][    C1]  ? bpf_trace_run4+0x2e0/0x2e0
[  781.163155][    C1]  __bpf_trace_signal_generate+0x3c/0x50
[  781.163158][    C1]  __send_signal+0xb39/0xb90
[  781.163161][    C1]  send_signal+0x4c1/0x5e0
[  781.163165][    C1]  force_sig_info_to_task+0x272/0x320
[  781.163169][    C1]  force_sig_fault+0x125/0x1c0
[  781.163174][    C1]  ? force_sig_fault_to_task+0x1c0/0x1c0
[  781.163178][    C1]  ? ex_handler_uaccess+0x3e/0xc0
[  781.163182][    C1]  ? ex_handler_fprestore+0xf0/0xf0
[  781.163185][    C1]  ? fixup_exception+0x94/0xd0
[  781.163189][    C1]  no_context+0x2e1/0xf20
[  781.163192][    C1]  ? audit_log_end+0x1c8/0x230
[  781.163195][    C1]  ? audit_seccomp+0x1a8/0x1e0
[  781.163198][    C1]  ? is_prefetch+0x5c0/0x5c0
[  781.163202][    C1]  ? __seccomp_filter+0xd03/0x1e10
[  781.163206][    C1]  __bad_area_nosemaphore+0xcd/0x440
[  781.163209][    C1]  bad_area+0x69/0x80
[  781.163212][    C1]  exc_page_fault+0x439/0x5b0
[  781.163215][    C1]  asm_exc_page_fault+0x1e/0x30
[  781.163219][    C1] RIP: 0010:__put_user_nocheck_8+0x11/0x21
[  781.163230][    C1] Code: 0f 01 ca c3 66 0f 1f 44 00 00 48 bb f9 ef ff ff ff 7f 00 00 48 39 d9 73 14 0f 01 cb 48 89 01 31 c9 0f 01 ca c3 0f 1f 44 00 00 <0f> 01 ca b9 f2 ff ff ff c3 cc cc cc cc cc cc cc 55 48 89 e5 41 57
[  781.163234][    C1] RSP: 0000:ffffc90000cc7d98 EFLAGS: 00050283
[  781.163241][    C1] RAX: 00000000668d2ce5 RBX: 00007fffffffeff9 RCX: 0000000000000019
[  781.163246][    C1] RDX: ffffc90002da9000 RSI: 0000000000000a17 RDI: 0000000000000a18
[  781.163251][    C1] RBP: ffffc90000cc7e48 R08: ffffffff815b60b4 R09: ffffc90000cc7de0
[  781.163256][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000cc7de0
[  781.163261][    C1] R13: dffffc0000000000 R14: 1ffff92000198fb8 R15: 0000000000000019
[  781.163265][    C1]  ? ktime_get_real_ts64+0x1f4/0x2e0
[  781.163268][    C1]  ? __x64_sys_gettimeofday+0xf9/0x240
[  781.163272][    C1]  ? __ia32_sys_stime32+0x160/0x160
[  781.163276][    C1]  ? __secure_computing+0xf0/0x300
[  781.163279][    C1]  emulate_vsyscall+0xe33/0x13d0
[  781.163283][    C1]  exc_page_fault+0x147/0x5b0
[  781.163286][    C1]  ? asm_exc_page_fault+0x8/0x30
[  781.163289][    C1]  asm_exc_page_fault+0x1e/0x30
[  781.163293][    C1] RIP: 0033:_end+0x783da000/0x0
[  781.163298][    C1] Code: Unable to access opcode bytes at RIP 0xffffffffff5fffd6.
[  781.163302][    C1] RSP: 002b:00007f3decbb9ab8 EFLAGS: 00010246
[  781.163310][    C1] RAX: ffffffffffffffda RBX: 00007f3dedac6f60 RCX: 00007f3ded938bd9
[  781.163315][    C1] RDX: 00007f3decbb9ac0 RSI: 00007f3decbb9bf0 RDI: 0000000000000019
[  781.163320][    C1] RBP: 00007f3ded9a7e60 R08: 0000000000000000 R09: 0000000000000000
[  781.163325][    C1] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000
[  781.163330][    C1] R13: 000000000000000b R14: 00007f3dedac6f60 R15: 00007ffe7090ff98
[  781.163347][    C1] rcu: rcu_preempt kthread starved for 10000 jiffies! g74489 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  781.972706][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  781.982954][    C1] rcu: RCU grace-period kthread stack dump:
[  781.990328][    C1] task:rcu_preempt     state:R  running task     stack:    0 pid:   13 ppid:     2 flags:0x10004000
[  782.002136][    C1] Call Trace:
[  782.006044][    C1]  __schedule+0xbe6/0x1330
[  782.011407][    C1]  ? release_firmware_map_entry+0x192/0x192
[  782.019922][    C1]  ? _raw_spin_lock_irqsave+0xf9/0x210
[  782.025380][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[  782.031151][    C1]  schedule+0x13d/0x1d0
[  782.036704][    C1]  schedule_timeout+0x18c/0x360
[  782.043232][    C1]  ? prepare_to_swait_event+0x39f/0x3e0
[  782.049990][    C1]  ? console_conditional_schedule+0x10/0x10
[  782.059045][    C1]  ? run_local_timers+0x160/0x160
[  782.065059][    C1]  rcu_gp_kthread+0xefc/0x23a0
[  782.073190][    C1]  ? dump_blkd_tasks+0x7e0/0x7e0
[  782.081851][    C1]  ? rcu_barrier_callback+0x50/0x50
[  782.089205][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[  782.096773][    C1]  ? __kasan_check_read+0x11/0x20
[  782.104296][    C1]  ? __kthread_parkme+0xb9/0x1c0
[  782.110626][    C1]  kthread+0x34b/0x3d0
[  782.115412][    C1]  ? rcu_barrier_callback+0x50/0x50
[  782.124158][    C1]  ? kthread_blkcg+0xd0/0xd0
[  782.130283][    C1]  ret_from_fork+0x1f/0x30
[  924.935618][    C1] watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [syz.3.3076:12339]
[  924.944193][    C1] Modules linked in:
[  924.947869][    C1] CPU: 1 PID: 12339 Comm: syz.3.3076 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  924.957668][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  924.967571][    C1] RIP: 0010:smp_call_function_single+0x278/0x510
[  924.973831][    C1] Code: 0f 85 18 02 00 00 44 8b 6c 24 48 44 89 ee 83 e6 01 31 ff e8 7a f0 0a 00 41 83 e5 01 75 0a e8 bf ec 0a 00 e9 eb 00 00 00 f3 90 <42> 0f b6 04 23 84 c0 75 15 f7 44 24 48 01 00 00 00 0f 84 cd 00 00
[  924.994757][    C1] RSP: 0018:ffffc9000146ee20 EFLAGS: 00000246
[  925.000647][    C1] RAX: ffffffff815fbde4 RBX: 1ffff9200028ddcd RCX: 0000000000040000
[  925.008571][    C1] RDX: ffffc90001a64000 RSI: 000000000003ffff RDI: 0000000000040000
[  925.016890][    C1] RBP: ffffc9000146ef10 R08: ffffffff815fbdb6 R09: ffffed103ee0aec9
[  925.024831][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  925.033407][    C1] R13: 0000000000000001 R14: ffffc9000146ee68 R15: 0000000000000000
[  925.042996][    C1] FS:  00007f83e93336c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  925.052104][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  925.059013][    C1] CR2: 0000000000000000 CR3: 000000011a6ba000 CR4: 00000000003506a0
[  925.068219][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  925.077328][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  925.085216][    C1] Call Trace:
[  925.088431][    C1]  <IRQ>
[  925.091152][    C1]  ? show_regs+0x58/0x60
[  925.095200][    C1]  ? watchdog_timer_fn+0x471/0x590
[  925.100150][    C1]  ? proc_watchdog_cpumask+0xd0/0xd0
[  925.105361][    C1]  ? __hrtimer_run_queues+0x3d7/0xa50
[  925.110877][    C1]  ? hrtimer_interrupt+0x8b0/0x8b0
[  925.115790][    C1]  ? ktime_get_update_offsets_now+0x266/0x280
[  925.121686][    C1]  ? hrtimer_interrupt+0x39a/0x8b0
[  925.126748][    C1]  ? __sysvec_apic_timer_interrupt+0xfd/0x3c0
[  925.132645][    C1]  ? asm_call_irq_on_stack+0xf/0x20
[  925.137912][    C1]  </IRQ>
[  925.140712][    C1]  ? sysvec_apic_timer_interrupt+0x85/0xe0
[  925.146339][    C1]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[  925.152416][    C1]  ? smp_call_function_single+0x266/0x510
[  925.157966][    C1]  ? smp_call_function_single+0x294/0x510
[  925.163519][    C1]  ? smp_call_function_single+0x278/0x510
[  925.169172][    C1]  ? flush_tlb_kernel_range+0x1c0/0x1c0
[  925.174493][    C1]  ? flush_smp_call_function_from_idle+0x1b0/0x1b0
[  925.181203][    C1]  ? flush_tlb_kernel_range+0x1c0/0x1c0
[  925.186678][    C1]  smp_call_function_many_cond+0x94e/0xa30
[  925.192323][    C1]  ? flush_tlb_kernel_range+0x1c0/0x1c0
[  925.197853][    C1]  ? get_page_from_freelist+0x2d8c/0x2f30
[  925.203529][    C1]  ? smp_call_function_many+0x40/0x40
[  925.208734][    C1]  ? flush_tlb_kernel_range+0x1c0/0x1c0
[  925.214301][    C1]  on_each_cpu+0xa8/0x1a0
[  925.218448][    C1]  ? smp_call_function+0x90/0x90
[  925.223396][    C1]  ? find_next_bit+0xc7/0x100
[  925.227902][    C1]  ? cpumask_next+0x11/0x30
[  925.232265][    C1]  flush_tlb_kernel_range+0x14d/0x1c0
[  925.237471][    C1]  __purge_vmap_area_lazy+0x102/0x1620
[  925.242750][    C1]  ? __kasan_check_write+0x14/0x20
[  925.247693][    C1]  ? pcpu_free_vm_areas+0xc0/0xc0
[  925.252552][    C1]  ? __alloc_pages_nodemask+0xaf0/0xaf0
[  925.257933][    C1]  ? find_next_bit+0xc7/0x100
[  925.262445][    C1]  ? cpumask_next+0x11/0x30
[  925.266804][    C1]  _vm_unmap_aliases+0x334/0x3b0
[  925.271586][    C1]  vm_unmap_aliases+0x19/0x20
[  925.276163][    C1]  change_page_attr_set_clr+0x308/0x1050
[  925.281635][    C1]  ? __set_memory_prot+0x100/0x100
[  925.286810][    C1]  ? get_random_u64+0x5b0/0x5b0
[  925.291638][    C1]  ? __kmalloc+0x1aa/0x330
[  925.295882][    C1]  ? is_vmalloc_or_module_addr+0xd/0x50
[  925.301279][    C1]  ? __kasan_check_write+0x14/0x20
[  925.306402][    C1]  ? _raw_spin_lock+0xa4/0x1b0
[  925.310997][    C1]  set_memory_ro+0xa1/0xe0
[  925.315254][    C1]  ? set_memory_nx+0x130/0x130
[  925.319938][    C1]  ? bpf_int_jit_compile+0x60d5/0x9dc0
[  925.325338][    C1]  ? _raw_spin_unlock+0x4d/0x70
[  925.330092][    C1]  bpf_int_jit_compile+0x9829/0x9dc0
[  925.335795][    C1]  ? emit_bpf_dispatcher+0xc10/0xc10
[  925.341076][    C1]  bpf_prog_select_runtime+0x735/0x9c0
[  925.347161][    C1]  __se_sys_bpf+0x1080e/0x11cb0
[  925.351831][    C1]  ? __check_object_size+0x73/0x3c0
[  925.356863][    C1]  ? strncpy_from_user+0x1ff/0x2d0
[  925.361896][    C1]  ? strncpy_from_user+0x2b6/0x2d0
[  925.367191][    C1]  ? __x64_sys_bpf+0x90/0x90
[  925.371704][    C1]  ? bpf_probe_read_user_str+0x67/0x70
[  925.376938][    C1]  ? bpf_trace_run5+0x17b/0x320
[  925.382183][    C1]  ? send_sigqueue+0x610/0x610
[  925.386788][    C1]  ? __bpf_trace_signal_generate+0x3c/0x50
[  925.393308][    C1]  ? __send_signal+0xb79/0xb90
[  925.398191][    C1]  ? send_signal+0x4c1/0x5e0
[  925.402826][    C1]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  925.408541][    C1]  ? do_send_sig_info+0xfb/0x230
[  925.413482][    C1]  ? group_send_sig_info+0x1b0/0x320
[  925.418585][    C1]  ? __lock_task_sighand+0x100/0x100
[  925.423705][    C1]  ? arch_do_signal_or_restart+0xbd/0x17c0
[  925.429348][    C1]  ? bpf_send_signal_common+0x2d8/0x420
[  925.434726][    C1]  ? bpf_do_trace_printk+0x270/0x270
[  925.439976][    C1]  ? bpf_send_signal+0x19/0x20
[  925.444563][    C1]  ? fpu__clear_all+0x20/0x20
[  925.449101][    C1]  ? __kasan_check_read+0x11/0x20
[  925.453938][    C1]  __x64_sys_bpf+0x7b/0x90
[  925.458185][    C1]  do_syscall_64+0x34/0x70
[  925.462458][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  925.468181][    C1] RIP: 0033:0x7f83ea0b1bd9
[  925.472499][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  925.492056][    C1] RSP: 002b:00007f83e9333048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  925.500299][    C1] RAX: ffffffffffffffda RBX: 00007f83ea23ff60 RCX: 00007f83ea0b1bd9
[  925.508192][    C1] RDX: 0000000000000090 RSI: 00000000200000c0 RDI: 0000000000000005
[  925.516904][    C1] RBP: 00007f83ea120e60 R08: 0000000000000000 R09: 0000000000000000
[  925.524706][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  925.532870][    C1] R13: 000000000000000b R14: 00007f83ea23ff60 R15: 00007ffcf2cdfbb8
[  925.540702][    C1] Sending NMI from CPU 1 to CPUs 0:
[  925.546927][    C1] NMI backtrace for cpu 0
[  925.546935][    C1] CPU: 0 PID: 12335 Comm: syz.0.3075 Not tainted 5.10.218-syzkaller-00638-g3feee789f446 #0
[  925.546941][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  925.546945][    C1] RIP: 0010:kvm_wait+0xec/0x150
[  925.546956][    C1] Code: 03 42 0f b6 04 20 84 c0 75 6a 41 0f b6 45 00 44 38 f0 75 26 41 f7 c7 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d 95 52 d5 03 f4 <eb> 0e 0f 1f 44 00 00 0f 00 2d 86 52 d5 03 fb f4 4c 89 7c 24 18 ff
[  925.546960][    C1] RSP: 0000:ffffc90000cc6f20 EFLAGS: 00000046
[  925.546969][    C1] RAX: 0000000000000003 RBX: 1ffff92000198de8 RCX: ffffffff8150b5a4
[  925.546974][    C1] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffc90000cc6f60
[  925.546984][    C1] RBP: ffffc90000cc6fd0 R08: dffffc0000000000 R09: ffffed1021998349
[  925.546989][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  925.546994][    C1] R13: ffff88810ccc1a40 R14: 0000000000000003 R15: 0000000000000046
[  925.547000][    C1] FS:  00007f3decbba6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  925.547004][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  925.547009][    C1] CR2: 0000000000000000 CR3: 0000000121a08000 CR4: 00000000003506b0
[  925.547014][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  925.547019][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  925.547021][    C1] Call Trace:
[  925.547024][    C1]  <NMI>
[  925.547027][    C1]  ? show_regs+0x58/0x60
[  925.547030][    C1]  ? nmi_cpu_backtrace+0x133/0x160
[  925.547033][    C1]  ? kvm_wait+0xec/0x150
[  925.547037][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  925.547040][    C1]  ? nmi_handle+0xa8/0x280
[  925.547043][    C1]  ? kvm_wait+0xec/0x150
[  925.547046][    C1]  ? kvm_wait+0xec/0x150
[  925.547050][    C1]  ? default_do_nmi+0x69/0x160
[  925.547053][    C1]  ? exc_nmi+0xad/0x100
[  925.547056][    C1]  ? end_repeat_nmi+0x16/0x31
[  925.547060][    C1]  ? __pv_queued_spin_lock_slowpath+0x6d4/0xc70
[  925.547063][    C1]  ? kvm_wait+0xec/0x150
[  925.547066][    C1]  ? kvm_wait+0xec/0x150
[  925.547070][    C1]  ? kvm_wait+0xec/0x150
[  925.547072][    C1]  </NMI>
[  925.547075][    C1]  ? kvm_arch_para_hints+0x30/0x30
[  925.547079][    C1]  __pv_queued_spin_lock_slowpath+0x72f/0xc70
[  925.547083][    C1]  ? __pv_queued_spin_unlock_slowpath+0x280/0x280
[  925.547087][    C1]  _raw_spin_lock_irqsave+0x1a0/0x210
[  925.547090][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[  925.547094][    C1]  ? stack_trace_save+0x113/0x1c0
[  925.547097][    C1]  ? __set_page_owner+0x3b/0x2d0
[  925.547101][    C1]  force_sig_info_to_task+0x67/0x320
[  925.547104][    C1]  ? bsearch+0x96/0xc0
[  925.547107][    C1]  force_sig_fault+0x125/0x1c0
[  925.547111][    C1]  ? force_sig_fault_to_task+0x1c0/0x1c0
[  925.547114][    C1]  ? ex_handler_uaccess+0x3e/0xc0
[  925.547118][    C1]  ? ex_handler_fprestore+0xf0/0xf0
[  925.547121][    C1]  ? fixup_exception+0x94/0xd0
[  925.547124][    C1]  no_context+0x2e1/0xf20
[  925.547127][    C1]  ? is_prefetch+0x5c0/0x5c0
[  925.547131][    C1]  ? stack_trace_save+0x113/0x1c0
[  925.547135][    C1]  __bad_area_nosemaphore+0xcd/0x440
[  925.547138][    C1]  bad_area_nosemaphore+0x2d/0x40
[  925.547141][    C1]  exc_page_fault+0x3ea/0x5b0
[  925.547145][    C1]  asm_exc_page_fault+0x1e/0x30
[  925.547149][    C1] RIP: 0010:strncpy_from_user+0x2b8/0x2d0
[  925.547159][    C1] Code: fb fe 45 31 f6 eb e4 e8 76 d2 fb fe 49 c7 c6 f2 ff ff ff eb d6 e8 68 d2 fb fe 49 c7 c6 f2 ff ff ff eb c8 e8 5a d2 fb fe eb a9 <e8> 53 d2 fb fe 4d 29 f5 4c 8b 7d d0 e9 28 ff ff ff cc cc cc cc cc
[  925.547163][    C1] RSP: 0000:ffffc90000cc7620 EFLAGS: 00050046
[  925.547170][    C1] RAX: 0000000000000000 RBX: 00007ffffffff000 RCX: ffff888125e14f00
[  925.547182][    C1] RDX: ffffc90002da9000 RSI: 0000000000000008 RDI: 0000000000000007
[  925.547187][    C1] RBP: ffffc90000cc7668 R08: ffffffff826ed64a R09: ffffffff81aefd33
[  925.547192][    C1] R10: 0000000000000003 R11: ffff888125e14f00 R12: 0000000000000008
[  925.547200][    C1] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc90000cc76e8
[  925.547204][    C1]  ? __check_object_size+0x73/0x3c0
[  925.547207][    C1]  ? strncpy_from_user+0xda/0x2d0
[  925.547211][    C1]  strncpy_from_user_nofault+0x73/0x150
[  925.547215][    C1]  bpf_probe_read_user_str+0x2a/0x70
[  925.547218][    C1]  bpf_prog_78f9c3f13797e2ae+0x35/0x534
[  925.547222][    C1]  bpf_trace_run5+0x176/0x320
[  925.547225][    C1]  ? bpf_trace_run4+0x2e0/0x2e0
[  925.547229][    C1]  __bpf_trace_signal_generate+0x3c/0x50
[  925.547233][    C1]  __send_signal+0xb39/0xb90
[  925.547237][    C1]  send_signal+0x4c1/0x5e0
[  925.547240][    C1]  force_sig_info_to_task+0x272/0x320
[  925.547244][    C1]  force_sig_fault+0x125/0x1c0
[  925.547247][    C1]  ? force_sig_fault_to_task+0x1c0/0x1c0
[  925.547251][    C1]  ? ex_handler_uaccess+0x3e/0xc0
[  925.547255][    C1]  ? ex_handler_fprestore+0xf0/0xf0
[  925.547258][    C1]  ? fixup_exception+0x94/0xd0
[  925.547262][    C1]  no_context+0x2e1/0xf20
[  925.547265][    C1]  ? audit_log_end+0x1c8/0x230
[  925.547268][    C1]  ? audit_seccomp+0x1a8/0x1e0
[  925.547271][    C1]  ? is_prefetch+0x5c0/0x5c0
[  925.547275][    C1]  ? __seccomp_filter+0xd03/0x1e10
[  925.547279][    C1]  __bad_area_nosemaphore+0xcd/0x440
[  925.547282][    C1]  bad_area+0x69/0x80
[  925.547285][    C1]  exc_page_fault+0x439/0x5b0
[  925.547289][    C1]  asm_exc_page_fault+0x1e/0x30
[  925.547292][    C1] RIP: 0010:__put_user_nocheck_8+0x11/0x21
[  925.547304][    C1] Code: 0f 01 ca c3 66 0f 1f 44 00 00 48 bb f9 ef ff ff ff 7f 00 00 48 39 d9 73 14 0f 01 cb 48 89 01 31 c9 0f 01 ca c3 0f 1f 44 00 00 <0f> 01 ca b9 f2 ff ff ff c3 cc cc cc cc cc cc cc 55 48 89 e5 41 57
[  925.547308][    C1] RSP: 0000:ffffc90000cc7d98 EFLAGS: 00050283
[  925.547315][    C1] RAX: 00000000668d2ce5 RBX: 00007fffffffeff9 RCX: 0000000000000019
[  925.547320][    C1] RDX: ffffc90002da9000 RSI: 0000000000000a17 RDI: 0000000000000a18
[  925.547325][    C1] RBP: ffffc90000cc7e48 R08: ffffffff815b60b4 R09: ffffc90000cc7de0
[  925.547330][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000cc7de0
[  925.547335][    C1] R13: dffffc0000000000 R14: 1ffff92000198fb8 R15: 0000000000000019
[  925.547339][    C1]  ? ktime_get_real_ts64+0x1f4/0x2e0
[  925.547343][    C1]  ? __x64_sys_gettimeofday+0xf9/0x240
[  925.547346][    C1]  ? __ia32_sys_stime32+0x160/0x160
[  925.547350][    C1]  ? __secure_computing+0xf0/0x300
[  925.547353][    C1]  emulate_vsyscall+0xe33/0x13d0
[  925.547357][    C1]  exc_page_fault+0x147/0x5b0
[  925.547360][    C1]  ? asm_exc_page_fault+0x8/0x30
[  925.547364][    C1]  asm_exc_page_fault+0x1e/0x30
[  925.547367][    C1] RIP: 0033:_end+0x783da000/0x0
[  925.547372][    C1] Code: Unable to access opcode bytes at RIP 0xffffffffff5fffd6.
[  925.547376][    C1] RSP: 002b:00007f3decbb9ab8 EFLAGS: 00010246
[  925.547383][    C1] RAX: ffffffffffffffda RBX: 00007f3dedac6f60 RCX: 00007f3ded938bd9
[  925.547388][    C1] RDX: 00007f3decbb9ac0 RSI: 00007f3decbb9bf0 RDI: 0000000000000019
[  925.547393][    C1] RBP: 00007f3ded9a7e60 R08: 0000000000000000 R09: 0000000000000000
[  925.547398][    C1] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000
[  925.547403][    C1] R13: 000000000000000b R14: 00007f3dedac6f60 R15: 00007ffe7090ff98