last executing test programs:

21m52.326902684s ago: executing program 32 (id=178):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x6, 0x5, 0xfe, "ff00"})
r1 = syz_open_pts(r0, 0x141601)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x40810, &(0x7f0000000700)=ANY=[])
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, &(0x7f0000000500)="b9b9c86368a0c3e2ab51d5853e", &(0x7f00000000c0)=""/48)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106400000000006113740000000000bfa00000000000000700000008ffffffd50301001774004095000000000000006916360000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)
ioctl$BINDER_THREAD_EXIT(r5, 0x40046208, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x6, @none, 0x4, 0x2}, 0xe)
write(r1, &(0x7f0000000000)="d5", 0xfffffedf)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'team_slave_0\x00'})

20m44.104496801s ago: executing program 33 (id=274):
socket(0x2, 0x3, 0xff)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0x7, 0x288501)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000100)={0x410001, 0x2, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000140)=0x2)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x3)
lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
getsockopt$IP_SET_OP_GET_BYNAME(r2, 0x1, 0x53, &(0x7f0000000300)={0x6, 0x7, 'syz2\x00'}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x38, 0x1403, 0x1, 0x0, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_team\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x200888e4}, 0x20048000)

16m51.995001469s ago: executing program 34 (id=627):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000400)='./file0\x00')
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r3=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x3, r3, 0x1, 0xffff, 0xa, 0x1ff, 0x1})

15m59.679859604s ago: executing program 35 (id=712):
r0 = userfaultfd(0x80001)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1f, 0x12, r1, 0x80000000)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
socket$igmp6(0xa, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = userfaultfd(0x801)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000000040)=0x8, 0x4)
setsockopt$XDP_TX_RING(r5, 0x11b, 0x3, 0x0, 0x0)
getsockopt$XDP_STATISTICS(r5, 0x11b, 0x7, &(0x7f00000004c0), &(0x7f0000000500)=0x30)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
r7 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10, 0x0}, 0x3004d041)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000000000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)

15m5.998738884s ago: executing program 36 (id=798):
r0 = socket(0x80000000000000a, 0x2, 0x0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f00000000c0))
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaa0600aaaa0180c2000000080045000044000000000021907800000000ffffffff050090780a0101"], 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYBLOB, @ANYRES32], 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000640)=0x8000)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb7}}}, 0x1c)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
memfd_create(&(0x7f0000000040)='\x01\xfd\xae.+\xa6\x8c\xf8\xff2\x199\x94S,|\x99x?Ue[\xbd\xe1!\x03[d \xa0\x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xd3\a\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\xfa\x18\x8dR\xbb\xea5F\x00G\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xccV\xa6w%\x06\x19\x7f\xc3\xb3O\xe5t3\x03\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6x\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00p+\x96\x1ei|n\xda\xee\x01\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\x9f\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\xf4\xcd\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\ti\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x17&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\b\x00\x00\x00\x00\x00\x00\x00\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\xbfM.\xe3\x84\x82\x9c\x91\a\x9b\x191c\xaeLz\xe0\x04Daz\x8d\xc3\x03\xab\x8dEGC$\x00e,\x94#\xcd4\xf9\x05\x88.\x13\x03\x04\xdb\x00\x00\x00\x00\x00', 0x4)
r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

13m51.635861283s ago: executing program 37 (id=907):
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0xe4002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000001000000000000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d67a4fd46c84eec8e9807c4c3060c6a405106c720a0001006f776e65720000000900010073797a30000000000900020073797a32"], 0x98}}, 0x4048010)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000000c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r5, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

13m46.823867445s ago: executing program 38 (id=901):
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0xe4002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000001000000000000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d67a4fd46c84eec8e9807c4c3060c6a405106c720a0001006f776e65720000000900010073797a30000000000900020073797a32"], 0x98}}, 0x4048010)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000000c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r5, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

10m13.367627456s ago: executing program 3 (id=1297):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0x1c}], 0x1}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)

10m11.25681454s ago: executing program 3 (id=1299):
mmap(&(0x7f00005d4000/0x4000)=nil, 0x4000, 0x0, 0x4010, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xfffffffffffffeef, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf2000000000000015000200000001103d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$sock_int(r4, 0x1, 0xc, &(0x7f0000000000)=0x1, 0x4)
sendmmsg(r2, &(0x7f0000007fc0), 0x0, 0x4)
recvmmsg(r4, 0x0, 0x0, 0x0, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r3, 0x40103d0b, &(0x7f0000000100)={0xfffffff4, 0xb99780e35628d9d6})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000fdffffff00000000000010001811000046b4e381367fb39c794c56afbb6e760fd73cc168f7f724218d69cb511d6f57d881477c4ce5e9b09c964a7e2e8cf2252df6c4b2f87e802e1d2601000100ee9e6617101414645ebe5a77f53c438c518da653215c20a87613d9c174807ac18823000000000000089a00"/145, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x62, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

10m9.560960295s ago: executing program 3 (id=1302):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, 0x0, 0x118)
syz_open_procfs(0x0, &(0x7f0000000200)='net/netlink\x00')
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000000)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x7fffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x34, r5, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2000000}, @L2TP_ATTR_IFNAME={0x14}]}, 0x34}}, 0x40880)
r6 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$read(0xb, r6, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x14, 0xc, 0x4})

10m8.048371296s ago: executing program 3 (id=1306):
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xc5c, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x10000a007)
sendmsg$nl_route(r2, 0x0, 0x40c0)
pipe2$watch_queue(&(0x7f0000000540), 0x80)
r3 = syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c80, 0x0)
io_setup(0x9, &(0x7f0000000000)=<r4=>0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
io_submit(r4, 0x1, &(0x7f0000001200)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0}])
io_getevents(r4, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
write$nbd(0xffffffffffffffff, &(0x7f0000000080)={0x1000000, 0x1, 0x2, 0xfffc, 0x3, "82b0cfc4337965941538be020000000000000000000074999b91793ba7f40000000000fdf700"/47}, 0x3f)

10m1.930752043s ago: executing program 3 (id=1317):
mknod$loop(0x0, 0x8fff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@delalloc}, {@grpjquota_path={'grpjquota', 0x3d, './file1'}}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x557, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvbDb9rU2hFBWRQA9WajdN4o8KHupRtFjQe12SbSjZdEt2U5pYsD3YixcpgogF8a53j8V/wL+ioIUiJerBS2Q2M2ma3STbdOsG5/OBCe/tzO6btzPfl+/s22UCKKzR9E8p4sWI+CqJOBwRSbauHNnK0dXtlh9en0qXJFZWPv4jaW+X1vPXyp93MKu8EBG/fBFxstTZbnNxabZar9fms/pYa+7KWHNx6dSluepMbaZ2eWJy8sybkxPvvP1W3/r62vm/v/3o7vtnvjy+/M1P94/cTuJsHOrbq7fdWF8ZjdHsPRmOsxs2HO9vuwOXDHoH2JGhLM6HIx0DDsdQFvXA/9/nEbECFFQi/qGg8jwgv7Zffz1fBA/eW70A6ux/efWzkdjXvjY6sJw8dmWUXu+O9KH9tI2ff79zO11iw+cpAM/SjZsRcbpc7hz/kmz827nTPWyzsQ3jH/x37qb5z+vd8p/SWv4TXfKfg11idye2j//S/T40s6k0/3u3a/67Nmk1MpTVnmvnfMPJxUv1Wjq2PR8RJ2J4b1rfaj7nzPK91Tx7f+e69flfuqTt57lgth/3y3sff850tVV92n7nHtyMeKlr/pusHf+ky/FP34/zPbZxrHbnlc3Wbd//Z2vlh4hXux7/RzNaydbzk2Pt82EsPys6/XXr2K+btT/o/qfHf2jr/o8k6+drm0/exvf7/qlttu6x/kfv5/+e5JN2eU/22LVqqzU/HrEn+bDz8YlHz83r+fZp/08c33r863b+p6H8aY/9v3X0x5d76v+Ajv/0Ex3/Jy/c++Cz7zZrv7fx74126UT2SC/jX687+DTvHQAAAAAAAOw2pYg4FEmpslYulSqV1e93HI0DpXqj2Tp5sbFweTrav5UdieFSPtN9eN33Icaz78Pm9YkN9cmIOBIRXw/tb9crU4369KA7DwAAAAAAAAAAAAAAAAAAALvEwU1+/5/6bWjQewc8c275DcW1bfz3405PwK7k/z8UVzna97gGCsj/fygu8Q/FJf6huMQ/FJf4h+IS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBX58+dS5eV5YfXp9L69NXFhdnG1VPTteZsZW5hqjLVmL9SmWk0Zuq1ylRjbrvXqzcaV8YnYuHaWKvWbI01F5cuzDUWLrcuXJqrztQu1NxnEAAAAAAAAAAAAAAAAAAAADo1F5dmq/V6bV5BYUeFcl74c3fsj0J/CoMemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkX8DAAD//yRANW8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4080, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x8b, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
setresuid(0x0, 0xee01, 0x0)
pipe2$watch_queue(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
r4 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f00000001c0)="bf", 0x1, 0xfffffffffffffffd)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0x63)
r5 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r3, 0x1010000000000e1)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r2, 0xffffffff)
getgroups(0x9, &(0x7f00000003c0)=[0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])
keyctl$chown(0x4, r4, 0x0, r6)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), 0x0)
rt_sigprocmask(0x0, &(0x7f0000000080)={[0x1000]}, 0x0, 0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

9m54.571170522s ago: executing program 3 (id=1326):
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xffffffff, 0xbde, 0xb, 0x10000}})
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
pwritev2(r3, &(0x7f0000000240)=[{0x0}], 0x1, 0x7000, 0x0, 0x3)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='setgroups\x00')
io_uring_setup(0x50ec, &(0x7f0000000380)={0x0, 0x77ae, 0x8, 0x0, 0x3d7, 0x0, r4})
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @pix_mp={0x9, 0x8, 0x49433553, 0x4, 0x0, [{0x9, 0x5}, {0xe, 0x5}, {0x7, 0x9}, {0x0, 0x3}, {0x9}, {0x80000000, 0xe2c}, {0xfff, 0x5}, {0x4, 0x2}], 0x3, 0x0, 0x7, 0x0, 0x1}}, 0x4})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f0000000180))
syz_open_dev$tty1(0xc, 0x4, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="31042abd700000dc9f25160000000c00018008000100", @ANYRES32=0x0, @ANYBLOB="050004000100000005000200000000000500030000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4c810}, 0x20000000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0)
recvmmsg(r8, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x0, 0x0, 0xfffffe2a}}, {{0x0, 0x0, 0x0}}], 0x400000000000059, 0x2040, 0x0)

9m38.885429399s ago: executing program 39 (id=1326):
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xffffffff, 0xbde, 0xb, 0x10000}})
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
pwritev2(r3, &(0x7f0000000240)=[{0x0}], 0x1, 0x7000, 0x0, 0x3)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='setgroups\x00')
io_uring_setup(0x50ec, &(0x7f0000000380)={0x0, 0x77ae, 0x8, 0x0, 0x3d7, 0x0, r4})
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @pix_mp={0x9, 0x8, 0x49433553, 0x4, 0x0, [{0x9, 0x5}, {0xe, 0x5}, {0x7, 0x9}, {0x0, 0x3}, {0x9}, {0x80000000, 0xe2c}, {0xfff, 0x5}, {0x4, 0x2}], 0x3, 0x0, 0x7, 0x0, 0x1}}, 0x4})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f0000000180))
syz_open_dev$tty1(0xc, 0x4, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="31042abd700000dc9f25160000000c00018008000100", @ANYRES32=0x0, @ANYBLOB="050004000100000005000200000000000500030000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4c810}, 0x20000000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0)
recvmmsg(r8, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x0, 0x0, 0xfffffe2a}}, {{0x0, 0x0, 0x0}}], 0x400000000000059, 0x2040, 0x0)

9m2.861695706s ago: executing program 9 (id=1411):
r0 = socket(0x80000000000000a, 0x2, 0x0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f00000000c0))
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaa0600aaaa0180c2000000080045000044000000000021907800000000ffffffff050090780a0101"], 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYBLOB, @ANYRES32], 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000640)=0x8000)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb7}}}, 0x1c)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
memfd_create(&(0x7f0000000040)='\x01\xfd\xae.+\xa6\x8c\xf8\xff2\x199\x94S,|\x99x?Ue[\xbd\xe1!\x03[d \xa0\x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xd3\a\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\xfa\x18\x8dR\xbb\xea5F\x00G\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xccV\xa6w%\x06\x19\x7f\xc3\xb3O\xe5t3\x03\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6x\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00p+\x96\x1ei|n\xda\xee\x01\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\x9f\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\xf4\xcd\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\ti\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x17&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\b\x00\x00\x00\x00\x00\x00\x00\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\xbfM.\xe3\x84\x82\x9c\x91\a\x9b\x191c\xaeLz\xe0\x04Daz\x8d\xc3\x03\xab\x8dEGC$\x00e,\x94#\xcd4\xf9\x05\x88.\x13\x03\x04\xdb\x00\x00\x00\x00\x00', 0x4)
r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

9m0.32794247s ago: executing program 9 (id=1416):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYBLOB="180800000600000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1}, 0x94)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0xfffffffffffffffe}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000003340), 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000540)={<r6=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0xffff, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}]}, &(0x7f0000000240)=0xc)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r6, @in={{0x2, 0x4e22, @private=0xa010102}}}, &(0x7f0000000040)=0x84)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r7, 0x400448e6, &(0x7f0000000240)="7c773d39aeef000000006dcffe32d6e49f")
ioctl$sock_bt_hci(r7, 0x400448e6, &(0x7f0000000500)="d7")
ioctl$sock_bt_hci(r7, 0x400448e7, &(0x7f0000000080))
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)=@newtaction={0xf0, 0x30, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x2, 0x0, 0x446, {0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x4}, 0xfffffffd, 0x0, 0x2}}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x0, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x401}, {0x0, 0x0, 0x1}}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000)

8m59.197935925s ago: executing program 9 (id=1418):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000740)='./bus\x00', 0x0, &(0x7f00000003c0)=ANY=[], 0x1, 0x4ba, &(0x7f0000000780)="$eJzs20tsVFUcx/Hff+50mA5Vy8MChkATTawg0AcWSE0MDxtNeGihGomPVDrFStshnaKUgLBUdy5YunTrwpVxa0hcGhcGY1iYIBs3sxJ3mHPnvmYonRloZyj9fgicc+/873DO+c+dc85kRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDr0+sHePmt1KwAAQDMdPznSO8D8DwDAqnKK/T8AAMBqYvL0p0y7zpXsmH9clj06OXPh4uiR4YUvazeZUvL8ePc329c/sPeVwX37w3Lx65faFp04eepg9+HC9PnZfLGYH+8enZk8UxjP1/0Mj3p9tR3+AHRPn7swPjFR7O7fPVDx8MXOO2vWdnUODX5wOBPGjh4ZHj6ZiEm3PfT/fp8HrfAz8vSSTJ/++L0dl5TSo49FjdfOcmv3O7HD78TokWG/I1OTYzNz7kFLBVGpyjHJhGPUhFw8kpTk2mWZpdmztcnTTzId2lOyE5K8cBx2+h8M19WeVki7raukHq2AnD3G1sjTRzLd2NOpt4Jx9fOfkS63unFYdung/i9Yyd723w/c/eTeNo++0/3mzEQhEWup4I5a6fNDMz3m701ZeTrh3/ElG9H2VjcHTdYuT9MyZb75zF9XyF+XPjO0b9v2A8kVxqYaz+Nidwc3Vz1zcluwdLCU+7P0/UJ9subpb5nu/pH1j3vCOUC6dm+xC/9qSvOw3MzTlEz/XSmZVe1LvcT+PrLS5/7lbX979nDh/Pzs5NlP5hZ8PJc9+HFxbnbszMIPl/euXvJMrX1stVRjW7KclXd8X35eiq4L9gBPlY/i1nx3OX4t9FSVoeTrp5563bvYBtZRrk1mnm7LNPHh5vI8o1zDY7MauPwPy1Qs/WphpoP8p8tHify/Go9f1irLiJ/bp8ufa4VriS2nNz7o/HLk37XJ5f89mQ79uzn4TKOcf68q1sV1yfT+9a1BXCrj4tJhd8rPODE5le91sfdkWv9LGCs/NhfEbohj+1xsUaavblTGrg1iN8ax/S72pky3fl849tk4dsDFzrt83eoOY3MudlsQ2xXH7j5TmBqvNawu//0yvXv1DQv7/MD8J+7/a1Vl5L6cL15fqvx3Js5dC/J6Osh/ukb+v5Zp/p+tYb/9sQ9fVuv8f+P8u7XyD9crY8MN5fo4tq/ebrWay/86me68djPqc9C34DDOUDL/z6Ury2hcW5T/dYlznUG7Mg2OxWpUnL90bmxqKj9LhQoVKlGl1e9MaAY3/4+4WX3Qs3AdE8z/HeWjeMV094t4/h+qKiMtmv/XJ84NBauWtrSUnZs+37ZJyhbnL+2anB47mz+bnxnYO9jbf2Bv78D+tky4uItrdY/dk8Dlf6dMV37+LdrHVK7/Fl7/56rKSIvyvyHZp4p1Td1DsSq5/HfINHj7ZrTf9PN/72pwVLn+D/f/Pc9XltH916L8b0yc6wza1dHYUAAAAAAAAAAAAAAAAADAipIzTy/IdHHkZQt/Q1TP9//Gq8rIot/5yuohvv9V/mFyje9/dSXOjTfpdw0NDTQAAAAAAAAAAECTpOTpW5leVMn8X/x3SMeSJZ5o/wcAAP//EkNJNw==")
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
mount(0x0, 0x0, &(0x7f0000000540)='virtiofs\x00', 0x80c000, &(0x7f0000000580)='d\x12\x11\xec\x96\x9ch\x0f\x91\x01')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="747970653d4fc1f9cb2c636f6465706167653d69736f383835392d362c696f636861727365743d63703835372c71756965742c706172743d3078303030303030303030303030303030352c00"], 0x11, 0x2b6, &(0x7f0000000200)="$eJzs3U9rE0EYx/HfbNI22lK3tiJ4rBb0Ilov4iUieRGeRG0iFENFrfjnVMWTiN69+xZ8EV4U34CePPkC6mllZifZJLvZTUOTber3Aw2b7D47z2T/zDyBsgLw37rV+Pn52m/7Z6SKKtK7G1IgqSZVJZ3R2dqznd3t3Xarmbejiouwf0ZxpElts7XTygq1cS7CC+27qpZ6P8NkRFF081fZSaB07urPEEgL/up062tTzyzf6zHj9g45j1lj9rWvF1ouOw8AQLn8+B/4cX7Jz9+DQNrww/6RHP/HtV92AhMX5a7tGf9dlRUZe3xPuVVJvedKOLs+6FSJo7Q8N/B+XvGZ1TfBNEVVpcslOPFgu926vPWo3Qz0RnWvZ7M199qMT92OgmzXM2rTHCP03WTPKBddH+ZsHzbj/J9L6st/dcwWx2a+mu/mjgn1Sc3u/K8aGXuY3JEKB45UnP+V4Xt0vQztVvK3jXq9HvRtsuIaOedb8Ap6WcuuSNQ5o1bU/wNBWJSnizo9EBX37mpB1Gpm1Gbn3ZCotb4o25vu2Ty8vUkzH8xts64/+qJGz/w/sPltKPfKTK4asxEPBe4bj/szn91c1e0zTI0c6cul+y0uDEv9b/49DQfwXvd1XctPX756WGm3W0/swr2MhcdL3U/m3kqZ25S8oL3kkwVFTmrjzqA0zcQuHeoO7f2jcGN7lR2Jg3KsFxrfpnsilbFQ8v0JU5Ec9LIzQUnsvMvE9V9Sr1TjyZ59CTPn6SP+EOD3GNk5dreCS2KjeEYu6eSBKrjF4RVcuuZK1Yyu5jp/Uboweouhz/OYMA390F1+/wcAAAAAAAAAAAAAAAAAAJg10/h3grL7CAAAAAAAAAAAAAAAAAAAAADArOs+/1ed5/9qtOf/Dj6K5TCf//txRzz/F5i8fwEAAP//FZd8vg==")
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x80)
getdents64(r4, &(0x7f0000001f80)=""/4096, 0x1000)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000a00000a000000947c76fe71e6c0c33d9d46f56c3b70e03f4d06ae0e6b519ae97c76b4eabb6051e0915c03be8f6e9f655b97cf2b56ad2ac868ea4af120c562810f56cda3fbb84708a0f9a77f0af82104acd41078f07af8595fae07873427de23df371e6b9dd4e577b56ad1d7632763e5"], 0x54}}, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaabb96cdbddee6cbed1797b7b9bbbbbbbbbb0887477b0060006600000c3fc82f9078ac14142f6401010004000800040086dd080088be00000003180068fd01000000ffff7ac3080022eb230800002e6f750902000000009876"], 0x0)
ioctl$VIDIOC_SUBDEV_S_CROP(0xffffffffffffffff, 0xc038563c, &(0x7f0000000140)={0x0, 0x0, {0x1, 0xfff, 0x8001}})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x129242, 0x30)
pwrite64(r5, &(0x7f00000001c0)='a', 0x1, 0x404043000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001000), r6)
sendmsg$IEEE802154_START_REQ(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010027bd7000000000000d000000050007001616000006000a000000000406000800000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES16, @ANYRES64, @ANYRES16, @ANYRES8, @ANYRESDEC, @ANYRESHEX, @ANYRESDEC=r7], 0xc0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000600)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f000007d000/0x2000)=nil, 0x2000, 0x2})

8m57.193659226s ago: executing program 9 (id=1420):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[], 0x1c}}, 0x4800)
mount$cgroup(0x0, 0x0, &(0x7f0000000040), 0x1008000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7})
openat$dir(0xffffffffffffff9c, 0x0, 0x101000, 0x108)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r6, 0xc01064ab, &(0x7f0000000700)={0x1b3})
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x80}, 0x1c)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="02090000020000000000000000003f64"], 0x10}}, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)

8m55.915671884s ago: executing program 9 (id=1423):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, 0x0, 0x118)
syz_open_procfs(0x0, &(0x7f0000000200)='net/netlink\x00')
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000000)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x7fffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x34, r5, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2000000}, @L2TP_ATTR_IFNAME={0x14}]}, 0x34}}, 0x40880)
r6 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$read(0xb, r6, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x14, 0xc, 0x4})

8m54.3297762s ago: executing program 9 (id=1428):
mknod$loop(0x0, 0x8fff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@delalloc}, {@grpjquota_path={'grpjquota', 0x3d, './file1'}}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x557, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvbDb9rU2hFBWRQA9WajdN4o8KHupRtFjQe12SbSjZdEt2U5pYsD3YixcpgogF8a53j8V/wL+ioIUiJerBS2Q2M2ma3STbdOsG5/OBCe/tzO6btzPfl+/s22UCKKzR9E8p4sWI+CqJOBwRSbauHNnK0dXtlh9en0qXJFZWPv4jaW+X1vPXyp93MKu8EBG/fBFxstTZbnNxabZar9fms/pYa+7KWHNx6dSluepMbaZ2eWJy8sybkxPvvP1W3/r62vm/v/3o7vtnvjy+/M1P94/cTuJsHOrbq7fdWF8ZjdHsPRmOsxs2HO9vuwOXDHoH2JGhLM6HIx0DDsdQFvXA/9/nEbECFFQi/qGg8jwgv7Zffz1fBA/eW70A6ux/efWzkdjXvjY6sJw8dmWUXu+O9KH9tI2ff79zO11iw+cpAM/SjZsRcbpc7hz/kmz827nTPWyzsQ3jH/x37qb5z+vd8p/SWv4TXfKfg11idye2j//S/T40s6k0/3u3a/67Nmk1MpTVnmvnfMPJxUv1Wjq2PR8RJ2J4b1rfaj7nzPK91Tx7f+e69flfuqTt57lgth/3y3sff850tVV92n7nHtyMeKlr/pusHf+ky/FP34/zPbZxrHbnlc3Wbd//Z2vlh4hXux7/RzNaydbzk2Pt82EsPys6/XXr2K+btT/o/qfHf2jr/o8k6+drm0/exvf7/qlttu6x/kfv5/+e5JN2eU/22LVqqzU/HrEn+bDz8YlHz83r+fZp/08c33r863b+p6H8aY/9v3X0x5d76v+Ajv/0Ex3/Jy/c++Cz7zZrv7fx74126UT2SC/jX687+DTvHQAAAAAAAOw2pYg4FEmpslYulSqV1e93HI0DpXqj2Tp5sbFweTrav5UdieFSPtN9eN33Icaz78Pm9YkN9cmIOBIRXw/tb9crU4369KA7DwAAAAAAAAAAAAAAAAAAALvEwU1+/5/6bWjQewc8c275DcW1bfz3405PwK7k/z8UVzna97gGCsj/fygu8Q/FJf6huMQ/FJf4h+IS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBX58+dS5eV5YfXp9L69NXFhdnG1VPTteZsZW5hqjLVmL9SmWk0Zuq1ylRjbrvXqzcaV8YnYuHaWKvWbI01F5cuzDUWLrcuXJqrztQu1NxnEAAAAAAAAAAAAAAAAAAAADo1F5dmq/V6bV5BYUeFcl74c3fsj0J/CoMemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkX8DAAD//yRANW8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4080, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x8b, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setresuid(0x0, 0xee01, 0x0)
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f00000001c0)="bf", 0x1, 0xfffffffffffffffd)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, 0xffffffffffffffff, 0x63)
add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
stat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getgroups(0x9, &(0x7f00000003c0)=[r4, r4, r4, r4, r4, r4, r4, r4, r4])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), 0x0)
rt_sigprocmask(0x0, &(0x7f0000000080)={[0x1000]}, 0x0, 0x8)

8m38.87643007s ago: executing program 40 (id=1428):
mknod$loop(0x0, 0x8fff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@delalloc}, {@grpjquota_path={'grpjquota', 0x3d, './file1'}}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x557, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvbDb9rU2hFBWRQA9WajdN4o8KHupRtFjQe12SbSjZdEt2U5pYsD3YixcpgogF8a53j8V/wL+ioIUiJerBS2Q2M2ma3STbdOsG5/OBCe/tzO6btzPfl+/s22UCKKzR9E8p4sWI+CqJOBwRSbauHNnK0dXtlh9en0qXJFZWPv4jaW+X1vPXyp93MKu8EBG/fBFxstTZbnNxabZar9fms/pYa+7KWHNx6dSluepMbaZ2eWJy8sybkxPvvP1W3/r62vm/v/3o7vtnvjy+/M1P94/cTuJsHOrbq7fdWF8ZjdHsPRmOsxs2HO9vuwOXDHoH2JGhLM6HIx0DDsdQFvXA/9/nEbECFFQi/qGg8jwgv7Zffz1fBA/eW70A6ux/efWzkdjXvjY6sJw8dmWUXu+O9KH9tI2ff79zO11iw+cpAM/SjZsRcbpc7hz/kmz827nTPWyzsQ3jH/x37qb5z+vd8p/SWv4TXfKfg11idye2j//S/T40s6k0/3u3a/67Nmk1MpTVnmvnfMPJxUv1Wjq2PR8RJ2J4b1rfaj7nzPK91Tx7f+e69flfuqTt57lgth/3y3sff850tVV92n7nHtyMeKlr/pusHf+ky/FP34/zPbZxrHbnlc3Wbd//Z2vlh4hXux7/RzNaydbzk2Pt82EsPys6/XXr2K+btT/o/qfHf2jr/o8k6+drm0/exvf7/qlttu6x/kfv5/+e5JN2eU/22LVqqzU/HrEn+bDz8YlHz83r+fZp/08c33r863b+p6H8aY/9v3X0x5d76v+Ajv/0Ex3/Jy/c++Cz7zZrv7fx74126UT2SC/jX687+DTvHQAAAAAAAOw2pYg4FEmpslYulSqV1e93HI0DpXqj2Tp5sbFweTrav5UdieFSPtN9eN33Icaz78Pm9YkN9cmIOBIRXw/tb9crU4369KA7DwAAAAAAAAAAAAAAAAAAALvEwU1+/5/6bWjQewc8c275DcW1bfz3405PwK7k/z8UVzna97gGCsj/fygu8Q/FJf6huMQ/FJf4h+IS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBX58+dS5eV5YfXp9L69NXFhdnG1VPTteZsZW5hqjLVmL9SmWk0Zuq1ylRjbrvXqzcaV8YnYuHaWKvWbI01F5cuzDUWLrcuXJqrztQu1NxnEAAAAAAAAAAAAAAAAAAAADo1F5dmq/V6bV5BYUeFcl74c3fsj0J/CoMemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkX8DAAD//yRANW8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4080, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x8b, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setresuid(0x0, 0xee01, 0x0)
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f00000001c0)="bf", 0x1, 0xfffffffffffffffd)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, 0xffffffffffffffff, 0x63)
add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
stat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getgroups(0x9, &(0x7f00000003c0)=[r4, r4, r4, r4, r4, r4, r4, r4, r4])
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), 0x0)
rt_sigprocmask(0x0, &(0x7f0000000080)={[0x1000]}, 0x0, 0x8)

7m12.164242507s ago: executing program 7 (id=1625):
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x800)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000980)={0x1, @pix_mp={0x8d2, 0x0, 0x34325852, 0x0, 0x4, [{0x0, 0xfffffffd}, {0x0, 0x7}, {0x0, 0x80000}, {0xffff7fff}, {0x8}, {0x0, 0x19c}, {0xfffffffc, 0x80001}]}})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001200)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r5}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x3, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x101}, 0x94)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000040)={0x191, 0x78, 0xa0, 0x3f, 0x32, 0x1c0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, 0x8, 0x4, 0x0, 0x2, 0xa})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f00000004c0)='cubic', 0x6)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x2, 0x4, @loopback, 0x7}, 0x1c)
shutdown(r7, 0x1)
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRES16=0x0], 0x1, 0xabd, &(0x7f0000000e00)="$eJzs3U2MW0cBAODx7nqz2x/ilIQuaWgTCm356abZLOEngqRKhETUVIhLpYpLlKYlIgSJIgFVJZKcuNGqChInfsSpl6ogJHpBUU9cKtFIFVJPhQMHoiAqcSiBxCj2zNvniZ1nb3btdfx90ux43szzzPM+P7+/eROAiTXV+ru8vFAL4fwbrxz+x0N/n78+5UBRotH6O1NK1UMItZieyd7vvel2fPX9F493i2thqfU3pcOTl4t57wwhnAk7w4XQCNvPX3z5raUnjp49cm7X26/uv7Q+Sw8AAJPl6xf2L2/765/v23LltfsPhk3F9LR/3ojpu+J+/8G445/2/6dCZ7pWCmWzWbmZGKbmO8tNdylXrqeelZvpUf9sVn+9R7lN4eb1T5emdVtuGGdpPW6E2tRiR3pqanGxfUweWsf1s7XF0ydPPfv8iBoKrLl/PxBC2FkKh851pjdaOLAB2rDK0NwAbRjLcHB4dV1pto18mYcUmptHvQUCaMuvF97gTH5m4dYU7zbTX/2XH5/qPj+sgWGv/wPVPzvi+oP6f3PWFoe1c7uuTWm50vforpjOryPk9y/1/v7lVzo6p+bXI+p9trPXdYRxub7Qq53TQ27HavVqf75e3K6+HOP0OXylI/eBju9P/j8dl/8x0N0H+fl/QRA2dggd6fqtvFdzxNsfYOPK75trpuujUX5fX56/qSJ/riJ/viL/jor8OyvyYZL97vs/DS/VVs535cf0g50PnyvOs90d4w8N2J78fOSg5+Pz+34Hdav15/cTw0b2h2NPnfjCM09fbN//XyvW/2txfU+HG4343boQC6Tzhfl59eLe/0ZnPVM9yt2TtefuLuVbr7d2lqttXXmfUNrO3NCOhc75Nvcqt6OzXCMrNx/DXNbefP/kjmy+tP8x3d71KOabyZa3ni3HbNaOtF3ZEuO8HbAa6fvb6/7/tH4uhHrt2ZOnTjwW02k9/dN0fdP16XuG3G7g1vXb/2chdPb/uauYXp8qbxc2r0yvtbcLr8f365y+VNRTml76UUu/c9+anm+VXzz+3VPPrPGyw6R7/kcvfPvYqVMnvufFql98dWM0Y5AX6bBlo7THi0Ff7FzvKka8YQLW3e4ft3cCHj35nWPPnXjuxOm9+/btXVra98W9y7tb+/W7y3v3ZWdG0FpgLa386I+6JQAAAAAAAAAAAEC/fnDk8MV33vz8u+3+/yv9/1L//3Tnb+r//5Os/3/eTz71g0/9ALd0yW+VyR6wOpuVq8fw4ay9W7N6tmXzfSTGxTh+sf9/qi5/rmtqz73Z9HqPZPY4gRuelzKbPYMkHy/w4zE+F+NfBxih2nz3yTG+yfOtax+U1vX0fIpSF96m5wOPj/R/a60NpUcapf7fXZ/r1KW/NuNlGD0WR72MQHf/nKjnf/9rZcFH3hahd5gZbn0/n9x1otlzL73fEWwA1saox/9M5z1TfPqPX5u7HlKxy493bi/z55fCIP7yTmd6o48/ud715+P2Dbv+US//sMf/LMa/63v7l42Y11hdvf/5xaV3S9WG7f3Wny9/eg701sHqvxLrT0vzcOiv/uavsvrzC0J9+m9W/x191n/D8u9YXf3/i/Wnj+2RB/utv93i2lRnO+az5UjX//LzxsnVbPnTsz1vUv83Xui2/KscqPFarB8mWdU4s+M6nkW2H1HstK9+/N/ozNqO/1s0Ntus5fdhfC6m04Y43eeQj3cyaPvT/RXpd2Bb9v61it834/+Oty/FuOr7kMb/TetjI/7kl9KtzzKl610+23EZ0xomxXsTdf1vWOFS+zBodfPPjb79wgChOb2K+Yr96hG3v9lsru8JrQojrZyRf/6jPk4Ydf2j/vyr5OP/5vvw+fi/eX4+/m+en4//m+fPx/9Qr/x8/N/888zH/83z783eNx8feKEi/6MV+du75xeH7fdVzL+jIv9jFfm7ivwDHSVS/v03nX+lXK/3v6ci/8GK/E9U5H+yIv+hivxHSvnlMaBT/qcq5r/dpf4ocfnrk7b8MMny/nm+/zA50vWfXt//rRX5wPj62Wt7Dj3922822v3/Z4vzIek63sGYrsfjpx/GdH7dO5TS1/PejOm/Zfkb/XwHTJL8+Rn57/vDFfnA+Er3efl+wwSqzXWfHOOq51b12s9nvHw6xp+J8Wdj/GiMF2O8O8Z7Yrw0pPaxPg69/vv9L9VWjvc3Z/n93k+e9wfqeE5UCGFvn+3Jzw8Mej97/hy/Qd1q/avsDgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAyU62/y8sLtRDOv/HK4aeOntx9fcqBokSj9XemlKoX84XwWIynY/zL+OLq+y8eL8fXYlwLS6EWasX08OTloqY7Qwhnws5wITTC9vMXX35r6YmjZ4+c2/X2q/svrd8nAAAAALe//wcAAP//di0VJA==")
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
ioctl$FITRIM(r8, 0xc0185879, &(0x7f0000000300)={0x0, 0x8, 0xf228})

7m8.681203958s ago: executing program 7 (id=1632):
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
listen(0xffffffffffffffff, 0x3)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x402043, 0x0)
setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a0000000200", 0x6)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000), 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000), 0x10)
setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000040)=0x47de, 0x4)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000080), 0x1)
sendto$inet6(r1, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @private2, 0x4}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x5, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$radio(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
fcntl$notify(0xffffffffffffffff, 0x402, 0x20)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$isdn(0x22, 0x2, 0x3)
bind$isdn(r3, &(0x7f0000000200)={0x22, 0x7f, 0x6, 0x3, 0x5}, 0x6)

7m3.992316262s ago: executing program 7 (id=1641):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x80b02, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000080)={0x359, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", <r5=>0xffffffffffffffff})
socket$key(0xf, 0x3, 0x2)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
bind$inet(r6, 0x0, 0x0)
connect$inet(r6, 0x0, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, 0x0, 0x0)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=r2], 0x128}, 0x0)
dup3(r5, r4, 0x0)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r7, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r7, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r8 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r8, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

7m0.797174114s ago: executing program 7 (id=1645):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, 0x0, 0x118)
syz_open_procfs(0x0, &(0x7f0000000200)='net/netlink\x00')
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000000)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x7fffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x34, r5, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2000000}, @L2TP_ATTR_IFNAME={0x14}]}, 0x34}}, 0x40880)
r6 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$read(0xb, r6, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x14, 0xc, 0x4})

6m59.900635588s ago: executing program 7 (id=1649):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='stat\x00')
lseek(r1, 0x9, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$restrict_keyring(0x1d, 0x0, &(0x7f0000000340)='pkcs7_test\x00', 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESDEC=r0], 0x50)
r5 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0x4, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0x3677, 0x2, 0x1, 0x1, 0x400001, 0x6, 0x1000101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8, 0x8]})
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r6, &(0x7f0000000040), 0x12)
write(r6, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
syz_clone(0x44011400, &(0x7f00000003c0)="b8d66760bc0870ad3834c2eabc3d359a819561cb517b7714f47d11a2f175da420e7f9ceeffb0dbf9f919164a0762cf98125df4937181000000000000b139d07407de319f451dc4978accc886238862c1b0ede1b85191e06d59bbc98db860a0d4908bf1e555e2e0a6fc53a6e3aaf587d8223557f455443f1ffc7d13376bb4dc1c9e89f0b2015146ea53676242e70be79bd3f13fb62b465812c1a151fa1162d1", 0x9f, &(0x7f0000000000), 0x0, &(0x7f0000000e40))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)

6m58.789129033s ago: executing program 7 (id=1651):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x6f4b41)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$kcm(0xa, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x4008040)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(&(0x7f0000000140)='ceph\x00', 0x0, &(0x7f00000001c0)="bcfdc195f8b8fff0d7d38cebc3", 0xd, 0xfffffffffffffffe)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r5, &(0x7f0000000000)="240000001a00590214f9f407000904101f00000000000020000000000800040001000000", 0x24)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
socket$inet6(0xa, 0x80000, 0x7)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000000)={0x2, {0xb4, 0xef, 0x31c, 0x1ff, 0x7, 0x80000001}})
write$uinput_user_dev(r7, &(0x7f0000000800)={'syz1\x00', {}, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x64c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
setsockopt$sock_attach_bpf(r1, 0x29, 0x10, 0x0, 0x1300)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000001380)=@in6={0xa, 0x6e21, 0x0, @loopback, 0x1000000}, 0x80, 0x0}, 0x2004c849)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e21, 0xcede, @remote, 0x8000}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x3)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080))

6m54.440281595s ago: executing program 0 (id=1659):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x2f, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001a00e0ff25bd06c80b00020000280014000e0000000000000000000000000000b9c6f927bf1dd4b52ab29027225f20ec8fef3b0f3a7a51befd2a565c84048d70aa8b2cfc44"], 0x24}, 0x1, 0x0, 0x0, 0x200080d0}, 0x800)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioperm(0x0, 0x2, 0x7e)
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x88fd537e5c114b6e, 0x12, r2, 0x65229000)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x4e0cdd70e9af79cd, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$proc_mixer(0xffffffffffffffff, 0x0, 0xb8)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='sched\x00')
write$binfmt_elf64(r6, 0x0, 0x3c8)
r7 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_DECODER_CMD(r7, 0xc0485660, &(0x7f0000000040)={0x2, 0xd83dcf4eff3968a0, @raw_data=[0x1, 0xff, 0xa674, 0x8, 0x7, 0x3, 0xffff, 0x0, 0x7ff, 0x4, 0x97c3, 0x76, 0x10000, 0x5, 0x9, 0x6]})
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000000640)=@security={'security\x00', 0x64, 0x4, 0x2a0, 0x100000c, 0xc0, 0xc0, 0x0, 0xffffffff, 0xffffffff, 0x208, 0x208, 0x208, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @rand_addr=0x64010100, 0xff000000, 0x0, 'veth0_vlan\x00', 'syzkaller1\x00', {}, {}, 0xff}, 0x0, 0x98, 0xc0, 0x0, {0x0, 0x1000000000000}, [@common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@ip={@remote, @multicast2, 0x0, 0x0, 'syz_tun\x00', 'lo\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x7f, 0x9, 0x4, 0x6, 0x1, 0x7f, 0x1, 0x40]}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x300)

6m50.8164161s ago: executing program 0 (id=1665):
mknod$loop(0x0, 0x8fff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@delalloc}, {@grpjquota_path={'grpjquota', 0x3d, './file1'}}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x557, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvbDb9rU2hFBWRQA9WajdN4o8KHupRtFjQe12SbSjZdEt2U5pYsD3YixcpgogF8a53j8V/wL+ioIUiJerBS2Q2M2ma3STbdOsG5/OBCe/tzO6btzPfl+/s22UCKKzR9E8p4sWI+CqJOBwRSbauHNnK0dXtlh9en0qXJFZWPv4jaW+X1vPXyp93MKu8EBG/fBFxstTZbnNxabZar9fms/pYa+7KWHNx6dSluepMbaZ2eWJy8sybkxPvvP1W3/r62vm/v/3o7vtnvjy+/M1P94/cTuJsHOrbq7fdWF8ZjdHsPRmOsxs2HO9vuwOXDHoH2JGhLM6HIx0DDsdQFvXA/9/nEbECFFQi/qGg8jwgv7Zffz1fBA/eW70A6ux/efWzkdjXvjY6sJw8dmWUXu+O9KH9tI2ff79zO11iw+cpAM/SjZsRcbpc7hz/kmz827nTPWyzsQ3jH/x37qb5z+vd8p/SWv4TXfKfg11idye2j//S/T40s6k0/3u3a/67Nmk1MpTVnmvnfMPJxUv1Wjq2PR8RJ2J4b1rfaj7nzPK91Tx7f+e69flfuqTt57lgth/3y3sff850tVV92n7nHtyMeKlr/pusHf+ky/FP34/zPbZxrHbnlc3Wbd//Z2vlh4hXux7/RzNaydbzk2Pt82EsPys6/XXr2K+btT/o/qfHf2jr/o8k6+drm0/exvf7/qlttu6x/kfv5/+e5JN2eU/22LVqqzU/HrEn+bDz8YlHz83r+fZp/08c33r863b+p6H8aY/9v3X0x5d76v+Ajv/0Ex3/Jy/c++Cz7zZrv7fx74126UT2SC/jX687+DTvHQAAAAAAAOw2pYg4FEmpslYulSqV1e93HI0DpXqj2Tp5sbFweTrav5UdieFSPtN9eN33Icaz78Pm9YkN9cmIOBIRXw/tb9crU4369KA7DwAAAAAAAAAAAAAAAAAAALvEwU1+/5/6bWjQewc8c275DcW1bfz3405PwK7k/z8UVzna97gGCsj/fygu8Q/FJf6huMQ/FJf4h+IS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBX58+dS5eV5YfXp9L69NXFhdnG1VPTteZsZW5hqjLVmL9SmWk0Zuq1ylRjbrvXqzcaV8YnYuHaWKvWbI01F5cuzDUWLrcuXJqrztQu1NxnEAAAAAAAAAAAAAAAAAAAADo1F5dmq/V6bV5BYUeFcl74c3fsj0J/CoMemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkX8DAAD//yRANW8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4080, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
syz_usb_connect$cdc_ncm(0x4, 0x8b, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setresuid(0x0, 0xee01, 0x0)
pipe2$watch_queue(&(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
r5 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f00000001c0)="bf", 0x1, 0xfffffffffffffffd)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0x63)
r6 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r6, r4, 0x1010000000000e1)
keyctl$KEYCTL_WATCH_KEY(0x20, r6, r3, 0xffffffff)
stat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r7=>0x0, <r8=>0x0})
getgroups(0x9, &(0x7f00000003c0)=[r8, <r9=>r8, r8, r8, r8, r8, r8, r8, r8])
keyctl$chown(0x4, r5, r7, r9)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), 0x0)
rt_sigprocmask(0x0, &(0x7f0000000080)={[0x1000]}, 0x0, 0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

6m46.925321328s ago: executing program 0 (id=1670):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1d879930}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r6, @ANYBLOB], 0x38}}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22}, 0x21)
pipe(0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0x20000a, 0x20002f7})
socket$inet_sctp(0x2, 0x1, 0x84)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf, 0x0)
shutdown(0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='veno', 0x4)
sendto$inet(r0, 0x0, 0x0, 0xb, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e0000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000100b000085000000a000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r7, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xa3d8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

6m45.253808875s ago: executing program 0 (id=1673):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='stat\x00')
lseek(r1, 0x9, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$restrict_keyring(0x1d, 0x0, &(0x7f0000000340)='pkcs7_test\x00', 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESDEC=r0], 0x50)
r5 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0x4, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0x3677, 0x2, 0x1, 0x1, 0x400001, 0x6, 0x1000101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8, 0x8]})
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r6, &(0x7f0000000040), 0x12)
write(r6, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
syz_clone(0x44011400, &(0x7f00000003c0)="b8d66760bc0870ad3834c2eabc3d359a819561cb517b7714f47d11a2f175da420e7f9ceeffb0dbf9f919164a0762cf98125df4937181000000000000b139d07407de319f451dc4978accc886238862c1b0ede1b85191e06d59bbc98db860a0d4908bf1e555e2e0a6fc53a6e3aaf587d8223557f455443f1ffc7d13376bb4dc1c9e89f0b2015146ea53676242e70be79bd3f13fb62b465812c1a151fa1162d1", 0x9f, &(0x7f0000000000), 0x0, &(0x7f0000000e40))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)

6m43.506651335s ago: executing program 41 (id=1651):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x6f4b41)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$kcm(0xa, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x4008040)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(&(0x7f0000000140)='ceph\x00', 0x0, &(0x7f00000001c0)="bcfdc195f8b8fff0d7d38cebc3", 0xd, 0xfffffffffffffffe)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r5, &(0x7f0000000000)="240000001a00590214f9f407000904101f00000000000020000000000800040001000000", 0x24)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
socket$inet6(0xa, 0x80000, 0x7)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000000)={0x2, {0xb4, 0xef, 0x31c, 0x1ff, 0x7, 0x80000001}})
write$uinput_user_dev(r7, &(0x7f0000000800)={'syz1\x00', {}, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x64c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
setsockopt$sock_attach_bpf(r1, 0x29, 0x10, 0x0, 0x1300)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000001380)=@in6={0xa, 0x6e21, 0x0, @loopback, 0x1000000}, 0x80, 0x0}, 0x2004c849)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e21, 0xcede, @remote, 0x8000}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x3)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080))

6m43.435406148s ago: executing program 0 (id=1677):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r0, 0x0, 0x0, 0x0, 0x2)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = socket(0x22, 0x2, 0x3)
getsockopt$packet_buf(r3, 0x107, 0x1, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_GET(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000540000000e0002006e657464657673696d0000000f0002006e6d7464657673696d3000000800030000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1b, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x800}}, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
r6 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r6, 0x1, 0x50, &(0x7f0000000100), 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xc, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r7=>0xffffffffffffffff})
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r9=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r9, <r10=>0xffffffffffffffff})
ppoll(&(0x7f0000000000)=[{r10}], 0x1, 0x0, 0x0, 0x0)
close_range(r2, r10, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r11, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

6m38.065146349s ago: executing program 0 (id=1686):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x6f4b41)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$kcm(0xa, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x4008040)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(&(0x7f0000000140)='ceph\x00', 0x0, &(0x7f00000001c0)="bcfdc195f8b8fff0d7d38cebc3", 0xd, 0xfffffffffffffffe)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r5, &(0x7f0000000000)="240000001a00590214f9f407000904101f00000000000020000000000800040001000000", 0x24)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
socket$inet6(0xa, 0x80000, 0x7)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000000)={0x2, {0xb4, 0xef, 0x31c, 0x1ff, 0x7, 0x80000001}})
write$uinput_user_dev(r7, &(0x7f0000000800)={'syz1\x00', {}, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x64c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
setsockopt$sock_attach_bpf(r1, 0x29, 0x10, 0x0, 0x1300)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000001380)=@in6={0xa, 0x6e21, 0x0, @loopback, 0x1000000}, 0x80, 0x0}, 0x2004c849)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e21, 0xcede, @remote, 0x8000}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x3)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080))

6m21.907835069s ago: executing program 42 (id=1686):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x6f4b41)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$kcm(0xa, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x4008040)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(&(0x7f0000000140)='ceph\x00', 0x0, &(0x7f00000001c0)="bcfdc195f8b8fff0d7d38cebc3", 0xd, 0xfffffffffffffffe)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r5, &(0x7f0000000000)="240000001a00590214f9f407000904101f00000000000020000000000800040001000000", 0x24)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
socket$inet6(0xa, 0x80000, 0x7)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000000)={0x2, {0xb4, 0xef, 0x31c, 0x1ff, 0x7, 0x80000001}})
write$uinput_user_dev(r7, &(0x7f0000000800)={'syz1\x00', {}, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x64c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
setsockopt$sock_attach_bpf(r1, 0x29, 0x10, 0x0, 0x1300)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000001380)=@in6={0xa, 0x6e21, 0x0, @loopback, 0x1000000}, 0x80, 0x0}, 0x2004c849)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e21, 0xcede, @remote, 0x8000}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x3)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080))

6m0.832601495s ago: executing program 5 (id=1744):
socket$caif_seqpacket(0x25, 0x5, 0x10001)
munmap(&(0x7f00000f0000/0x3000)=nil, 0x3000)
r0 = accept(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, &(0x7f0000000280)=0x80)
accept4$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000340)=0x1c, 0x80800)
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x440, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@getqdisc={0x30, 0x26, 0x1, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xffff}, {0x5, 0xfff1}, {0xc, 0x4}}, [{0x4}, {0x4}, {0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000400000000000000000000850000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r6, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x325, 0x400, 0x0, {0x8}}, 0x14}}, 0x4800)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xc8}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x4, &(0x7f0000000000)=0x1)

5m59.538092512s ago: executing program 5 (id=1745):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
accept4(r0, &(0x7f0000000200)=@caif=@rfm, 0x0, 0x80000)
sendmmsg$inet(r0, &(0x7f0000003600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x8b, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x10000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
setresuid(0x0, 0xee01, 0x0)
keyctl$chown(0x4, 0x0, 0xee01, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={<r2=>0x0}, &(0x7f0000000180)=0xc)
move_pages(r2, 0x1, &(0x7f00000001c0)=[&(0x7f0000ffc000/0x3000)=nil], &(0x7f0000000080)=[0x8, 0x518a, 0x7, 0x0], &(0x7f00000000c0)=[0x0], 0x0)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000780)={[0x0, &(0x7f0000000380)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000480)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000580)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000840)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}, &(0x7f0000000a80)={[&(0x7f0000000000)='.^*%$\'-\\:\x00']})
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
ioctl$BTRFS_IOC_BALANCE(r1, 0x5000940c, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000080)={[0x1000]}, 0x0, 0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0)

5m52.28503529s ago: executing program 5 (id=1756):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000040)})
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d00000085000000500000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x401, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
r5 = openat$audio(0xffffff9c, &(0x7f00000004c0), 0x800, 0x0)
ioctl$SNDCTL_DSP_GETISPACE(r5, 0x8010500d, &(0x7f0000000500))
socket$nl_route(0x10, 0x3, 0x0)
memfd_create(0x0, 0x7)
r6 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000000c0)={@private0, 0x0, 0x0, 0x1, 0x1}, 0x20)

5m51.253487382s ago: executing program 5 (id=1757):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x2f, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001a00e0ff25bd06c80b00020000280014000e0000000000000000000000000000b9c6f927bf1dd4b52ab29027225f20ec8fef3b0f3a7a51befd2a565c84048d70aa8b2cfc44"], 0x24}, 0x1, 0x0, 0x0, 0x200080d0}, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioperm(0x0, 0x2, 0x7e)
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x88fd537e5c114b6e, 0x12, 0xffffffffffffffff, 0x65229000)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x4e0cdd70e9af79cd, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$proc_mixer(0xffffffffffffffff, 0x0, 0xb8)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='sched\x00')
write$binfmt_elf64(r4, 0x0, 0x3c8)
r5 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_DECODER_CMD(r5, 0xc0485660, &(0x7f0000000040)={0x2, 0xd83dcf4eff3968a0, @raw_data=[0x1, 0xff, 0xa674, 0x8, 0x7, 0x3, 0xffff, 0x0, 0x7ff, 0x4, 0x97c3, 0x76, 0x10000, 0x5, 0x9, 0x6]})
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000640)=@security={'security\x00', 0x64, 0x4, 0x2a0, 0x100000c, 0xc0, 0xc0, 0x0, 0xffffffff, 0xffffffff, 0x208, 0x208, 0x208, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @rand_addr=0x64010100, 0xff000000, 0x0, 'veth0_vlan\x00', 'syzkaller1\x00', {}, {}, 0xff}, 0x0, 0x98, 0xc0, 0x0, {0x0, 0x1000000000000}, [@common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@ip={@remote, @multicast2, 0x0, 0x0, 'syz_tun\x00', 'lo\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x7f, 0x9, 0x4, 0x6, 0x1, 0x7f, 0x1, 0x40]}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x300)

5m49.419758517s ago: executing program 5 (id=1760):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000640)=0x10)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa006ddd60a7751a00003a6cfe880000000000000000000000000001ff020000000000000000000000000001"], 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000440)={'ip6_vti0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x50bd2f, 0xfffffffc, {0x60, 0x0, 0x0, r5, {0x0, 0x8}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x3004408c)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000180)={0x7, 0x100, {r3}, {}, 0x0, 0x8})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000300)={{@hyper, 0x800000}, @my=0x1, 0x0, 0x0, 0x3, 0xfffffffffffffffe})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f00000000c0)={{@host, 0x7}, @any, 0x0, 0x200000000000, 0x1, 0x6, 0x7fff, 0xfffffffe, 0x6})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000400)={'veth0_to_batadv\x00'})
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r7, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2e, 0x0, 0x0, 0x200, 0xfe, 0x0, 0x1, 0x7, 0x2, 0x1, 0x0, 0xfffff7fc, 0x2, 0x0, 0x0, 0xfffffffa, [0xfffffffa, 0x80]}})
close(r6)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x800, &(0x7f00000003c0)=ANY=[@ANYRES16=r1], 0x1, 0x24c, &(0x7f0000000500)="$eJzs3cFqE1EUBuCTNm2n3di1uBhw01VR3yBIBHFAiMxCVw5UN60IKcjoKo/RZ+gj+RhZdTeiE0xMg6BMO0nm+yDMIT8Xzt3kZnFu8v7Rp/Ozz5cfq+9XkSRp9CMmcRNxHDuxG7XewrMX+7FoEgDAphmNikHbPdCg3q13DiOi2IuIg1tRfn1PXQEAAAAAAAAAANCwf5n/3zH/DwBbwfz/9huPB8XR7Pvbn8z/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO25qaoH1V9ebfcHADTP+Q8A3eP8B4Ducf4DQPe8efvu1SDLhqM0TSKmkzIv8/pZ5y9eZsMn6S/H81XTssz3ZnU2fFrn6XJ+NFv/bGW+HyeP6/xn9vx1tpQfxNldbx4AAAAAAAAAAAAAAAAAAADWxGn628L9/l5E7Nb56ap8Wq74fYCl+/v9eNi/t20AAAAAAAAAAAAAAAAAAADARrv8+u28uLj4MN644vrk6ssatLGVxWH8x6ok1qN5RSNF259MAAAAAAAAAAAAAAAAAADQPfNLv213AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADtmf///90Vbe8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6IYfAQAA//+BtY57")

5m46.884895757s ago: executing program 5 (id=1762):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x6f4b41)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$kcm(0xa, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x4008040)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(&(0x7f0000000140)='ceph\x00', 0x0, &(0x7f00000001c0)="bcfdc195f8b8fff0d7d38cebc3", 0xd, 0xfffffffffffffffe)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r5, &(0x7f0000000000)="240000001a00590214f9f407000904101f00000000000020000000000800040001000000", 0x24)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
socket$inet6(0xa, 0x80000, 0x7)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000000)={0x2, {0xb4, 0xef, 0x31c, 0x1ff, 0x7, 0x80000001}})
write$uinput_user_dev(r7, &(0x7f0000000800)={'syz1\x00', {}, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x64c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
setsockopt$sock_attach_bpf(r1, 0x29, 0x10, 0x0, 0x1300)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000001380)=@in6={0xa, 0x6e21, 0x0, @loopback, 0x1000000}, 0x80, 0x0}, 0x2004c849)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e21, 0xcede, @remote, 0x8000}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x3)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080))

5m31.151763863s ago: executing program 43 (id=1762):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x6f4b41)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$kcm(0xa, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x4008040)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(&(0x7f0000000140)='ceph\x00', 0x0, &(0x7f00000001c0)="bcfdc195f8b8fff0d7d38cebc3", 0xd, 0xfffffffffffffffe)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r5, &(0x7f0000000000)="240000001a00590214f9f407000904101f00000000000020000000000800040001000000", 0x24)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
socket$inet6(0xa, 0x80000, 0x7)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000000)={0x2, {0xb4, 0xef, 0x31c, 0x1ff, 0x7, 0x80000001}})
write$uinput_user_dev(r7, &(0x7f0000000800)={'syz1\x00', {}, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x64c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
setsockopt$sock_attach_bpf(r1, 0x29, 0x10, 0x0, 0x1300)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000001380)=@in6={0xa, 0x6e21, 0x0, @loopback, 0x1000000}, 0x80, 0x0}, 0x2004c849)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e21, 0xcede, @remote, 0x8000}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x3)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080))

7.362977769s ago: executing program 8 (id=3072):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100000000fddbdf252b00000008000300", @ANYRES32=r2, @ANYBLOB="040046000500340040000000080026006c090000240051802000008009000100b168fa31670000000800030005ac0f0005000200"], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

7.211275608s ago: executing program 8 (id=3073):
timer_create(0xfffffffffffffff8, 0x0, &(0x7f0000000100)=<r0=>0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000080)={0x0, 0x2})
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r6, &(0x7f00000004c0)={0x293, 0x7d, 0x0, {{0x500, 0xf0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0x2020)
timer_settime(r0, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_create(0xfffffffffffffff8, 0x0, &(0x7f0000000100)=<r7=>0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r8=>0x0, <r9=>0x0})
timer_settime(r7, 0x0, &(0x7f0000000080)={{}, {r8, r9+10000000}}, 0x0)
timer_delete(r7)

6.231876908s ago: executing program 8 (id=3075):
r0 = socket(0x80000000000000a, 0x2, 0x0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f00000000c0))
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaa0600aaaa0180c2000000080045000044000000000021907800000000ffffffff050090780a0101"], 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000640)=0x8000)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb7}}}, 0x1c)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
memfd_create(&(0x7f0000000040)='\x01\xfd\xae.+\xa6\x8c\xf8\xff2\x199\x94S,|\x99x?Ue[\xbd\xe1!\x03[d \xa0\x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xd3\a\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\xfa\x18\x8dR\xbb\xea5F\x00G\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xccV\xa6w%\x06\x19\x7f\xc3\xb3O\xe5t3\x03\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6x\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00p+\x96\x1ei|n\xda\xee\x01\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\x9f\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\xf4\xcd\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\ti\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x17&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\b\x00\x00\x00\x00\x00\x00\x00\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\xbfM.\xe3\x84\x82\x9c\x91\a\x9b\x191c\xaeLz\xe0\x04Daz\x8d\xc3\x03\xab\x8dEGC$\x00e,\x94#\xcd4\xf9\x05\x88.\x13\x03\x04\xdb\x00\x00\x00\x00\x00', 0x4)
r7 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

6.107138555s ago: executing program 4 (id=3076):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000040)})
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d0000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x401, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0)
r5 = openat$audio(0xffffff9c, &(0x7f00000004c0), 0x800, 0x0)
ioctl$SNDCTL_DSP_GETISPACE(r5, 0x8010500d, &(0x7f0000000500))
socket$nl_route(0x10, 0x3, 0x0)
memfd_create(0x0, 0x7)
r6 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000000c0)={@private0, 0x0, 0x0, 0x1, 0x1}, 0x20)

4.961886598s ago: executing program 4 (id=3083):
r0 = socket$inet6(0xa, 0x3, 0x8)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e24, 0x2, @empty}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0)

4.693260068s ago: executing program 6 (id=3086):
syz_io_uring_setup(0x118d7, &(0x7f0000000040)={0x0, 0x9be9, 0x800, 0x0, 0x25a}, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000002280))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x100004, 0xffff, 0x1, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2, r0}, 0x38)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x2a3})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48090}, 0xc001)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000180)={&(0x7f0000a3e000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, 0x1000, 0x1, 0x2})
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES8], 0x50)

4.338077032s ago: executing program 2 (id=3088):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x181000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000300)=0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x11)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

4.314159426s ago: executing program 6 (id=3089):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010000000000000000008e00000008000300", @ANYRES32=r2], 0x1c}}, 0x0)

4.076879357s ago: executing program 2 (id=3090):
prctl$PR_SET_NAME(0xf, &(0x7f0000000040)='\x04\x00\x00\x00\xb2 b\x00O\x03\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000010850000006d00000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000400)='mm_migrate_pages\x00', r0, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000c00)=0xc, 0x6, 0x2)

4.025382421s ago: executing program 6 (id=3091):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x80b02, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000080)={0x359, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", <r5=>0xffffffffffffffff})
socket$key(0xf, 0x3, 0x2)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
bind$inet(r6, 0x0, 0x0)
connect$inet(r6, 0x0, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, 0x0, 0x0)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=r2], 0x128}, 0x0)
dup3(r5, r4, 0x0)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r7, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x200, 0x4)
bind$inet6(r7, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r8 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r8, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

3.98284695s ago: executing program 2 (id=3092):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000000020ac050f02220001828301090224000101000000090400000203010200092100050001220000090581", @ANYRES16], 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
syz_usb_disconnect(r0)
read(r1, &(0x7f0000000040)=""/60, 0x3c)

3.913670398s ago: executing program 4 (id=3093):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x1, 0xff, 0x0, 0x0})

3.821958116s ago: executing program 8 (id=3094):
r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000a40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000ec0)={0x0, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0})

3.518005092s ago: executing program 1 (id=3096):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000540))
ptrace$cont(0x20, r0, 0xfffffffffffffffe, 0x200000000000000)

3.341168511s ago: executing program 1 (id=3097):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000003c0)={0x20, r2, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x24004084}, 0x4000000)

3.195566256s ago: executing program 1 (id=3098):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x18)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x8d87a000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000280)={0xa, 0x0, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000040), 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000000406010200000000000000000000000105"], 0x24}, 0x1, 0x0, 0x0, 0x20000020}, 0x800)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
preadv2(r4, &(0x7f0000000300)=[{&(0x7f00000005c0)=""/272, 0x110}], 0x1, 0x4, 0x0, 0x0)
ioctl$VIDIOC_S_STD(r4, 0x40085618, &(0x7f0000000140)=0x200000)
openat$comedi(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)

3.04063537s ago: executing program 2 (id=3099):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYRES64=0x0], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3M1rI2UYAPAn/djtfrgW8eBtBxahhU1o+rHoreoufmCXsurBk6ZJGrKbZEqTprUnDx7Fg/+JKHjy6N/gwbM38aB4E5TMTHXrBwhNm+3294PJM++bN888b1gWnpmSAC6s+eTXn0txI65ExHREXI/IzkvFkVnPwwsRcTMiph47SsX8nxOXIuJqRNwYJc9zloq3Pr89vLX201u/fPPd5ZlrX3z9/eR2DUzaixHR3cnP97t5TFt5fFjM14btLHZXh0XM3+g+KsZpHvebW1mG/drRuloWV1r5+nRnrz+K251afRRb7e1sfqeXX7A/bB3lyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsoSx+DwVHM55sHzXw/O4+yWO8Nivk8b9poHozisIjF5aKedhpZHVsn+aafbG+3e3sHybC522+nvWStUn2pUr1Tru6mjeaguVqudRt3VpOFVme0rDxo1rrrrTRtdZqVetpdTBZa9Xq5Wk0W7ja32rVeUq1WVipL5bXF4ux28vr995JOI1kYxVfbvb1Bu9NPttPdJP/EYrJcWXl5MblVTd7Z2Ew2H9y7t7H57gd337//ysabrxWL/lFWsrC8tLxcri6Vl6uLF2j/nxRFj3H/cCKlSRcAcP7o/4FJOL3+f/dBxOn3/6H/H4tz1f9e9P7/FPYPJ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sH6Y/fKN7GQ+H18r5p8ppp4rxqWImIqI3//FdFw6lnO6yDP7H+tn/1bDt6XIMoyucbk4rkbEenH89uxpfwsAAADw9Prq45uf5d16/jI/6YI4S/lNm6nrH44p31xEzM7/OKZsU6OX58eULPv3PRMHY8qW3cCaG1Oy/JbbzLiy/S/Tx8LcY6GUh6kzLQcAADgTxzuBs+1CAAAAOEufTroAJqMUR48yj54FZ395/9cDwSvHRgAAAMA5VJp0AQAAAMCpy/p/v/8HAAAAT7f89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3bu5zZxIIoD8LPBC/tPi1Z731b2BmVsCXvcY0QBaYICciAtpAFqILeUEEGExyEQcYjksa1E3yc5k7HMjzcIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KX7ar24vfp93TZnt28nz2gAAACAS7bVelH/M0v9r839782tn02/iIgyIi7N3Ufx6Sxz1ORUL8/fnD5fvarhLqJOOLzHpLm+RMSf5nr80fWnAAAAAB/XZrmap9l6+jMbuiD6lBZtym9/M+UVEVHNHjKllYe8X5nC6u/3OP5nSqsXsKaZwtKS2zhX2pvUP/fjqt30pClSU1582bHIbGMHAAB6NDpr+p2FAAAA0Kd/QxfAMIp43so8bgVOUtNs730+6wEAAADvUDF0AQAAAEDn6vl/T+f/7Z3/BwAAAMNI5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21XmyWq3nbnN2+nTyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5n9c4qjgA4G9mdra2Kq5R9hARBQ96sdttbe1NPCjBg3+CENJtjd36o83BliLm4k1y7kX0KCIo8db/IecEcom3HPYQwbMyszPZyQ9w/TWzST4fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBp9PYkTrJDZxzHxbnNvYdLWb91qM88Xtuez1oWR3UmfTK8WP0QdZtLBAAAgLMjKev7EMJOur6Q9XEnr//T8pqs5v/26XFc1vOH6/6yL2v/rP3y8+7z+wN1xuNkN725PBxcOppK6/+b5Wx75i+vaOVPPn/3kuRfSPze6nOjNH+e0dcbG++08/BcHdkCAP/ExbIvgvL3oazvN5kYAGdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6jFbDk2UchRDmW5M4s7X3cOm4/vHa9nzZrj16tBa+nNwzu0UaQri5PBxcqnU2s+3e/Qe3F4fDwd36g5dCCE2N/lYx/dsfTHFxCI08H8F/FMTFlz0r+ZyMoMEfSgAAnEpp0bK6fiddX8jORXMh/PHdwfr/1Uocpqz/dz+8tlkdq1r/92ub4ezrrdz5tHfv/oPXl+8s3hrcGnz8xuX+m/0r169evd7L35X0vDEBAADg32kXrVr/x3NH1/8vVOIwZf3/2Tf9L6pjJer/Y00W/ZrOBAAA4Gx79uXff4uOOR+12+HzxZWVu/3xcf/z5fGxgVT/tnNFq9b/yVzTWQEAAAB1GK1GB9b/b1TiMOX6/1Pfv/Bj9Z5JCOF8sf5/cemT4Y36pjPT6vhz4qbnCAAAQLPOF626/p/m+//j/S0PcQjhtVfGcfFvAKeq/5N3v/qhOlZ1//+V+qY4k+Lu+HnkfTeEVrfpjAAAADjNnihaVuz/mq4vfPTThffb9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O3PAAAA//9WwT6Z")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101142, 0xeaff)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz0\x00', {0x7, 0x5, 0x6, 0xfffa}, 0x1d, [0x2, 0x4, 0x6, 0x9, 0x7f, 0x401, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d3b, 0x1dd2, 0x5, 0x6, 0x0, 0x80000000, 0x4, 0x7, 0x3, 0x3c5b, 0x3, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x2, 0x9, 0x5, 0x7fff, 0x4c74, 0x23, 0x4, 0x7, 0xa, 0x0, 0x71, 0x7, 0x7, 0x3, 0x0, 0x5, 0x40, 0x91, 0x6, 0xfffffff9, 0x3, 0xb, 0x4, 0x8, 0x0, 0x80, 0x0, 0xa, 0x6, 0x8, 0xfffffff9, 0x1, 0x40], [0x10000007, 0xc, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xf, 0xf9, 0x3, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x7691, 0xe4, 0x5, 0x80, 0xe, 0x312, 0x8000, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0xb, 0x401, 0x39f, 0x6, 0xfffffffd, 0x100, 0x1005, 0x2, 0x5f31, 0x3, 0x0, 0x5, 0x8, 0x9, 0x4, 0x9, 0x8, 0x9, 0x3ff, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x8, 0x8, 0x1, 0x7, 0xb, 0x9, 0x48c92690, 0x6, 0xff], [0x7, 0x6, 0x9, 0x64e, 0xfffffdfe, 0x80010002, 0x8d2, 0x9, 0x1, 0x7eff, 0x0, 0x5, 0xb, 0x0, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x7f, 0x86, 0x3, 0x10000009, 0x3e7, 0x80000b, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x200, 0x200, 0x7, 0x3, 0xfffffffe, 0x14, 0x0, 0x60000000, 0x1000007, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0x0, 0x200, 0xffffffff, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0x3e, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x800], [0x2, 0xbb2f, 0x0, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x401, 0x7, 0x3, 0x800, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7fff7ffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0x10000, 0x0, 0x8, 0x100, 0x4, 0x7fff, 0x2, 0x4, 0x6, 0x100, 0x10000, 0x5, 0x184d99e8, 0x2b91, 0xa1f, 0x7f, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x28, 0xb1c, 0x4c400000, 0x200, 0xffff3441, 0xfff]}, 0x45c)
rename(&(0x7f00000003c0)='./file1\x00', &(0x7f0000001200)='./file2\x00')

2.237171715s ago: executing program 4 (id=3100):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10)
recvfrom(r0, 0x0, 0x94, 0x10101, 0x0, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000300)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x68, 0x0, 0x0, 0x88, 0x0, @remote, @local}, {0xfffe, 0x4e24, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "497a1d08fd3d0ee007022798bb6374ed840b4f36f41fc4d035e9ebe414aa958d", "4bbef5e4007898221aa606d083cd59745493938f1e2de8fdadd3823fedd2c01b2aff03050a4ca5d10fd1b6b06f47ea42", "ef7c9d6a98e3943f6892078bb952854743fe4dddd2e7c0ce70a4ac7d", {"b851525b16af17fe87acbae2ab0b233d", "01422d01cd53c3abe94331d0b7918724"}}}}}}}, 0x0)

2.112505845s ago: executing program 1 (id=3101):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0x1c}], 0x1}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x8001, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r10, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)

2.028715016s ago: executing program 4 (id=3102):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f00000005c0)={[{@jqfmt_vfsold}, {@orlov}, {@user_xattr}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@nodiscard}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=")
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

2.002910527s ago: executing program 6 (id=3103):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000140)="f1a0fa9090d465b080d9209c8845fdcaef275aaa15abcd5cd1153a72ef30f13819e7e8929f54ba0f61cab747ec572e7721478ce702eaa7b41015c3215e1643c7ec", 0x41}], 0x1}}], 0x1, 0x4000)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f00000001c0)={[{@part={'part', 0x3d, 0x500f}}, {@nodecompose}, {}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@umask={'umask', 0x3d, 0x6}}, {@nls={'nls', 0x3d, 'cp949'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb")
setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB='osx.'], 0x0, 0x0, 0x0)
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)

1.307166866s ago: executing program 8 (id=3104):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, {0x14, 0x1, 0x0, 0x1, @synproxy={{0xd}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}}], {0x14}}, 0xc8}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)

1.177037939s ago: executing program 6 (id=3105):
timer_create(0xfffffffffffffff8, 0x0, &(0x7f0000000100)=<r0=>0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000080)={0x0, 0x2})
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r6, &(0x7f00000004c0)={0x293, 0x7d, 0x0, {{0x500, 0xf0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0x2020)
timer_settime(r0, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_create(0xfffffffffffffff8, 0x0, &(0x7f0000000100)=<r7=>0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r8=>0x0, <r9=>0x0})
timer_settime(r7, 0x0, &(0x7f0000000080)={{}, {r8, r9+10000000}}, 0x0)
timer_delete(r7)

1.175319863s ago: executing program 1 (id=3106):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001700)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000080)="df33c9f7b9a600000000e32853c3", 0x0, 0xfffffbff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

913.788325ms ago: executing program 8 (id=3107):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x5b23, 0x0)

832.457342ms ago: executing program 2 (id=3108):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={0x30, r2, 0x3, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_FLAGS={0x8, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}]}]}, 0x30}}, 0x4)

240.594005ms ago: executing program 4 (id=3109):
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x94, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==")
setreuid(0x0, 0xee00)
socket$kcm(0x10, 0x2, 0x4)
fchownat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x100)

106.616968ms ago: executing program 6 (id=3110):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1c, "ff9f020bbe82b398b1c4369d03740250ceaac594b1b3d741dd17c1ac0d38ef2a565ef1e8336300", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xfffffffffffffffe]}})
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x11, 0x4, "89753015418ab0cb0900245518580ce0c8bf604cca41f31c108938fcfa393ef569e0bcf244bb4b23555b130900000000000000d0f08e8ad896ba67a07673defa", "8b609009aaa722681a1e2513d754f688a9e306ee1dba533f02e1b69da6e26ec889fee40080000027cc7d24fdc26f1a95d702020000e4b8fb1703e47463b969e4", "ca1bf5ffffffffffffff6570128218c1d22915ff6eddb1000080040770000008", [0xa, 0xfffffffffffffff7]})

93.011577ms ago: executing program 2 (id=3111):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000008c0)={0x64, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x3c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x5e}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

0s ago: executing program 1 (id=3112):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@getqdisc={0x24, 0x26, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0xffe6, 0xffd3}, {0x8, 0xfff1}, {0xfff3, 0x3}}}, 0x24}}, 0x0)

kernel console output (not intermixed with test programs):

d: -22
[ 1238.286221][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.424590][   T30] audit: type=1326 audit(1763569118.887:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16485 comm="syz.4.1862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1238.447511][ T9617] Bluetooth: hci1: unexpected event for opcode 0x0c6d
[ 1238.465574][   T30] audit: type=1326 audit(1763569118.887:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16485 comm="syz.4.1862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1239.454840][   T30] audit: type=1326 audit(1763569118.887:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16485 comm="syz.4.1862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1239.477433][   T30] audit: type=1326 audit(1763569118.937:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16485 comm="syz.4.1862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1239.499883][   T30] audit: type=1326 audit(1763569118.937:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16485 comm="syz.4.1862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1240.806435][ T3961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1240.846434][ T3961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1241.019738][T16348] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1241.052819][T16348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1242.872044][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1242.872060][   T30] audit: type=1326 audit(1763569124.807:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1243.301463][T16562] siw: device registration error -23
[ 1243.325366][   T30] audit: type=1326 audit(1763569124.847:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1243.424419][   T30] audit: type=1326 audit(1763569124.847:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1243.547490][   T30] audit: type=1326 audit(1763569124.847:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1243.655637][   T30] audit: type=1326 audit(1763569124.867:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1243.730886][   T30] audit: type=1326 audit(1763569124.867:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1243.765267][   T30] audit: type=1326 audit(1763569124.887:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1243.861741][   T30] audit: type=1326 audit(1763569124.887:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1244.102655][   T30] audit: type=1326 audit(1763569124.887:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1244.126048][   T30] audit: type=1326 audit(1763569124.907:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.1.1873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1245.149418][T16315] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1246.023546][ T5834] Bluetooth: hci2: command 0x0406 tx timeout
[ 1246.096206][T16315] usb 9-1: Using ep0 maxpacket: 8
[ 1246.112153][T16315] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1246.175681][T16585] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1877'.
[ 1246.220175][T16315] usb 9-1: config 7 has an invalid descriptor of length 255, skipping remainder of the config
[ 1246.431915][T16315] usb 9-1: config 7 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1246.649880][T16315] usb 9-1: config 7 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1246.917905][T16315] usb 9-1: config 7 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1247.020319][T16315] usb 9-1: config 7 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1247.204185][T16315] usb 9-1: string descriptor 0 read error: -71
[ 1247.210555][T16315] usb 9-1: New USB device found, idVendor=0489, idProduct=e0b5, bcdDevice=ae.2a
[ 1247.312803][T16315] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1247.423871][T16315] usb 9-1: can't set config #7, error -71
[ 1247.448412][T16315] usb 9-1: USB disconnect, device number 2
[ 1247.612248][T16604] loop4: detected capacity change from 0 to 512
[ 1247.682067][T16607] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1882'.
[ 1248.468404][T16604] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.1884: inode has both inline data and extents flags
[ 1248.548348][T16604] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1884: couldn't read orphan inode 15 (err -117)
[ 1248.600895][T16604] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1248.863559][   T30] kauditd_printk_skb: 15 callbacks suppressed
[ 1248.863573][   T30] audit: type=1326 audit(1763569130.797:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1249.094224][ T6032] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1249.214386][T16625] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1249.424826][    C1] raw-gadget.0 gadget.8: ignoring, device is not running
[ 1249.466434][   T30] audit: type=1326 audit(1763569130.837:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1249.572745][ T6032] usb 9-1: device descriptor read/64, error -32
[ 1249.603924][   T30] audit: type=1326 audit(1763569130.967:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1249.637783][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1249.714552][   T30] audit: type=1326 audit(1763569131.017:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1249.829075][   T30] audit: type=1326 audit(1763569131.017:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1249.851974][ T6032] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 1250.598546][   T30] audit: type=1326 audit(1763569131.067:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1250.644168][ T6032] usb 9-1: Using ep0 maxpacket: 32
[ 1250.659789][   T30] audit: type=1326 audit(1763569131.067:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1250.707762][ T6032] usb 9-1: config 1 has an invalid interface number: 236 but max is 0
[ 1250.724513][ T6032] usb 9-1: config 1 has no interface number 0
[ 1250.730876][   T30] audit: type=1326 audit(1763569131.067:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1250.766839][ T6032] usb 9-1: config 1 interface 236 altsetting 2 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1250.954812][ T6032] usb 9-1: config 1 interface 236 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 0
[ 1250.973615][ T6032] usb 9-1: config 1 interface 236 has no altsetting 0
[ 1250.983878][   T30] audit: type=1326 audit(1763569131.287:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1251.046752][ T6032] usb 9-1: config 1 has an invalid interface number: 236 but max is 0
[ 1251.066703][T16640] siw: device registration error -23
[ 1251.559395][   T30] audit: type=1326 audit(1763569131.297:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16617 comm="syz.6.1886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002678f749 code=0x7ffc0000
[ 1251.592756][ T6032] usb 9-1: config 1 has no interface number 0
[ 1251.694954][ T6032] usb 9-1: config 1 interface 236 altsetting 2 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1251.724324][ T6032] usb 9-1: config 1 interface 236 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 0
[ 1251.743937][ T6032] usb 9-1: config 1 interface 236 has no altsetting 0
[ 1251.794751][ T6032] usb 9-1: string descriptor 0 read error: -71
[ 1251.813970][ T6032] usb 9-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=aa.6a
[ 1251.856744][ T6032] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1251.889792][T16645] loop4: detected capacity change from 0 to 64
[ 1251.903289][ T6032] usb 9-1: can't set config #1, error -71
[ 1251.918310][ T6032] usb 9-1: USB disconnect, device number 4
[ 1251.937624][T16646] loop8: detected capacity change from 0 to 8
[ 1251.961835][T16645] hfs: get root inode failed
[ 1251.995155][T16646] Major/Minor mismatch, older Squashfs 1.0 filesystems are unsupported
[ 1252.410182][T16657] siw: device registration error -23
[ 1254.556370][T16692] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1903'.
[ 1256.985845][T16705] xt_l2tp: v2 sid > 0xffff: 1114112
[ 1258.238800][T16718] loop6: detected capacity change from 0 to 764
[ 1258.498125][T16723] siw: device registration error -23
[ 1258.852806][T16725] loop8: detected capacity change from 0 to 1024
[ 1258.879097][T16725] EXT4-fs (loop8): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[ 1258.910694][T16725] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[ 1259.003931][T16725] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[ 1259.050018][T16725] EXT4-fs (loop8): external journal device major/minor numbers have changed
[ 1259.096544][T16725] EXT4-fs (loop8): filesystem has both journal inode and journal device!
[ 1260.104431][ T6032] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1260.474409][ T6032] usb 9-1: Using ep0 maxpacket: 16
[ 1260.485346][ T6032] usb 9-1: config 0 has an invalid interface number: 132 but max is 0
[ 1260.494121][ T6032] usb 9-1: config 0 has no interface number 0
[ 1260.502341][ T6032] usb 9-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[ 1260.512647][ T6032] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1260.570241][T16760] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1918'.
[ 1261.052727][ T6032] usb 9-1: Product: syz
[ 1261.060818][ T6032] usb 9-1: Manufacturer: syz
[ 1261.065916][ T6032] usb 9-1: SerialNumber: syz
[ 1261.098167][ T6032] usb 9-1: config 0 descriptor??
[ 1261.130871][ T6032] hub 9-1:0.132: bad descriptor, ignoring hub
[ 1261.387368][ T6032] hub 9-1:0.132: probe with driver hub failed with error -5
[ 1261.693302][ T6032] input: bcm5974 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.132/input/input58
[ 1262.438286][T16767] loop4: detected capacity change from 0 to 512
[ 1262.583851][T16772] batadv_slave_1: entered promiscuous mode
[ 1263.319233][T16767] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1263.468452][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1264.436174][T16775] batadv_slave_1: left promiscuous mode
[ 1264.613949][T10992] usb 9-1: USB disconnect, device number 5
[ 1265.082335][T16796] siw: device registration error -23
[ 1265.158850][T10992] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1265.331886][T10992] usb 9-1: Using ep0 maxpacket: 32
[ 1265.353282][T10992] usb 9-1: config 1 has an invalid interface number: 211 but max is 0
[ 1265.385718][T10992] usb 9-1: config 1 has no interface number 0
[ 1265.391927][T10992] usb 9-1: config 1 interface 211 has no altsetting 0
[ 1265.405932][T16803] loop6: detected capacity change from 0 to 1024
[ 1265.424354][T10992] usb 9-1: New USB device found, idVendor=33f7, idProduct=0004, bcdDevice=64.d9
[ 1265.443680][T10992] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1265.471056][T16803] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1265.484951][T10992] usb 9-1: Product: syz
[ 1265.498000][T10992] usb 9-1: Manufacturer: syz
[ 1265.506508][T16803] EXT4-fs (loop6): revision level too high, forcing read-only mode
[ 1265.523710][T10992] usb 9-1: SerialNumber: syz
[ 1265.538655][T16803] EXT4-fs (loop6): orphan cleanup on readonly fs
[ 1265.579094][T16803] __quota_error: 26 callbacks suppressed
[ 1265.579113][T16803] Quota error (device loop6): v2_read_file_info: Can't read info structure
[ 1265.644058][T16803] EXT4-fs warning (device loop6): ext4_enable_quotas:7183: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix.
[ 1265.687889][T16803] EXT4-fs (loop6): Cannot turn on quotas: error -5
[ 1265.710722][T16803] EXT4-fs (loop6): 1 truncate cleaned up
[ 1265.718258][T16803] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1265.790892][T10992] asix 9-1:1.211: probe with driver asix failed with error -71
[ 1265.813704][T13440] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1265.830952][T16811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1926'.
[ 1265.847651][T10992] usb 9-1: USB disconnect, device number 6
[ 1266.100258][ T9617] Bluetooth: hci3: command 0x0406 tx timeout
[ 1268.654517][   T52] Bluetooth: hci2: command 0x0406 tx timeout
[ 1268.703636][T16847] loop4: detected capacity change from 0 to 8
[ 1268.767295][T16847] squashfs image failed sanity check
[ 1269.311334][ T9617] Bluetooth: hci2: ACL packet for unknown connection handle 201
[ 1269.336007][ T5978] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 1269.703887][ T5978] usb 5-1: Using ep0 maxpacket: 32
[ 1269.715799][ T5978] usb 5-1: config 0 has an invalid interface number: 146 but max is 0
[ 1269.733873][ T5978] usb 5-1: config 0 has no interface number 0
[ 1269.750470][ T5978] usb 5-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1269.810455][ T5978] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1270.126119][ T5978] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[ 1270.514056][ T5978] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1270.547417][ T5978] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[ 1270.593312][ T5978] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1270.632541][T16875] loop8: detected capacity change from 0 to 512
[ 1270.639608][ T5978] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1271.017296][ T5978] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1271.027325][ T5978] usb 5-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1271.056294][ T5978] usb 5-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[ 1271.094543][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1271.100191][T16875] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[ 1271.102576][ T5978] usb 5-1: Product: syz
[ 1271.117452][ T5978] usb 5-1: Manufacturer: syz
[ 1271.122097][ T5978] usb 5-1: SerialNumber: syz
[ 1271.135840][ T5978] usb 5-1: config 0 descriptor??
[ 1271.145942][T16853] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1271.157204][ T5978] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk.
[ 1271.167700][ T5978] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out.
[ 1271.465458][T16875] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0
[ 1271.724297][T16875] EXT4-fs error (device loop8): ext4_acquire_dquot:6948: comm syz.8.1940: Failed to acquire dquot type 0
[ 1271.822961][T16875] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[ 1271.870914][T16875] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0
[ 1271.917775][T16875] EXT4-fs error (device loop8): ext4_acquire_dquot:6948: comm syz.8.1940: Failed to acquire dquot type 0
[ 1272.020835][ T5978] usb 5-1: USB disconnect, device number 3
[ 1272.030385][T16875] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[ 1272.091298][T16875] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0
[ 1272.408281][T16875] EXT4-fs error (device loop8): ext4_acquire_dquot:6948: comm syz.8.1940: Failed to acquire dquot type 0
[ 1272.681253][T16904] loop6: detected capacity change from 0 to 512
[ 1272.697682][T16875] EXT4-fs (loop8): 1 orphan inode deleted
[ 1272.711754][T16875] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1272.732402][T16875] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1272.755503][T16904] FAT-fs (loop6): Invalid FSINFO signature: 0x41008052, 0x61417272 (sector = 1)
[ 1272.779205][T16018] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1272.795457][T16904] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00010000)
[ 1273.632946][   T30] audit: type=1326 audit(1763569155.517:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16909 comm="syz.4.1950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1273.657774][   T30] audit: type=1326 audit(1763569155.527:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16909 comm="syz.4.1950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1274.003955][T16315] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1274.184091][T16315] usb 9-1: Using ep0 maxpacket: 32
[ 1274.207342][T16315] usb 9-1: config 8 has an invalid interface number: 203 but max is 0
[ 1274.218425][T16925] overlayfs: failed to clone upperpath
[ 1274.229828][T16315] usb 9-1: config 8 has no interface number 0
[ 1274.809406][T16315] usb 9-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1274.821454][T16315] usb 9-1: config 8 interface 203 altsetting 1 endpoint 0x83 has invalid maxpacket 1040, setting to 1024
[ 1274.833024][T16315] usb 9-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1274.843564][T16315] usb 9-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[ 1274.854107][T16315] usb 9-1: config 8 interface 203 altsetting 1 endpoint 0xD has invalid wMaxPacketSize 0
[ 1274.865008][T16315] usb 9-1: config 8 interface 203 has no altsetting 0
[ 1274.901109][T16315] usb 9-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[ 1274.923524][T16315] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1274.948004][T16315] usb 9-1: Product: syz
[ 1274.960042][T16315] usb 9-1: Manufacturer: syz
[ 1274.994544][T16315] usb 9-1: SerialNumber: syz
[ 1275.028187][T16916] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1275.054769][T16916] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1275.204025][ T5846] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1275.544058][ T5846] usb 5-1: Using ep0 maxpacket: 32
[ 1275.582787][ T5846] usb 5-1: config 0 has an invalid interface number: 247 but max is 0
[ 1275.604370][    C0] port100 9-1:8.203: NFC: Urb failure (status -71)
[ 1275.623341][    C0] port100 9-1:8.203: NFC: Urb failure (status -71)
[ 1275.631084][ T5846] usb 5-1: config 0 has no interface number 0
[ 1275.650453][T16315] port100 9-1:8.203: NFC: Could not get supported command types
[ 1275.715580][T16315] usb 9-1: USB disconnect, device number 7
[ 1275.747913][ T5846] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[ 1275.766041][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[ 1275.825568][ T5846] usb 5-1: Product: syz
[ 1275.852323][ T5846] usb 5-1: Manufacturer: syz
[ 1275.872962][ T5846] usb 5-1: config 0 descriptor??
[ 1276.122001][ T5846] usb 5-1: USB disconnect, device number 4
[ 1276.207542][T16967] loop6: detected capacity change from 0 to 512
[ 1276.224900][   T30] audit: type=1326 audit(1763571736.157:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1276.250520][T16967] EXT4-fs: Ignoring removed oldalloc option
[ 1276.261922][   T30] audit: type=1326 audit(1763571736.157:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1276.285068][   T30] audit: type=1326 audit(1763571736.157:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1276.311611][   T30] audit: type=1326 audit(1763571736.157:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1276.363577][   T30] audit: type=1326 audit(1763571736.157:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1276.403830][   T30] audit: type=1326 audit(1763571736.157:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1276.469926][T16967] EXT4-fs error (device loop6): ext4_xattr_inode_iget:437: comm syz.6.1963: Parent and EA inode have the same ino 15
[ 1276.503919][   T30] audit: type=1326 audit(1763571736.167:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1276.572056][   T30] audit: type=1326 audit(1763571736.167:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1277.328522][   T30] audit: type=1326 audit(1763571736.167:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1277.471371][   T30] audit: type=1326 audit(1763571736.167:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16965 comm="syz.8.1964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7d9118f749 code=0x7ffc0000
[ 1277.555806][T16985] loop4: detected capacity change from 0 to 128
[ 1277.608274][T16985] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1277.747309][T16985] ext4 filesystem being mounted at /38/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1277.928019][T16967] EXT4-fs error (device loop6): ext4_xattr_inode_iget:437: comm syz.6.1963: Parent and EA inode have the same ino 15
[ 1277.937381][T16996] loop8: detected capacity change from 0 to 512
[ 1277.983269][T16967] EXT4-fs (loop6): 1 orphan inode deleted
[ 1278.005991][T16967] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1278.024204][T16996] EXT4-fs: Ignoring removed i_version option
[ 1278.102831][T16996] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 1278.166975][T16996] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002]
[ 1278.199450][ T9617] Bluetooth: hci2: ACL packet for unknown connection handle 200
[ 1278.232524][T16996] System zones: 1-12
[ 1278.258660][T16996] EXT4-fs (loop8): orphan cleanup on readonly fs
[ 1278.307646][T16996] EXT4-fs error (device loop8): ext4_free_branches:1023: inode #11: comm syz.8.1971: invalid indirect mapped block 12 (level 1)
[ 1278.396922][T16996] EXT4-fs (loop8): Remounting filesystem read-only
[ 1278.419964][T16996] EXT4-fs (loop8): 1 truncate cleaned up
[ 1278.450689][T13440] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1278.509749][T16996] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 1278.685359][T16018] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 1279.100077][T17022] loop6: detected capacity change from 0 to 128
[ 1279.144551][T17022] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[ 1279.191139][T17022] hpfs: filesystem error: improperly stopped
[ 1279.212291][T17022] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[ 1279.283444][T17022] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[ 1279.333389][T17022] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[ 1280.255739][T17018] loop8: detected capacity change from 0 to 32768
[ 1280.854616][T17018] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1280.895444][T15496] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1281.150214][T17018] XFS (loop8): Ending clean mount
[ 1281.649730][T16018] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1282.495249][T17063] loop4: detected capacity change from 0 to 4096
[ 1282.516355][T17063] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[ 1282.559310][T17063] ntfs3(loop4): ino=19, mi_enum_attr
[ 1282.581673][T17063] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[ 1282.605604][T17063] ntfs3(loop4): Failed to initialize $Extend/$Reparse.
[ 1282.712844][T13917] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1283.438125][T17072] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1993'.
[ 1283.640037][T13917] usb 9-1: config 0 has an invalid interface number: 68 but max is 0
[ 1283.672637][T13917] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1283.728513][T13917] usb 9-1: config 0 has no interface number 0
[ 1283.771069][T17082] random: crng reseeded on system resumption
[ 1283.918753][T13917] usb 9-1: config 0 interface 68 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[ 1283.955428][T13917] usb 9-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=b6.43
[ 1283.972517][T13917] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1284.009065][T13917] usb 9-1: Product: syz
[ 1284.110502][T13917] usb 9-1: Manufacturer: syz
[ 1284.159715][T13917] usb 9-1: SerialNumber: syz
[ 1284.370311][T13917] usb 9-1: config 0 descriptor??
[ 1284.750480][T17095] loop6: detected capacity change from 0 to 128
[ 1284.814172][T13917] usb 9-1: USB disconnect, device number 8
[ 1286.442267][T17116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2007'.
[ 1287.902505][T17130] loop8: detected capacity change from 0 to 16
[ 1287.949985][T17130] erofs (device loop8): mounted with root inode @ nid 36.
[ 1289.144448][T17149] loop6: detected capacity change from 0 to 1024
[ 1289.186691][T17149] EXT4-fs: quotafile must be on filesystem root
[ 1289.381885][T16315] usb 9-1: new full-speed USB device number 9 using dummy_hcd
[ 1289.448474][T17157] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2022'.
[ 1290.076892][T16315] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1290.109942][T16315] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xEA, changing to 0x8A
[ 1290.145536][T16315] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 18268, setting to 64
[ 1290.204435][T16315] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0x6F, changing to 0xF
[ 1290.249602][T16315] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[ 1290.273338][T16315] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1290.287646][T16315] usb 9-1: config 155 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 11
[ 1290.353792][T16315] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1290.384021][T16315] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1290.983484][T16315] usb 9-1: Product: syz
[ 1291.005685][T16315] usb 9-1: Manufacturer: syz
[ 1291.011238][T16315] usb 9-1: SerialNumber: syz
[ 1291.024727][T17145] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1291.069728][    C0] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 1291.790966][T16315] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:155.0/input/input59
[ 1291.924665][T16315] imon:send_packet: error submitting urb(-90)
[ 1291.956651][T16315] imon 9-1:155.0: panel buttons/knobs setup failed
[ 1291.975560][T16315] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 1291.985937][T16315]  (id 0x00)
[ 1292.113102][T16315] rc_core: IR keymap rc-imon-pad not found
[ 1292.119010][T16315] Registered IR keymap rc-empty
[ 1292.165610][T16315] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 1292.199242][T16315] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1292.210130][T16315] imon:send_packet: error submitting urb(-90)
[ 1292.240401][T16315] imon 9-1:155.0: remote input dev register failed
[ 1292.667715][T16315] imon 9-1:155.0: imon_init_intf0: rc device setup failed
[ 1292.813165][T16315] imon 9-1:155.0: unable to initialize intf0, err 0
[ 1292.851543][T16315] imon:imon_probe: failed to initialize context!
[ 1292.857980][T16315] imon 9-1:155.0: unable to register, err -19
[ 1292.920896][T16315] usb 9-1: USB disconnect, device number 9
[ 1293.228418][T17199] siw: device registration error -23
[ 1293.935677][T17185] overlayfs: failed to clone upperpath
[ 1294.003114][T17206] loop8: detected capacity change from 0 to 256
[ 1294.538408][T17210] trusted_key: encrypted_key: insufficient parameters specified
[ 1295.948851][T17226] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2043'.
[ 1295.981963][T17226] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2043'.
[ 1297.326967][T17244] siw: device registration error -23
[ 1299.291260][T17263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2051'.
[ 1299.695977][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.702712][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.357135][T17272] loop8: detected capacity change from 0 to 512
[ 1300.547893][T17272] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1300.684463][T17272] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1301.310691][T16018] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1304.002925][   T30] kauditd_printk_skb: 16 callbacks suppressed
[ 1304.002941][   T30] audit: type=1800 audit(1763571763.942:658): pid=17322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2076" name="cpuacct.usage_percpu" dev="overlay" ino=333 res=0 errno=0
[ 1304.818865][T17333] loop4: detected capacity change from 0 to 16
[ 1304.885362][T17333] erofs (device loop4): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[ 1304.939828][T17333] erofs (device loop4): mounted with root inode @ nid 36.
[ 1305.013455][T17333] syz.4.2078: attempt to access beyond end of device
[ 1305.013455][T17333] loop4: rw=0, sector=301990144, nr_sectors = 2 limit=16
[ 1305.046684][T17333] erofs (device loop4): read error -5 @ 0 of nid 36
[ 1305.672258][T17348] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2081'.
[ 1305.936958][T17355] ipt_ECN: cannot use operation on non-tcp rule
[ 1307.055214][T17361] overlayfs: failed to clone upperpath
[ 1307.973110][ T9617] Bluetooth: hci5: unexpected cc 0x2002 length: 1 < 4
[ 1308.129787][T17388] netlink: 'syz.6.2101': attribute type 21 has an invalid length.
[ 1308.138377][T17388] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2101'.
[ 1308.743158][T17393] x_tables: ip6_tables: sctp match: only valid for protocol 132
[ 1310.891033][T17423] @: renamed from vlan0 (while UP)
[ 1310.988934][T17418] overlayfs: failed to clone upperpath
[ 1311.447270][T17449] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2117'.
[ 1311.902302][T17444] hub 9-0:1.0: USB hub found
[ 1311.908861][T17444] hub 9-0:1.0: 1 port detected
[ 1312.381900][ T9617] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 1312.392832][ T9617] Bluetooth: hci5: Injecting HCI hardware error event
[ 1312.413125][   T52] Bluetooth: hci5: hardware error 0x00
[ 1312.668549][T17463] program syz.6.2125 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1314.420712][   T30] audit: type=1800 audit(1763571774.364:659): pid=17479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2129" name="cpuacct.usage_percpu" dev="overlay" ino=414 res=0 errno=0
[ 1314.647996][   T52] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 1315.506849][T17512] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2139'.
[ 1316.313445][T17517] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1318.769517][T17555] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2158'.
[ 1319.266036][T17565] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2164'.
[ 1319.778796][T17572] loop6: detected capacity change from 0 to 128
[ 1319.948793][T17572] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1319.962824][T17572] ext4 filesystem being mounted at /165/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1321.545021][T13440] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1322.366086][T17603] comedi comedi2: Cannot bond this driver to itself!
[ 1322.857370][T17614] siw: device registration error -23
[ 1323.212691][T17618] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2180'.
[ 1323.956205][T17627] ieee802154 phy0 wpan0: encryption failed: -22
[ 1325.463984][T17644] loop6: detected capacity change from 0 to 128
[ 1325.510423][T17644] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1325.717619][T17644] ext4 filesystem being mounted at /168/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1325.785835][   T30] audit: type=1800 audit(1763571785.726:660): pid=17648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.2191" name="cpuacct.usage_percpu" dev="overlay" ino=332 res=0 errno=0
[ 1325.919188][   T52] Bluetooth: hci3: unexpected event for opcode 0x2028
[ 1327.141723][T17663] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2195'.
[ 1327.155176][T17667] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1328.189346][T17675] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2199'.
[ 1328.705632][T17680] ALSA: mixer_oss: invalid OSS volume ' €'
[ 1330.091952][T13440] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1330.233119][   T30] audit: type=1800 audit(1763571790.176:661): pid=17696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2205" name="cpuacct.usage_percpu" dev="overlay" ino=520 res=0 errno=0
[ 1330.461788][T17701] trusted_key: encrypted_key: insufficient parameters specified
[ 1331.814074][T17722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2212'.
[ 1332.402447][T17723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2214'.
[ 1332.456105][T17723] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[ 1332.723119][T17735] xt_TCPMSS: Only works on TCP SYN packets
[ 1332.881254][T17739] trusted_key: encrypted_key: insufficient parameters specified
[ 1332.946193][T17741] loop8: detected capacity change from 0 to 128
[ 1332.990775][T17741] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1333.133574][T17741] ext4 filesystem being mounted at /63/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1334.700545][T16018] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1335.536676][   T52] Bluetooth: hci1: unexpected event for opcode 0x0c47
[ 1335.659868][T17771] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2233'.
[ 1335.763163][   T30] audit: type=1800 audit(1763571795.707:662): pid=17767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2231" name="cpuacct.usage_percpu" dev="overlay" ino=560 res=0 errno=0
[ 1336.338514][T17779] trusted_key: encrypted_key: insufficient parameters specified
[ 1337.517497][T17795] netlink: 100 bytes leftover after parsing attributes in process `syz.6.2241'.
[ 1337.742052][T17799] siw: device registration error -23
[ 1338.478278][T17805] siw: device registration error -23
[ 1339.162722][   T30] audit: type=1800 audit(1763571799.108:663): pid=17812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2247" name="cpuacct.usage_percpu" dev="overlay" ino=585 res=0 errno=0
[ 1339.257670][T17815] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 3, id = 0
[ 1339.835853][T17823] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2252'.
[ 1339.858250][T17825] ieee802154 phy0 wpan0: encryption failed: -22
[ 1339.863712][T17823] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[ 1341.620230][T17841] loop4: detected capacity change from 0 to 1764
[ 1341.868524][T17841] iso9660: Corrupted directory entry in block 14 of inode 1920
[ 1341.885810][T17847] siw: device registration error -23
[ 1343.259466][T17858] trusted_key: encrypted_key: insufficient parameters specified
[ 1343.665865][T17869] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2264'.
[ 1343.724863][T17870] loop4: detected capacity change from 0 to 1764
[ 1344.570096][T17870] iso9660: Corrupted directory entry in block 2 of inode 1920
[ 1344.988903][T17890] siw: device registration error -23
[ 1345.705536][T17901] loop6: detected capacity change from 0 to 16
[ 1345.769889][T17901] erofs (device loop6): mounted with root inode @ nid 36.
[ 1345.785898][T17899] loop4: detected capacity change from 0 to 4096
[ 1345.915968][T17907] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1346.064523][T17899] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[ 1346.354286][T17899] Remounting filesystem read-only
[ 1347.269717][T17929] loop4: detected capacity change from 0 to 4096
[ 1347.297166][T17929] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[ 1347.333436][T17931] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 1347.359973][T17929] ntfs3(loop4): ino=3, mi_enum_attr
[ 1347.402829][T17933] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2290'.
[ 1347.428680][T17933] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2290'.
[ 1347.805677][T17939] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2292'.
[ 1347.882329][T17940] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2291'.
[ 1348.488846][T17944] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2293'.
[ 1348.578454][T17946] loop5: detected capacity change from 0 to 7
[ 1348.620664][T17946] Dev loop5: unable to read RDB block 7
[ 1348.643544][T17946]  loop5: unable to read partition table
[ 1348.671235][T17946] loop5: partition table beyond EOD, truncated
[ 1348.710976][T17946] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰üg¾CêjÌ–ã¢P=×!MX‹ºÐ	œëÜ%õ«`Éæ�˜Èµ4FLQkÝŠ5) failed (rc=-5)
[ 1348.757779][T17952] ip6tnl1: entered promiscuous mode
[ 1348.763340][T17952] ip6tnl1: entered allmulticast mode
[ 1348.770295][T17952] team0: Device ip6tnl1 is of different type
[ 1348.872074][T13917] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 1348.911173][T17954] overlayfs: failed to clone upperpath
[ 1349.062010][T13917] usb 5-1: Using ep0 maxpacket: 32
[ 1349.069290][T13917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1349.091885][T13917] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1349.107805][T13917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1349.117935][T13917] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1349.127783][T13917] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1349.165419][T13917] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1349.184930][T13917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1349.208914][T13917] usb 5-1: config 0 descriptor??
[ 1349.860623][T13917] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1349.909141][T13917] usb 5-1: USB disconnect, device number 5
[ 1349.941370][T13917] usblp0: removed
[ 1350.775476][T17977] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2304'.
[ 1350.784526][T17977] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2304'.
[ 1351.213280][T17983] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2306'.
[ 1351.843596][T17987] loop4: detected capacity change from 0 to 2048
[ 1351.942917][T17993] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1352.456438][T18003] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2311'.
[ 1352.534193][   T52] Bluetooth: hci1: unexpected event for opcode 0x2005
[ 1352.893906][T18015] loop4: detected capacity change from 0 to 1024
[ 1352.942426][T18015] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[ 1353.002683][T18015] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1353.054121][T18015] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1353.081496][T18015] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1353.093997][T18015] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.2317: Inode bitmap for bg 0 marked uninitialized
[ 1353.643380][T18026] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2321'.
[ 1353.672102][T18015] EXT4-fs (loop4): Remounting filesystem read-only
[ 1353.702533][T18015] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1353.801930][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1355.299421][T18031] loop4: detected capacity change from 0 to 32768
[ 1355.900372][   T30] audit: type=1326 audit(1763571815.841:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18058 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1355.928378][   T30] audit: type=1326 audit(1763571815.861:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18058 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1356.024264][   T30] audit: type=1326 audit(1763571815.861:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18058 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1356.124096][   T30] audit: type=1326 audit(1763571815.861:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18058 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1356.334389][T18064] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2334'.
[ 1357.077123][   T30] audit: type=1326 audit(1763571815.861:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18058 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f271378f749 code=0x7ffc0000
[ 1357.318092][T18073] siw: device registration error -23
[ 1357.428910][T18074] overlayfs: failed to clone upperpath
[ 1358.299791][T18081] loop4: detected capacity change from 0 to 512
[ 1358.315145][T18082] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2338'.
[ 1358.335689][T18081] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1)
[ 1358.479310][T18081] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1358.532818][T18078] hub 9-0:1.0: USB hub found
[ 1358.538681][T18078] hub 9-0:1.0: 1 port detected
[ 1358.779340][T18081] FAT-fs (loop4): FAT read failed (blocknr 128)
[ 1358.983582][   T30] audit: type=1800 audit(1763571818.921:669): pid=18094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2343" name="cpuacct.usage_percpu" dev="overlay" ino=1147 res=0 errno=0
[ 1360.014648][T18113] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode
[ 1360.091515][T18113] macsec0: entered allmulticast mode
[ 1360.097571][T18113] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode
[ 1360.627029][T18124] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2348'.
[ 1360.729133][T18128] loop8: detected capacity change from 0 to 64
[ 1361.129047][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.137043][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1362.117101][T18148] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2361'.
[ 1362.199808][   T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 1362.392644][   T24] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[ 1362.444884][   T24] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1362.520455][   T24] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1362.589204][   T24] usb 5-1: config 220 has no interface number 2
[ 1362.630644][   T24] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1362.737745][   T24] usb 5-1: config 220 interface 0 has no altsetting 0
[ 1362.765060][   T24] usb 5-1: config 220 interface 76 has no altsetting 0
[ 1362.795412][   T24] usb 5-1: config 220 interface 1 has no altsetting 0
[ 1362.834946][   T24] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1362.873932][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1362.904361][   T24] usb 5-1: Product: syz
[ 1362.908747][   T24] usb 5-1: Manufacturer: syz
[ 1362.954204][   T24] usb 5-1: SerialNumber: syz
[ 1363.243804][   T24] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1363.291437][   T24] uvcvideo 5-1:220.0: No valid video chain found.
[ 1363.298048][   T24] usb 5-1: selecting invalid altsetting 0
[ 1363.423267][   T24] usb 5-1: selecting invalid altsetting 0
[ 1363.451831][   T24] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[ 1363.518571][   T24] usb 5-1: USB disconnect, device number 6
[ 1363.716838][T18155] loop8: detected capacity change from 0 to 2048
[ 1363.911912][T17994]  loop8: p2 < > p4
[ 1363.945115][T17994] loop8: p4 size 262144 extends beyond EOD, truncated
[ 1364.067147][T18164] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2363'.
[ 1364.499394][T18155]  loop8: p2 < > p4
[ 1364.524152][T18155] loop8: p4 size 262144 extends beyond EOD, truncated
[ 1365.075107][T17994] udevd[17994]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory
[ 1365.086432][T16593] udevd[16593]: inotify_add_watch(7, /dev/loop8p4, 10) failed: No such file or directory
[ 1366.677690][T18200] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2377'.
[ 1366.781770][T18200] hub 9-0:1.0: USB hub found
[ 1366.797782][T18200] hub 9-0:1.0: 1 port detected
[ 1367.144511][T18204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2373'.
[ 1367.405315][T18212] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2381'.
[ 1367.572871][T18210] hub 9-0:1.0: USB hub found
[ 1367.591878][T18210] hub 9-0:1.0: 1 port detected
[ 1368.040458][   T30] audit: type=1800 audit(1763571827.992:670): pid=18218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2385" name="cpuacct.usage_percpu" dev="overlay" ino=1177 res=0 errno=0
[ 1368.189504][T18223] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2387'.
[ 1368.337242][T18207] loop4: detected capacity change from 0 to 32768
[ 1368.337327][T18226] loop8: detected capacity change from 0 to 64
[ 1368.830634][T18207] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1369.026198][T18207] XFS (loop4): Ending clean mount
[ 1369.311879][T15496] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1369.330195][T18247] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2390'.
[ 1370.212157][T18254] loop8: detected capacity change from 0 to 512
[ 1370.215877][T18255] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2395'.
[ 1370.294438][T18254] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[ 1370.405593][T18254] UDF-fs: error (device loop8): udf_verify_fi: directory (ino 21) has entry past directory size at pos 128
[ 1370.928008][T18266] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2392'.
[ 1371.056170][T18270] siw: device registration error -23
[ 1371.095720][T18269] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2399'.
[ 1371.412697][T18274] trusted_key: encrypted_key: insufficient parameters specified
[ 1371.842386][T18260] loop8: detected capacity change from 0 to 32768
[ 1371.878366][T18260] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.2397 (18260)
[ 1371.974822][T18260] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1372.043124][T18260] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm
[ 1372.347773][T18260] BTRFS info (device loop8): enabling ssd optimizations
[ 1372.419276][T18260] BTRFS info (device loop8): turning on async discard
[ 1372.426098][T18260] BTRFS info (device loop8): enabling free space tree
[ 1372.667299][T16018] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1373.819418][T18309] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2406'.
[ 1374.736414][T18329] siw: device registration error -23
[ 1375.611948][T18306] loop6: detected capacity change from 0 to 32768
[ 1375.772957][T18306] XFS (loop6): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[ 1375.826924][T18344] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2419'.
[ 1375.852125][T18352] trusted_key: encrypted_key: insufficient parameters specified
[ 1375.980506][T18306] XFS (loop6): Starting recovery (logdev: internal)
[ 1376.108775][T18360] siw: device registration error -23
[ 1376.191240][T18306] XFS (loop6): Ending recovery (logdev: internal)
[ 1376.308075][T13440] XFS (loop6): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[ 1377.421983][T18381] loop6: detected capacity change from 0 to 1024
[ 1377.534594][ T8928] hfsplus: b-tree write err: -5, ino 4
[ 1377.577719][ T5846] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 1377.737659][ T5846] usb 5-1: Using ep0 maxpacket: 8
[ 1377.747707][ T5846] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1377.755283][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1377.783370][ T5846] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1377.828580][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1377.883925][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1377.935700][ T5846] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1377.964565][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1378.021280][ T5846] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1378.049775][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1378.067457][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1378.636170][ T5846] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1378.767199][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1378.779406][ T5846] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1378.793640][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1378.837069][ T5846] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1378.851359][T18400] overlayfs: failed to resolve './file1/file0': -2
[ 1378.870072][ T5846] usb 5-1: string descriptor 0 read error: -22
[ 1378.874370][T18402] overlayfs: failed to clone upperpath
[ 1378.876563][ T5846] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1378.905632][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1378.957852][ T5846] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1379.204382][ T6418] usb 5-1: USB disconnect, device number 7
[ 1383.589151][T18467] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[ 1383.707176][T18467] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[ 1383.873315][T18473] loop6: detected capacity change from 0 to 128
[ 1384.617617][T18473] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1384.666336][T18473] ext4 filesystem being mounted at /218/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1384.981079][T18477] overlayfs: failed to resolve './file1/file0': -2
[ 1385.342789][T13917] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1385.920468][   T30] audit: type=1800 audit(1763571845.875:671): pid=18495 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2473" name="cpuacct.usage_percpu" dev="overlay" ino=797 res=0 errno=0
[ 1385.976565][T13917] usb 9-1: Using ep0 maxpacket: 8
[ 1385.985531][T13917] usb 9-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[ 1386.035831][T13917] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1386.043872][T13917] usb 9-1: Product: syz
[ 1386.100528][T13917] usb 9-1: Manufacturer: syz
[ 1386.105174][T13917] usb 9-1: SerialNumber: syz
[ 1386.122942][T13917] usb 9-1: config 0 descriptor??
[ 1386.134003][T13917] gspca_main: sq930x-2.14.0 probing 2770:930c
[ 1386.869994][T13917] gspca_sq930x: reg_w 0305 fd00 failed -71
[ 1387.015166][T13917] sq930x 9-1:0.0: probe with driver sq930x failed with error -71
[ 1387.195965][T13917] usb 9-1: USB disconnect, device number 10
[ 1388.012936][T13440] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1389.676586][T18542] siw: device registration error -23
[ 1390.674809][   T52] Bluetooth: hci3: unexpected event for opcode 0x0c14
[ 1390.949890][T18563] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2495'.
[ 1391.225661][T16028] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 1391.394993][T16028] usb 5-1: Using ep0 maxpacket: 8
[ 1391.447041][T16028] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1391.490422][T16028] usb 5-1: config 4 has an invalid interface number: 30 but max is 0
[ 1391.509555][T16028] usb 5-1: config 4 has no interface number 0
[ 1391.526930][T16028] usb 5-1: config 4 interface 30 has no altsetting 0
[ 1391.561320][T16028] usb 5-1: string descriptor 0 read error: -22
[ 1391.582021][T16028] usb 5-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[ 1391.610073][T16028] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1391.668265][T16028] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[ 1391.701045][T16028] dw2102: su3000_power_ctrl: 1, initialized 0
[ 1391.732543][T16028] dvb-usb: bulk message failed: -22 (2/0)
[ 1391.759238][T18571] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2498'.
[ 1391.826368][T16028] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1391.880922][T18565] dvb-usb: bulk message failed: -22 (4/0)
[ 1391.920134][T18570] hub 9-0:1.0: USB hub found
[ 1391.928766][T16028] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[ 1391.944835][T18565] dw2102: i2c transfer failed.
[ 1391.952944][T18570] hub 9-0:1.0: 1 port detected
[ 1391.961533][T18565] dvb-usb: bulk message failed: -22 (4/0)
[ 1391.969418][T16028] usb 5-1: media controller created
[ 1391.980131][T18565] dw2102: i2c transfer failed.
[ 1391.992171][T16028] dvb-usb: bulk message failed: -22 (6/0)
[ 1391.992240][T16028] dw2102: i2c transfer failed.
[ 1391.993270][T16028] dvb-usb: bulk message failed: -22 (6/0)
[ 1391.993290][T16028] dw2102: i2c transfer failed.
[ 1391.993307][T16028] dvb-usb: bulk message failed: -22 (6/0)
[ 1391.993315][T16028] dw2102: i2c transfer failed.
[ 1391.993323][T16028] dvb-usb: bulk message failed: -22 (6/0)
[ 1391.993330][T16028] dw2102: i2c transfer failed.
[ 1391.993338][T16028] dvb-usb: bulk message failed: -22 (6/0)
[ 1391.993345][T16028] dw2102: i2c transfer failed.
[ 1391.993353][T16028] dvb-usb: bulk message failed: -22 (6/0)
[ 1391.993359][T16028] dw2102: i2c transfer failed.
[ 1391.993365][T16028] dvb-usb: MAC address: 02:02:02:02:02:02
[ 1392.077411][T16028] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1392.177627][T16028] dvb-usb: bulk message failed: -22 (3/0)
[ 1392.177680][T16028] dw2102: command 0x0e transfer failed.
[ 1392.177719][T16028] dvb-usb: bulk message failed: -22 (3/0)
[ 1392.177731][T16028] dw2102: command 0x0e transfer failed.
[ 1392.484884][T16028] dvb-usb: bulk message failed: -22 (3/0)
[ 1392.484908][T16028] dw2102: command 0x0e transfer failed.
[ 1392.484918][T16028] dvb-usb: bulk message failed: -22 (3/0)
[ 1392.484950][T16028] dw2102: command 0x0e transfer failed.
[ 1392.484958][T16028] dvb-usb: bulk message failed: -22 (1/0)
[ 1392.484970][T16028] dw2102: command 0x51 transfer failed.
[ 1392.484977][T16028] dvb-usb: bulk message failed: -22 (5/0)
[ 1392.484988][T16028] dw2102: i2c probe for address 0x68 failed.
[ 1392.484998][T16028] dvb-usb: bulk message failed: -22 (5/0)
[ 1392.485010][T16028] dw2102: i2c probe for address 0x69 failed.
[ 1392.485020][T16028] dvb-usb: bulk message failed: -22 (5/0)
[ 1392.485030][T16028] dw2102: i2c probe for address 0x6a failed.
[ 1392.485039][T16028] dw2102: probing for demodulator failed. Is the external power switched on?
[ 1392.485049][T16028] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[ 1392.563682][T18580] siw: device registration error -23
[ 1393.305632][T16028] rc_core: IR keymap rc-tt-1500 not found
[ 1393.305652][T16028] Registered IR keymap rc-empty
[ 1393.307605][T16028] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[ 1393.309954][T16028] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input62
[ 1393.334298][T16028] dvb-usb: schedule remote query interval to 250 msecs.
[ 1393.334323][T16028] dw2102: su3000_power_ctrl: 0, initialized 1
[ 1393.334336][T16028] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[ 1393.346846][T16028] usb 5-1: USB disconnect, device number 8
[ 1394.165410][T16028] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[ 1394.694235][T18600] overlayfs: overlapping lowerdir path
[ 1394.788336][T18604] loop6: detected capacity change from 0 to 2048
[ 1394.867812][T17994]  loop6: p1 p2 < > p3 p4 < p5 >
[ 1394.878760][T17994] loop6: partition table partially beyond EOD, truncated
[ 1394.890213][T17994] loop6: p2 start 4294934784 is beyond EOD, truncated
[ 1394.901208][T17994] loop6: p3 start 3724543488 is beyond EOD, truncated
[ 1394.943828][T18604]  loop6: p1 p2 < > p3 p4 < p5 >
[ 1394.958471][T18604] loop6: partition table partially beyond EOD, truncated
[ 1395.004674][T18604] loop6: p2 start 4294934784 is beyond EOD, truncated
[ 1395.039334][T18604] loop6: p3 start 3724543488 is beyond EOD, truncated
[ 1395.133845][T18611] loop4: detected capacity change from 0 to 128
[ 1395.313078][T18611] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1395.700537][T18611] ext4 filesystem being mounted at /141/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1395.737953][T17994] udevd[17994]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[ 1395.883787][T16594] udevd[16594]: inotify_add_watch(7, /dev/loop6p5, 10) failed: No such file or directory
[ 1395.912901][T16595] udevd[16595]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory
[ 1396.650628][T18631] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2513'.
[ 1396.666228][T16593] udevd[16593]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory
[ 1396.676829][T16595] udevd[16595]: inotify_add_watch(7, /dev/loop6p5, 10) failed: No such file or directory
[ 1396.703606][T17994] udevd[17994]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[ 1396.862108][T18631] hub 9-0:1.0: USB hub found
[ 1396.888196][T18631] hub 9-0:1.0: 1 port detected
[ 1397.111578][T18639] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2515'.
[ 1397.259747][T18636] hub 9-0:1.0: USB hub found
[ 1397.305733][T18636] hub 9-0:1.0: 1 port detected
[ 1397.565107][T18646] overlayfs: failed to clone upperpath
[ 1397.865260][T18653] 8021q: adding VLAN 0 to HW filter on device team0
[ 1398.322072][T18653] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1399.664429][T15496] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1399.772187][   T30] audit: type=1326 audit(1763571859.728:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1399.953342][   T30] audit: type=1326 audit(1763571859.758:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1400.220436][   T30] audit: type=1326 audit(1763571859.758:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1400.298135][   T30] audit: type=1326 audit(1763571859.758:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1401.093176][   T30] audit: type=1326 audit(1763571859.768:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1401.335725][   T30] audit: type=1326 audit(1763571859.768:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1401.372289][   T30] audit: type=1326 audit(1763571859.778:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1401.568264][   T30] audit: type=1326 audit(1763571859.778:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1401.812132][   T30] audit: type=1326 audit(1763571859.778:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1402.083931][   T30] audit: type=1326 audit(1763571859.778:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18664 comm="syz.1.2526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1668f8f749 code=0x7ffc0000
[ 1402.228335][T18686] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2531'.
[ 1402.548521][T18689] siw: device registration error -23
[ 1402.686279][T18691] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2532'.
[ 1402.820383][T18691] hub 9-0:1.0: USB hub found
[ 1402.839001][T18691] hub 9-0:1.0: 1 port detected
[ 1403.141137][T18693] loop8: detected capacity change from 0 to 256
[ 1403.190470][T18693] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xf5596061, utbl_chksum : 0xe619d30d)
[ 1403.875871][T13256] usb 9-1: new full-speed USB device number 11 using dummy_hcd
[ 1404.215552][T13256] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1404.477390][T13256] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1404.492435][T13256] usb 9-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 1404.503472][T13256] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1404.522524][T13256] usb 9-1: config 0 descriptor??
[ 1405.322940][T13256] elan 0003:04F3:0755.0004: failed to start in urb: -90
[ 1405.330582][T18715] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2538'.
[ 1405.391808][T18705] overlayfs: failed to clone upperpath
[ 1405.479612][T13256] elan 0003:04F3:0755.0004: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.8-1/input0
[ 1405.601864][T13256] usb 9-1: USB disconnect, device number 11
[ 1405.743202][T18719] fido_id[18719]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[ 1405.877905][T18725] overlayfs: overlapping lowerdir path
[ 1405.935750][T18728] loop6: detected capacity change from 0 to 4096
[ 1407.279858][T18748] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2550'.
[ 1407.700457][T18762] loop6: detected capacity change from 0 to 128
[ 1407.742318][T13917] usb 9-1: new low-speed USB device number 12 using dummy_hcd
[ 1407.754978][T18762] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1407.831967][T18762] ext4 filesystem being mounted at /232/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1407.934908][T13917] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1408.082686][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1408.106586][T13917] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1408.132304][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1408.266301][T18773] loop4: detected capacity change from 0 to 1024
[ 1408.273159][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1408.294335][T13917] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1408.301790][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1408.315875][T13917] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1408.328785][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1408.341663][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1409.037032][T13917] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1409.065271][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1409.106825][T13917] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1409.129980][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1409.204475][T13917] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1409.258020][T13917] usb 9-1: string descriptor 0 read error: -22
[ 1409.269005][T13917] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1409.302188][T13917] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1409.351726][T13917] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1409.576215][T13917] usb 9-1: USB disconnect, device number 12
[ 1411.133712][T18808] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2575'.
[ 1411.210559][T18804] hub 9-0:1.0: USB hub found
[ 1411.225861][T18804] hub 9-0:1.0: 1 port detected
[ 1411.330261][T13440] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1411.466179][T18816] misc userio: No port type given on /dev/userio
[ 1412.109985][T18826] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2582'.
[ 1412.111946][   T52] Bluetooth: hci1: unexpected event for opcode 0x1407
[ 1412.293277][T18805] loop8: detected capacity change from 0 to 32768
[ 1412.384135][T18836] loop4: detected capacity change from 0 to 128
[ 1412.422339][T18805] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1412.605590][T18836] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[ 1413.219776][T15496] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1413.246933][T18852] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security
[ 1413.417522][T18856] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2590'.
[ 1413.442865][T18856] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2590'.
[ 1413.456767][T18805] XFS (loop8): Ending clean mount
[ 1413.532704][T18861] loop4: detected capacity change from 0 to 128
[ 1413.613296][T16018] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1413.646939][T18861] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1413.673211][T18861] ext4 filesystem being mounted at /158/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1413.971607][T18870] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2593'.
[ 1414.678206][T18890] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2600'.
[ 1416.377579][T15496] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1416.441011][ T5846] usb 9-1: new full-speed USB device number 13 using dummy_hcd
[ 1416.471307][T18910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2607'.
[ 1416.641248][T18911] loop4: detected capacity change from 0 to 256
[ 1416.648908][T18909] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2608'.
[ 1416.794123][T18911] FAT-fs (loop4): Directory bread(block 64) failed
[ 1416.841202][T18911] FAT-fs (loop4): Directory bread(block 65) failed
[ 1416.842003][ T5846] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1416.868198][T18911] FAT-fs (loop4): Directory bread(block 66) failed
[ 1416.880861][ T5846] usb 9-1: config 0 has no interface number 0
[ 1416.892568][ T5846] usb 9-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1416.903137][ T5846] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1416.910572][T18911] FAT-fs (loop4): Directory bread(block 67) failed
[ 1416.921461][ T5846] usb 9-1: config 0 descriptor??
[ 1416.947508][T18911] FAT-fs (loop4): Directory bread(block 68) failed
[ 1416.965019][ T5846] usb 9-1: selecting invalid altsetting 1
[ 1416.971543][T18911] FAT-fs (loop4): Directory bread(block 69) failed
[ 1416.971658][T18911] FAT-fs (loop4): Directory bread(block 70) failed
[ 1416.971680][T18911] FAT-fs (loop4): Directory bread(block 71) failed
[ 1417.008088][ T5846] dvb_ttusb_budget: ttusb_init_controller: error
[ 1417.022720][ T5846] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1417.035291][T18911] FAT-fs (loop4): Directory bread(block 72) failed
[ 1417.081967][T18911] FAT-fs (loop4): Directory bread(block 73) failed
[ 1417.201546][ T5846] DVB: Unable to find symbol cx22700_attach()
[ 1417.266909][ T5846] DVB: Unable to find symbol tda10046_attach()
[ 1417.274219][ T5846] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1417.306596][ T5846] usb 9-1: USB disconnect, device number 13
[ 1417.429025][T18905] loop6: detected capacity change from 0 to 32768
[ 1417.534585][T18930] overlayfs: failed to clone upperpath
[ 1417.964828][T18905] JBD2: Ignoring recovery information on journal
[ 1418.187434][T18936] loop4: detected capacity change from 0 to 128
[ 1418.830014][T18905] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[ 1418.862418][T18936] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1418.963356][T18936] ext4 filesystem being mounted at /160/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1419.548837][T13440] ocfs2: Unmounting device (7,6) on (node local)
[ 1421.797559][T18986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2632'.
[ 1422.661035][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.667372][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1422.949927][T19008] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2638'.
[ 1422.969939][T19008] gre0: left promiscuous mode
[ 1422.979991][T19008] gre0: left allmulticast mode
[ 1423.230294][T15496] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1424.299407][T19019] loop4: detected capacity change from 0 to 64
[ 1424.689025][T19023] overlayfs: failed to clone upperpath
[ 1425.204988][T19025] [U] ùÿ
[ 1426.511301][T19035] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2648'.
[ 1426.521087][T19035] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2648'.
[ 1426.542359][T19040] loop4: detected capacity change from 0 to 256
[ 1426.614143][T19017] loop6: detected capacity change from 0 to 32768
[ 1426.647872][T19017] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2643 (19017)
[ 1426.693524][T19040] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x19755df0, utbl_chksum : 0xe619d30d)
[ 1426.753941][T19017] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1426.796348][T19040] exFAT-fs (loop4): error, in sector 160, dentry 12 should be unused, but 0x85
[ 1426.809771][T19017] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[ 1426.845718][T19040] exFAT-fs (loop4): Filesystem has been set read-only
[ 1427.037156][T19017] BTRFS info (device loop6): enabling ssd optimizations
[ 1427.053164][T19017] BTRFS info (device loop6): turning on async discard
[ 1427.374794][T19017] BTRFS info (device loop6): enabling free space tree
[ 1427.568572][T13440] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1427.885081][T19077] overlayfs: missing 'workdir'
[ 1428.394315][T19079] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2649'.
[ 1428.604560][T19080] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2656'.
[ 1428.959091][T19087] trusted_key: encrypted_key: insufficient parameters specified
[ 1430.864057][T19097] overlayfs: overlapping lowerdir path
[ 1430.894017][T19083] loop6: detected capacity change from 0 to 32768
[ 1430.929683][T19083] (syz.6.2658,19083,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1430.961708][T19083] (syz.6.2658,19083,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1430.983423][T19104] tipc: Started in network mode
[ 1430.988318][T19104] tipc: Node identity , cluster identity 4711
[ 1430.995041][T19104] tipc: Failed to set node id, please configure manually
[ 1431.012570][T19104] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1431.027547][T19083] JBD2: Ignoring recovery information on journal
[ 1431.090390][   T52] Bluetooth: hci2: unexpected Set CIG Parameters response data
[ 1431.101188][   T52] Bluetooth: hci2: unexpected event for opcode 0x2062
[ 1431.137708][T19083] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[ 1431.361211][T19113] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.2668'.
[ 1431.484392][T19116] overlayfs: missing 'workdir'
[ 1432.070508][T19119] overlayfs: failed to clone upperpath
[ 1432.233993][T19127] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2671'.
[ 1432.284165][T13440] ocfs2: Unmounting device (7,6) on (node local)
[ 1432.323234][T19123] hub 9-0:1.0: USB hub found
[ 1432.337328][T19123] hub 9-0:1.0: 1 port detected
[ 1432.599880][T19138] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2678'.
[ 1432.663404][T19138] hub 9-0:1.0: USB hub found
[ 1432.672778][T19138] hub 9-0:1.0: 1 port detected
[ 1433.534002][T19145] overlayfs: failed to clone upperpath
[ 1433.928234][T19161] overlayfs: missing 'workdir'
[ 1434.677807][T19171] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2687'.
[ 1435.190109][   T52] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 1435.199978][   T52] Bluetooth: hci2: Injecting HCI hardware error event
[ 1435.217744][ T5834] Bluetooth: hci2: hardware error 0x00
[ 1435.593264][T19180] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2681'.
[ 1436.639430][ T6105] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1436.719889][T19199] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2689'.
[ 1436.817608][ T6105] usb 5-1: Using ep0 maxpacket: 32
[ 1436.830249][ T6105] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1436.872244][ T6105] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1436.902112][ T6105] usb 5-1: config 0 descriptor??
[ 1437.163289][ T6105] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1437.185458][ T6105] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1437.230742][ T6105] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1437.240635][ T6105] usb 5-1: media controller created
[ 1437.271305][ T6105] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1437.382481][ T6105] az6027: usb out operation failed. (-71)
[ 1437.408442][ T6105] az6027: usb out operation failed. (-71)
[ 1437.414745][ T6105] stb0899_attach: Driver disabled by Kconfig
[ 1437.431258][ T6105] az6027: no front-end attached
[ 1437.431258][ T6105] 
[ 1437.445888][ T6105] az6027: usb out operation failed. (-71)
[ 1437.460822][ T6105] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1437.477834][ T6105] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input64
[ 1437.542872][ T6105] dvb-usb: schedule remote query interval to 400 msecs.
[ 1437.580473][ T6105] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1437.598570][ T5834] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 1437.660499][ T6105] usb 5-1: USB disconnect, device number 9
[ 1437.843616][ T6105] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1438.121074][T19218] overlayfs: overlapping lowerdir path
[ 1438.356200][T19227] trusted_key: encrypted_key: insufficient parameters specified
[ 1439.515776][T19240] loop4: detected capacity change from 0 to 512
[ 1439.536915][T19240] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1439.656367][T19240] EXT4-fs (loop4): 1 truncate cleaned up
[ 1439.684379][T19240] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1439.816049][   T30] kauditd_printk_skb: 20 callbacks suppressed
[ 1439.816066][   T30] audit: type=1800 audit(1763571899.774:702): pid=19240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2710" name="bus" dev="loop4" ino=18 res=0 errno=0
[ 1440.113228][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1440.859424][T19250] ipvlan2: entered promiscuous mode
[ 1441.202630][T19254] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2712'.
[ 1442.050344][T19266] siw: device registration error -23
[ 1442.254733][T19271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2713'.
[ 1442.612879][T19274] overlayfs: missing 'lowerdir'
[ 1443.525129][T19283] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2722'.
[ 1445.246644][T19313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2730'.
[ 1445.255554][T19313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2730'.
[ 1445.273329][T19315] loop8: detected capacity change from 0 to 1024
[ 1445.292965][T19315] EXT4-fs: quotafile must be on filesystem root
[ 1446.277869][ T6418] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1446.962869][ T6418] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1446.991822][ T6418] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1447.008164][ T6418] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1447.019150][ T6418] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1447.029876][ T6418] usb 5-1: Product: syz
[ 1447.034239][ T6418] usb 5-1: Manufacturer: syz
[ 1447.040007][ T6418] usb 5-1: SerialNumber: syz
[ 1448.007303][ T6418] cdc_ncm 5-1:1.0: SET_NTB_FORMAT failed
[ 1448.048605][ T6418] cdc_ncm 5-1:1.0: bind() failure
[ 1448.085637][ T6418] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1448.145259][ T6418] cdc_ncm 5-1:1.1: bind() failure
[ 1448.218622][ T6418] usb 5-1: USB disconnect, device number 10
[ 1448.288247][T19352] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2745'.
[ 1448.344132][T19347] overlayfs: overlapping lowerdir path
[ 1448.424120][T19354] vlan0: entered allmulticast mode
[ 1448.530021][T19360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2741'.
[ 1448.721462][T19363] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security
[ 1450.344684][T19375] loop8: detected capacity change from 0 to 1024
[ 1450.433971][T19375] EXT4-fs: quotafile must be on filesystem root
[ 1450.979413][T19370] hub 9-0:1.0: USB hub found
[ 1451.014728][T19370] hub 9-0:1.0: 1 port detected
[ 1452.585180][ T6418] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[ 1452.742419][T19397] loop4: detected capacity change from 0 to 1024
[ 1452.746556][ T6418] usb 9-1: Using ep0 maxpacket: 16
[ 1452.764949][T19397] EXT4-fs: inline encryption not supported
[ 1452.794695][ T6418] usb 9-1: config 0 has an invalid interface number: 8 but max is 0
[ 1452.822207][ T6418] usb 9-1: config 0 has no interface number 0
[ 1452.836381][T19397] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1452.861449][ T6418] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1452.908915][ T6418] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1452.994081][ T6418] usb 9-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1453.027947][ T6418] usb 9-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1453.052394][ T6418] usb 9-1: Product: syz
[ 1453.063648][ T6418] usb 9-1: SerialNumber: syz
[ 1453.089830][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1453.107335][ T6418] usb 9-1: config 0 descriptor??
[ 1453.146481][ T6418] cm109 9-1:0.8: invalid payload size 0, expected 4
[ 1453.153729][T19406] 9p: Bad value for 'wfdno'
[ 1453.157102][ T6418] input: CM109 USB driver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.8/input/input66
[ 1453.359267][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.369309][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.377300][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.384446][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.391589][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.398766][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.406669][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.413836][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.420994][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.437236][    C1] cm109 9-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1453.447151][ T6418] usb 9-1: USB disconnect, device number 14
[ 1453.453132][    C1] cm109 9-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1453.716382][ T6418] cm109 9-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1455.178783][T19431] netlink: 'syz.8.2769': attribute type 1 has an invalid length.
[ 1455.438699][T19440] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security
[ 1455.491818][T19439] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2767'.
[ 1456.492985][T19448] netlink: 'syz.8.2774': attribute type 5 has an invalid length.
[ 1456.918907][T19452] siw: device registration error -23
[ 1457.870484][T19475] netlink: 452 bytes leftover after parsing attributes in process `syz.6.2782'.
[ 1458.078854][T19479] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2783'.
[ 1459.080920][T19490] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security
[ 1459.602602][T19493] siw: device registration error -23
[ 1461.500154][T19518] trusted_key: encrypted_key: insufficient parameters specified
[ 1461.570288][ T5846] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[ 1461.743869][ T5846] usb 9-1: Using ep0 maxpacket: 16
[ 1461.755183][ T5846] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1461.852698][T19522] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2797'.
[ 1461.862550][T19522] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2797'.
[ 1462.283607][ T5846] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1462.295416][ T5846] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1462.306223][ T5846] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1462.315923][ T5846] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1462.342896][ T5846] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1462.373485][ T5846] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1462.381523][ T5846] usb 9-1: Manufacturer: syz
[ 1462.418801][ T5846] usb 9-1: config 0 descriptor??
[ 1462.459667][T19526] loop6: detected capacity change from 0 to 2048
[ 1462.468757][T19526] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1462.540805][T19526] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1462.591441][T19526] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[ 1462.658043][T19526] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[ 1463.090553][T19540] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[ 1463.105468][T19526] EXT4-fs (loop6): This should not happen!! Data will be lost
[ 1463.105468][T19526] 
[ 1463.128644][T19540] EXT4-fs (loop6): This should not happen!! Data will be lost
[ 1463.128644][T19540] 
[ 1463.144481][T19526] EXT4-fs (loop6): Total free blocks count 0
[ 1463.169159][T19526] EXT4-fs (loop6): Free/Dirty block details
[ 1463.178981][T19540] EXT4-fs (loop6): Total free blocks count 0
[ 1463.198849][T19526] EXT4-fs (loop6): free_blocks=2415919504
[ 1463.205436][T19540] EXT4-fs (loop6): Free/Dirty block details
[ 1463.257742][ T5846] rc_core: IR keymap rc-hauppauge not found
[ 1463.271629][ T5846] Registered IR keymap rc-empty
[ 1463.286263][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1463.337841][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1463.365305][ T5846] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[ 1463.383014][ T5846] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input69
[ 1463.427712][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1463.828273][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1463.951331][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1464.053361][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1464.083448][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1464.104279][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1464.123497][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1464.179275][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1464.213443][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1464.253746][ T5846] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1464.285890][ T5846] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1464.317757][ T5846] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1464.372707][ T5846] usb 9-1: USB disconnect, device number 15
[ 1465.602522][T19587] overlayfs: missing 'lowerdir'
[ 1465.703983][T19575] loop8: detected capacity change from 0 to 32768
[ 1465.761585][T19575] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1465.829494][T19575] XFS (loop8): Ending clean mount
[ 1465.857685][T19575] XFS (loop8): Quotacheck needed: Please wait.
[ 1465.910065][T19575] XFS (loop8): Quotacheck: Done.
[ 1465.986730][T16018] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1466.532994][ T5846] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[ 1466.613112][T10340] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1466.652551][T19617] siw: device registration error -23
[ 1466.703054][ T5846] usb 9-1: Using ep0 maxpacket: 16
[ 1466.715020][ T5846] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1466.732267][ T5846] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1466.757719][ T5846] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1466.794213][T10340] usb 5-1: Using ep0 maxpacket: 8
[ 1466.814437][ T5846] usb 9-1: config 0 descriptor??
[ 1466.824027][T10340] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1466.852287][T10340] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1466.863785][T10340] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1466.882855][T10340] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1466.897493][T10340] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1466.907219][T10340] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1467.217432][T19633] overlayfs: failed to clone upperpath
[ 1467.858808][ T5846] mcp2221 0003:04D8:00DD.0005: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.8-1/input0
[ 1467.872803][T10340] usb 5-1: GET_CAPABILITIES returned 0
[ 1467.878341][T10340] usbtmc 5-1:16.0: can't read capabilities
[ 1467.894227][T10340] usb 5-1: USB disconnect, device number 11
[ 1469.158860][ T5846] usb 9-1: USB disconnect, device number 16
[ 1469.321708][T19647] loop4: detected capacity change from 0 to 1024
[ 1469.371217][T19647] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1469.473878][T19647] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[ 1469.556364][T19647] System zones: 0-1, 3-36
[ 1469.566146][T19662] trusted_key: encrypted_key: insufficient parameters specified
[ 1469.636573][T19663] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2841'.
[ 1469.666753][T19647] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1470.219782][T19659] hub 9-0:1.0: USB hub found
[ 1470.238263][T19659] hub 9-0:1.0: 1 port detected
[ 1470.259447][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1470.813930][T19682] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2847'.
[ 1471.016104][   T30] audit: type=1326 audit(1763571930.979:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19689 comm="syz.1.2852" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1668f8f749 code=0x0
[ 1471.102318][ T5846] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[ 1471.262444][ T5846] usb 9-1: Using ep0 maxpacket: 32
[ 1471.270198][ T5846] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1471.280978][ T5846] usb 9-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1471.292663][ T5846] usb 9-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1471.302959][ T5846] usb 9-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1471.316359][ T5846] usb 9-1: config 0 interface 0 has no altsetting 0
[ 1471.323616][ T5846] usb 9-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[ 1471.333204][ T5846] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1471.359267][ T5846] usb 9-1: config 0 descriptor??
[ 1472.349686][ T5846] hid-thrustmaster 0003:044F:B65D.0006: unknown global tag 0xe
[ 1472.371933][ T5846] hid-thrustmaster 0003:044F:B65D.0006: item 0 2 1 14 parsing failed
[ 1472.380802][ T5846] hid-thrustmaster 0003:044F:B65D.0006: parse failed with error -22
[ 1472.403352][ T5846] hid-thrustmaster 0003:044F:B65D.0006: probe with driver hid-thrustmaster failed with error -22
[ 1472.432718][ T5846] usb 9-1: USB disconnect, device number 17
[ 1472.441105][T19710] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security
[ 1473.257298][T19723] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2861'.
[ 1473.658206][T19735] loop8: detected capacity change from 0 to 1024
[ 1473.683659][T19738] loop6: detected capacity change from 0 to 256
[ 1473.683696][T19735] EXT4-fs: quotafile must be on filesystem root
[ 1473.720441][T19704] loop4: detected capacity change from 0 to 32768
[ 1473.760047][T19738] exfat: Deprecated parameter 'utf8'
[ 1474.244008][T19738] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[ 1474.353370][T19704] gfs2: fsid=noquota: Trying to join cluster "lock_nolock", "noquota"
[ 1474.361837][T19704] gfs2: fsid=noquota: Now mounting FS (format 0)...
[ 1474.525101][T19704] gfs2: fsid=noquota.s: journal 0 mapped with 5 extents in 0ms
[ 1474.647382][T19704] gfs2: fsid=noquota.s: first mount done, others may mount
[ 1474.857420][T19751] netlink: 'syz.2.2874': attribute type 1 has an invalid length.
[ 1476.080719][T19773] overlayfs: failed to clone upperpath
[ 1476.644964][T19772] loop8: detected capacity change from 0 to 512
[ 1476.798754][T19776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2882'.
[ 1477.270060][T19772] EXT4-fs (loop8): 1 orphan inode deleted
[ 1477.414674][ T3961] Quota error (device loop8): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1477.449120][T19772] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1477.613619][ T3961] EXT4-fs error (device loop8): ext4_release_dquot:6984: comm kworker/u8:13: Failed to release dquot type 1
[ 1477.776949][T19772] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1477.912434][T19790] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2883'.
[ 1477.946119][   T30] audit: type=1800 audit(1763571937.910:704): pid=19772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2880" name="bus" dev="loop8" ino=16 res=0 errno=0
[ 1477.980456][T19764] loop6: detected capacity change from 0 to 40427
[ 1477.990806][T19785] overlayfs: missing 'workdir'
[ 1477.995868][T19764] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[ 1478.057185][T19764] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 1478.287326][T16018] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1479.071176][T19764] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1479.235628][T19806] loop8: detected capacity change from 0 to 1024
[ 1479.282481][T19806] EXT4-fs: quotafile must be on filesystem root
[ 1482.315835][T19838] loop4: detected capacity change from 0 to 1024
[ 1482.394937][T19838] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1483.040095][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1483.125220][T19851] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1483.174772][T19851] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1483.196133][T19859] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2908'.
[ 1483.874480][T19870] loop8: detected capacity change from 0 to 1024
[ 1483.905163][T19870] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1483.971977][T19870] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[ 1484.000194][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.006663][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.014817][T19870] System zones: 0-1, 3-36
[ 1484.062685][T19870] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1484.976725][T19881] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security
[ 1485.094072][T16018] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1486.146055][T19875] loop6: detected capacity change from 0 to 32768
[ 1486.326359][T19890] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1486.349765][T19890] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1486.361995][T19875] ERROR: (device loop6): duplicateIXtree: 
[ 1486.361995][T19875] 
[ 1486.382845][T19875] ERROR: (device loop6): remounting filesystem as read-only
[ 1486.489789][ T5931] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[ 1486.662251][ T5931] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1486.679730][ T5931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1486.690363][ T5931] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1486.820266][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1487.185944][ T5931] usb 5-1: config 0 descriptor??
[ 1487.264712][T19914] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2918'.
[ 1487.297579][ T5931] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1487.317437][ T5931] dvb-usb: bulk message failed: -22 (3/0)
[ 1487.360835][ T5931] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1487.382995][ T5931] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1487.418338][ T5931] usb 5-1: media controller created
[ 1487.446208][ T5931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1487.497783][ T5931] dvb-usb: bulk message failed: -22 (6/0)
[ 1487.537957][T19904] dvb-usb: bulk message failed: -22 (2/0)
[ 1487.564358][ T5931] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1487.617511][ T5931] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input71
[ 1487.665363][ T5931] dvb-usb: schedule remote query interval to 150 msecs.
[ 1487.680335][ T5931] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1487.806496][ T5931] usb 5-1: USB disconnect, device number 12
[ 1488.468067][ T5931] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1488.951009][T19927] hub 9-0:1.0: USB hub found
[ 1488.989658][T19927] hub 9-0:1.0: 1 port detected
[ 1490.428775][T19953] loop4: detected capacity change from 0 to 512
[ 1490.657294][T19953] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1490.749157][T19953] ext4 filesystem being mounted at /221/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1490.865745][T19953] fs-verity (loop4, inode 15): Unrecognized descriptor size: 0 bytes
[ 1490.978151][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1491.324869][T19976] sctp: [Deprecated]: syz.4.2944 (pid 19976) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1491.324869][T19976] Use struct sctp_sack_info instead
[ 1491.420682][T19978] netlink: 'syz.2.2947': attribute type 2 has an invalid length.
[ 1492.121379][T19987] netlink: 212 bytes leftover after parsing attributes in process `syz.2.2950'.
[ 1492.235163][T19961] loop8: detected capacity change from 0 to 40427
[ 1492.257323][T19961] F2FS-fs (loop8): build fault injection rate: 771
[ 1492.291315][T19961] F2FS-fs (loop8): invalid crc value
[ 1492.301834][T19992] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security
[ 1492.627522][T19961] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1492.676093][T19961] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[ 1492.911876][T20002] hub 9-0:1.0: USB hub found
[ 1492.917569][T16018] syz-executor: attempt to access beyond end of device
[ 1492.917569][T16018] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1492.957544][T20002] hub 9-0:1.0: 1 port detected
[ 1492.984535][T16018] CPU: 0 UID: 0 PID: 16018 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[ 1492.984559][T16018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1492.984569][T16018] Call Trace:
[ 1492.984578][T16018]  <TASK>
[ 1492.984587][T16018]  dump_stack_lvl+0x189/0x250
[ 1492.984619][T16018]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1492.984640][T16018]  ? __pfx_queue_work_on+0x10/0x10
[ 1492.984662][T16018]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1492.984684][T16018]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1492.984717][T16018]  f2fs_handle_critical_error+0x37c/0x540
[ 1492.984745][T16018]  f2fs_write_end_io+0x94b/0xc10
[ 1492.984786][T16018]  __submit_merged_bio+0x256/0x6a0
[ 1492.984812][T16018]  __submit_merged_write_cond+0x255/0x530
[ 1492.984838][T16018]  f2fs_write_data_pages+0x2756/0x3290
[ 1492.984891][T16018]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1492.984924][T16018]  ? is_bpf_text_address+0x26/0x2b0
[ 1492.984974][T16018]  ? __mod_zone_page_state+0xd7/0x140
[ 1492.985004][T16018]  ? folios_put_refs+0x58b/0x670
[ 1492.985041][T16018]  ? __lock_acquire+0xab9/0xd20
[ 1492.985072][T16018]  ? do_raw_spin_lock+0x121/0x290
[ 1492.985102][T16018]  ? do_raw_spin_unlock+0x122/0x240
[ 1492.985121][T16018]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1492.985143][T16018]  do_writepages+0x32e/0x550
[ 1492.985172][T16018]  ? do_raw_spin_unlock+0x122/0x240
[ 1492.985196][T16018]  filemap_fdatawrite+0x199/0x240
[ 1492.985215][T16018]  ? __pfx_filemap_fdatawrite+0x10/0x10
[ 1492.985280][T16018]  ? do_raw_spin_unlock+0x122/0x240
[ 1492.985304][T16018]  f2fs_sync_dirty_inodes+0x30f/0x830
[ 1492.985342][T16018]  f2fs_write_checkpoint+0x93e/0x2440
[ 1492.985362][T16018]  ? stack_depot_save_flags+0x40/0x860
[ 1492.985428][T16018]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1492.985491][T16018]  ? f2fs_stop_gc_thread+0x7f/0xb0
[ 1492.985513][T16018]  ? kfree+0x1c0/0x680
[ 1492.985541][T16018]  kill_f2fs_super+0x2cc/0x6d0
[ 1492.985574][T16018]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1492.985614][T16018]  ? shrinker_free+0x2ce/0x3e0
[ 1492.985639][T16018]  deactivate_locked_super+0xbc/0x130
[ 1492.985660][T16018]  cleanup_mnt+0x425/0x4c0
[ 1492.985679][T16018]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1492.985705][T16018]  task_work_run+0x1d4/0x260
[ 1492.985728][T16018]  ? __pfx_task_work_run+0x10/0x10
[ 1492.985752][T16018]  ? exit_to_user_mode_loop+0x55/0x4f0
[ 1492.985779][T16018]  exit_to_user_mode_loop+0xff/0x4f0
[ 1492.985800][T16018]  ? rcu_is_watching+0x15/0xb0
[ 1492.985823][T16018]  do_syscall_64+0x2e9/0xfa0
[ 1492.985848][T16018]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1492.985865][T16018]  ? clear_bhb_loop+0x60/0xb0
[ 1492.985885][T16018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1492.985902][T16018] RIP: 0033:0x7f7d91190a77
[ 1492.985919][T16018] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1492.985933][T16018] RSP: 002b:00007fff54ca04c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1492.985953][T16018] RAX: 0000000000000000 RBX: 00007f7d91213d7d RCX: 00007f7d91190a77
[ 1492.985965][T16018] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff54ca0580
[ 1492.985976][T16018] RBP: 00007fff54ca0580 R08: 0000000000000000 R09: 0000000000000000
[ 1492.985987][T16018] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff54ca1610
[ 1492.985999][T16018] R13: 00007f7d91213d7d R14: 000000000016c937 R15: 00007fff54ca1650
[ 1492.986032][T16018]  </TASK>
[ 1492.986344][T16018] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1494.471980][T20022] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2961'.
[ 1494.536823][T20022] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2961'.
[ 1494.618539][T20023] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2961'.
[ 1494.871688][T20027] vlan0: entered promiscuous mode
[ 1495.201685][T20041] netlink: 'syz.8.2957': attribute type 12 has an invalid length.
[ 1495.229195][T20041] netlink: 'syz.8.2957': attribute type 28 has an invalid length.
[ 1495.254307][T20041] netlink: 148 bytes leftover after parsing attributes in process `syz.8.2957'.
[ 1496.072249][T20040] loop4: detected capacity change from 0 to 32768
[ 1496.154781][T20040] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1496.417096][T20040] XFS (loop4): Ending clean mount
[ 1496.452106][T20040] XFS (loop4): Quotacheck needed: Please wait.
[ 1496.591523][T20040] XFS (loop4): Quotacheck: Done.
[ 1496.753458][T20045] loop8: detected capacity change from 0 to 32768
[ 1496.777217][T20045] gfs2: fsid=localflocks: Trying to join cluster "lock_nolock", "localflocks"
[ 1496.788548][T20045] gfs2: fsid=localflocks: Now mounting FS (format 1801)...
[ 1496.835061][T20045] gfs2: fsid=localflocks.s: journal 0 mapped with 5 extents in 0ms
[ 1496.849393][T20067] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2975'.
[ 1496.864263][T20067] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2975'.
[ 1496.885120][T20067] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2975'.
[ 1496.904416][T15496] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1496.912563][T20067] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2975'.
[ 1496.949997][T20067] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2975'.
[ 1496.979890][T20045] gfs2: fsid=localflocks.s: first mount done, others may mount
[ 1497.196900][T20071] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2978'.
[ 1497.235680][T20071] netlink: 'syz.2.2978': attribute type 6 has an invalid length.
[ 1497.440581][T20079] loop4: detected capacity change from 0 to 256
[ 1497.489644][T20079] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[ 1499.889152][T20091] loop8: detected capacity change from 0 to 32768
[ 1499.981065][T20091] gfs2: fsid=noquota: Trying to join cluster "lock_nolock", "noquota"
[ 1500.001162][T20113] hub 9-0:1.0: USB hub found
[ 1500.007843][T20113] hub 9-0:1.0: 1 port detected
[ 1500.022662][T20091] gfs2: fsid=noquota: Now mounting FS (format 0)...
[ 1500.076514][T20124] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2996'.
[ 1500.130580][T20091] gfs2: fsid=noquota.s: journal 0 mapped with 5 extents in 0ms
[ 1500.366104][T20091] gfs2: fsid=noquota.s: first mount done, others may mount
[ 1501.211498][T20146] loop6: detected capacity change from 0 to 1024
[ 1501.338896][T20146] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1501.457735][T20146] ext4 filesystem being mounted at /303/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1501.665827][T13440] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1501.728390][T20163] loop4: detected capacity change from 0 to 128
[ 1501.834603][T20163] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1501.933763][T20163] ext4 filesystem being mounted at /233/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1502.216265][T20175] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3011'.
[ 1502.228752][T20175] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3011'.
[ 1503.457052][ T5846] usb 9-1: new low-speed USB device number 18 using dummy_hcd
[ 1503.668454][ T5846] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1503.691157][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1503.733873][ T5846] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1503.771513][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1503.805679][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1503.829217][T15496] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1503.844250][ T5846] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1503.860881][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1503.916074][ T5846] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1503.956112][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1503.986232][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1504.023898][ T5846] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1504.063644][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1504.097783][ T5846] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1504.143447][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1504.175696][ T5846] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1504.197358][T20204] loop6: detected capacity change from 0 to 32768
[ 1504.219627][ T5846] usb 9-1: string descriptor 0 read error: -22
[ 1504.226395][ T5846] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1504.243969][ T5846] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1504.290752][T20204] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1504.309103][ T5846] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1504.395274][T20204] XFS (loop6): Ending clean mount
[ 1504.476877][ T5846] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1504.569325][T13440] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1504.612452][T19916] usb 9-1: USB disconnect, device number 18
[ 1504.667246][ T5846] usb 5-1: Using ep0 maxpacket: 8
[ 1504.684447][T20223] overlayfs: failed to clone upperpath
[ 1504.701062][ T5846] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1504.748164][ T5846] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1504.777032][ T5846] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1504.809696][T20190] adutux: No device or device unplugged -19
[ 1504.818426][ T5846] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1504.897848][ T5846] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1504.955440][ T5846] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1504.965776][ T5846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1505.244403][ T5846] usb 5-1: GET_CAPABILITIES returned 0
[ 1505.257292][ T5846] usbtmc 5-1:16.0: can't read capabilities
[ 1505.453876][T20210] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90
[ 1505.469034][ T5846] usb 5-1: USB disconnect, device number 13
[ 1505.560980][T20241] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3032'.
[ 1505.686664][T10992] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[ 1505.848041][T10992] usb 9-1: Using ep0 maxpacket: 8
[ 1505.862487][T10992] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1505.874186][T10992] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1505.884402][T10992] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1505.896321][T10992] usb 9-1: config 0 descriptor??
[ 1506.123404][T10992] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1506.733294][T10992] usb 9-1: USB disconnect, device number 19
[ 1507.066478][T10992] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1507.227043][T10992] usb 5-1: Using ep0 maxpacket: 8
[ 1507.242359][T10992] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1507.255191][T10992] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1507.285342][T10992] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1507.321660][T10992] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1507.362054][T10992] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1507.391975][T20269] loop8: detected capacity change from 0 to 1024
[ 1507.408101][T10992] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1507.428575][T20269] EXT4-fs: quotafile must be on filesystem root
[ 1507.462249][T10992] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1508.094755][T20274] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3044'.
[ 1508.192935][T10992] usb 5-1: GET_CAPABILITIES returned 0
[ 1508.216903][T10992] usbtmc 5-1:16.0: can't read capabilities
[ 1508.437418][ T5893] usb 5-1: USB disconnect, device number 14
[ 1508.451606][T20276] loop6: detected capacity change from 0 to 2048
[ 1508.531497][T20276] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[ 1508.573662][T20276] UDF-fs: Scanning with blocksize 512 failed
[ 1508.648379][T20276] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1508.671496][T20278] syz_tun: entered allmulticast mode
[ 1508.695647][T20277] syz_tun: left allmulticast mode
[ 1508.862643][T20280] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3047'.
[ 1510.066994][T20296] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3050'.
[ 1510.160889][T20300] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3054'.
[ 1510.186658][T20300] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3054'.
[ 1510.355917][ T5893] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1510.397225][T20302] loop6: detected capacity change from 0 to 256
[ 1510.487755][   T30] audit: type=1800 audit(1763571970.465:705): pid=20302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3055" name="file1" dev="loop6" ino=1048756 res=0 errno=0
[ 1510.536623][ T5893] usb 5-1: Using ep0 maxpacket: 16
[ 1510.578760][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1510.602270][   T30] audit: type=1800 audit(1763571970.495:706): pid=20302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3055" name="file1" dev="loop6" ino=1048756 res=0 errno=0
[ 1510.645964][ T5893] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[ 1510.719705][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1510.784875][ T5893] usb 5-1: config 0 descriptor??
[ 1511.299722][ T5893] hid_parser_main: 8 callbacks suppressed
[ 1511.299749][ T5893] konepure 0003:1E7D:2DBE.0007: unknown main item tag 0x0
[ 1511.355156][ T5893] konepure 0003:1E7D:2DBE.0007: unknown main item tag 0x0
[ 1511.395753][ T5893] konepure 0003:1E7D:2DBE.0007: unknown main item tag 0x7
[ 1511.438847][ T5893] konepure 0003:1E7D:2DBE.0007: item fetching failed at offset 3/5
[ 1511.560206][ T5893] konepure 0003:1E7D:2DBE.0007: parse failed
[ 1511.615052][ T5893] konepure 0003:1E7D:2DBE.0007: probe with driver konepure failed with error -22
[ 1512.253471][ T5893] usb 5-1: USB disconnect, device number 15
[ 1513.514538][T20334] loop8: detected capacity change from 0 to 16
[ 1513.543249][T20334] MTD: Attempt to mount non-MTD device "/dev/loop8"
[ 1513.709176][T20341] loop8: detected capacity change from 0 to 512
[ 1513.741422][T20341] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1513.770820][T20341] EXT4-fs: Ignoring removed oldalloc option
[ 1513.861858][T20343] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3067'.
[ 1513.907567][T20341] EXT4-fs error (device loop8): ext4_xattr_inode_iget:437: comm syz.8.3069: Parent and EA inode have the same ino 15
[ 1514.044391][T20341] EXT4-fs error (device loop8): ext4_xattr_inode_iget:437: comm syz.8.3069: Parent and EA inode have the same ino 15
[ 1514.067319][T20341] EXT4-fs (loop8): 1 orphan inode deleted
[ 1514.077099][T20341] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1514.083801][T20343] hub 9-0:1.0: USB hub found
[ 1514.094895][T20343] hub 9-0:1.0: 1 port detected
[ 1514.377906][T16018] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1514.699980][T20351] netlink: 84 bytes leftover after parsing attributes in process `syz.8.3071'.
[ 1516.974999][T20367] hub 9-0:1.0: USB hub found
[ 1516.994925][T20367] hub 9-0:1.0: 1 port detected
[ 1518.566113][ T5846] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1518.590367][T20415] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security
[ 1518.625701][T19916] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[ 1518.724751][ T5846] usb 5-1: Using ep0 maxpacket: 32
[ 1518.737016][ T5846] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1518.768205][ T5846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1518.797787][ T5846] usb 5-1: config 0 descriptor??
[ 1518.830358][T19916] usb 9-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1518.882302][T19916] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1518.905343][T19916] usb 9-1: Product: syz
[ 1518.917042][T19916] usb 9-1: Manufacturer: syz
[ 1518.930157][T19916] usb 9-1: SerialNumber: syz
[ 1519.078705][ T5846] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1519.136580][ T5846] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1519.189963][ T5846] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1519.206315][ T5846] usb 5-1: media controller created
[ 1519.263243][ T5846] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1519.343863][ T5846] az6027: usb out operation failed. (-71)
[ 1519.364901][ T5846] az6027: usb out operation failed. (-71)
[ 1519.371167][ T5846] stb0899_attach: Driver disabled by Kconfig
[ 1519.384507][ T5846] az6027: no front-end attached
[ 1519.384507][ T5846] 
[ 1519.402694][ T5846] az6027: usb out operation failed. (-71)
[ 1519.418648][ T5846] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1519.426373][T19916] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1519.454994][ T5846] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input73
[ 1519.469481][T19916] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1519.496181][ T5846] dvb-usb: schedule remote query interval to 400 msecs.
[ 1519.513494][ T5846] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1519.535609][ T5846] usb 5-1: USB disconnect, device number 16
[ 1519.689400][ T5846] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1519.699082][T19916] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000010. ret = -EPROTO
[ 1519.720125][T20422] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3098'.
[ 1519.725322][T19916] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1519.757311][T19916] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1519.806212][T19916] lan78xx 9-1:1.0: probe with driver lan78xx failed with error -71
[ 1519.857286][T19916] usb 9-1: USB disconnect, device number 20
[ 1520.828203][T20434] loop6: detected capacity change from 0 to 1024
[ 1520.856029][T20436] loop4: detected capacity change from 0 to 512
[ 1520.863690][T20436] EXT4-fs: Ignoring removed orlov option
[ 1520.901634][T20436] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[ 1521.048852][T20436] EXT4-fs error (device loop4): ext4_iget_extra_inode:5079: inode #15: comm syz.4.3102: corrupted in-inode xattr: e_value size too large
[ 1521.159960][T20436] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3102: couldn't read orphan inode 15 (err -117)
[ 1521.259883][T20436] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1521.902603][T15496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1522.160703][T20453] loop4: detected capacity change from 0 to 4096
[ 1522.176367][ T5978] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[ 1522.185198][T20455] loop6: detected capacity change from 0 to 524288000
[ 1522.193308][T20455] 
[ 1522.195652][T20455] ======================================================
[ 1522.202666][T20455] WARNING: possible circular locking dependency detected
[ 1522.209687][T20455] syzkaller #0 Not tainted
[ 1522.214085][T20455] ------------------------------------------------------
[ 1522.221083][T20455] syz.6.3110/20455 is trying to acquire lock:
[ 1522.227132][T20455] ffffffff8e0482e0 (fs_reclaim){+.+.}-{0:0}, at: mempool_alloc_noprof+0xa7/0x380
[ 1522.236282][T20455] 
[ 1522.236282][T20455] but task is already holding lock:
[ 1522.243633][T20455] ffff8880246b4618 (set->srcu){.+.?}-{0:0}, at: blk_mq_dispatch_queue_requests+0x5f9/0x800
[ 1522.253626][T20455] 
[ 1522.253626][T20455] which lock already depends on the new lock.
[ 1522.253626][T20455] 
[ 1522.264019][T20455] 
[ 1522.264019][T20455] the existing dependency chain (in reverse order) is:
[ 1522.273020][T20455] 
[ 1522.273020][T20455] -> #2 (set->srcu){.+.?}-{0:0}:
[ 1522.280128][T20455]        lock_sync+0xba/0x160
[ 1522.284809][T20455]        __synchronize_srcu+0x96/0x3a0
[ 1522.290262][T20455]        blk_throtl_init+0x298/0x410
[ 1522.295534][T20455]        tg_set_conf+0x1c6/0x4b0
[ 1522.300454][T20455]        cgroup_file_write+0x3a1/0x740
[ 1522.305900][T20455]        kernfs_fop_write_iter+0x3af/0x540
[ 1522.311688][T20455]        vfs_write+0x5c9/0xb30
[ 1522.316437][T20455]        ksys_write+0x145/0x250
[ 1522.321282][T20455]        do_syscall_64+0xfa/0xfa0
[ 1522.326305][T20455]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.332875][T20455] 
[ 1522.332875][T20455] -> #1 (&q->q_usage_counter(io)#17){++++}-{0:0}:
[ 1522.341480][T20455]        lock_acquire+0x117/0x350
[ 1522.346507][T20455]        blk_alloc_queue+0x538/0x620
[ 1522.351879][T20455]        __blk_mq_alloc_disk+0x15c/0x340
[ 1522.357594][T20455]        loop_add+0x411/0xad0
[ 1522.362272][T20455]        loop_init+0xd9/0x170
[ 1522.366932][T20455]        do_one_initcall+0x1fb/0x870
[ 1522.372201][T20455]        do_initcall_level+0x104/0x190
[ 1522.377644][T20455]        do_initcalls+0x59/0xa0
[ 1522.382565][T20455]        kernel_init_freeable+0x334/0x4b0
[ 1522.388356][T20455]        kernel_init+0x1d/0x1d0
[ 1522.393192][T20455]        ret_from_fork+0x599/0xb30
[ 1522.398292][T20455]        ret_from_fork_asm+0x1a/0x30
[ 1522.403561][T20455] 
[ 1522.403561][T20455] -> #0 (fs_reclaim){+.+.}-{0:0}:
[ 1522.410759][T20455]        validate_chain+0xb9b/0x2130
[ 1522.416050][T20455]        __lock_acquire+0xab9/0xd20
[ 1522.421242][T20455]        lock_acquire+0x117/0x350
[ 1522.426252][T20455]        fs_reclaim_acquire+0x72/0x100
[ 1522.431699][T20455]        mempool_alloc_noprof+0xa7/0x380
[ 1522.437331][T20455]        bio_alloc_bioset+0x241/0x12a0
[ 1522.442791][T20455]        blkdev_direct_IO+0x9c0/0x17e0
[ 1522.448235][T20455]        blkdev_read_iter+0x23d/0x440
[ 1522.453599][T20455]        lo_submit_rw_aio+0x488/0x620
[ 1522.458965][T20455]        loop_queue_rq+0x6c5/0x8d0
[ 1522.464088][T20455]        blk_mq_request_issue_directly+0x3c1/0x710
[ 1522.470583][T20455]        blk_mq_issue_direct+0x2a0/0x660
[ 1522.476213][T20455]        blk_mq_dispatch_queue_requests+0x621/0x800
[ 1522.482795][T20455]        blk_mq_flush_plug_list+0x432/0x550
[ 1522.488678][T20455]        __blk_flush_plug+0x3d3/0x4b0
[ 1522.494044][T20455]        __submit_bio+0x2d3/0x5a0
[ 1522.499052][T20455]        submit_bio_noacct_nocheck+0x2eb/0xa50
[ 1522.505188][T20455]        block_read_full_folio+0x7b7/0x830
[ 1522.510982][T20455]        filemap_read_folio+0x117/0x380
[ 1522.516520][T20455]        do_read_cache_folio+0x358/0x590
[ 1522.522138][T20455]        read_part_sector+0xb6/0x2b0
[ 1522.527409][T20455]        adfspart_check_ICS+0xa4/0xa50
[ 1522.532853][T20455]        bdev_disk_changed+0x75f/0x14b0
[ 1522.538380][T20455]        loop_reread_partitions+0x5f/0xf0
[ 1522.544098][T20455]        loop_configure+0xbd6/0xe50
[ 1522.549296][T20455]        lo_ioctl+0x806/0x1c50
[ 1522.554208][T20455]        blkdev_ioctl+0x60e/0x710
[ 1522.559331][T20455]        __se_sys_ioctl+0xfc/0x170
[ 1522.564442][T20455]        do_syscall_64+0xfa/0xfa0
[ 1522.569465][T20455]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.575872][T20455] 
[ 1522.575872][T20455] other info that might help us debug this:
[ 1522.575872][T20455] 
[ 1522.586092][T20455] Chain exists of:
[ 1522.586092][T20455]   fs_reclaim --> &q->q_usage_counter(io)#17 --> set->srcu
[ 1522.586092][T20455] 
[ 1522.599169][T20455]  Possible unsafe locking scenario:
[ 1522.599169][T20455] 
[ 1522.606623][T20455]        CPU0                    CPU1
[ 1522.611986][T20455]        ----                    ----
[ 1522.617334][T20455]   rlock(set->srcu);
[ 1522.621304][T20455]                                lock(&q->q_usage_counter(io)#17);
[ 1522.629185][T20455]                                lock(set->srcu);
[ 1522.635589][T20455]   lock(fs_reclaim);
[ 1522.639558][T20455] 
[ 1522.639558][T20455]  *** DEADLOCK ***
[ 1522.639558][T20455] 
[ 1522.647685][T20455] 2 locks held by syz.6.3110/20455:
[ 1522.652962][T20455]  #0: ffff8880248dd358 (&disk->open_mutex){+.+.}-{4:4}, at: loop_reread_partitions+0x46/0xf0
[ 1522.663222][T20455]  #1: ffff8880246b4618 (set->srcu){.+.?}-{0:0}, at: blk_mq_dispatch_queue_requests+0x5f9/0x800
[ 1522.673654][T20455] 
[ 1522.673654][T20455] stack backtrace:
[ 1522.679531][T20455] CPU: 1 UID: 0 PID: 20455 Comm: syz.6.3110 Not tainted syzkaller #0 PREEMPT(full) 
[ 1522.679549][T20455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1522.679558][T20455] Call Trace:
[ 1522.679566][T20455]  <TASK>
[ 1522.679574][T20455]  dump_stack_lvl+0x189/0x250
[ 1522.679597][T20455]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1522.679616][T20455]  ? __pfx__printk+0x10/0x10
[ 1522.679629][T20455]  ? stack_trace_save+0x9c/0xe0
[ 1522.679650][T20455]  print_circular_bug+0x2ee/0x310
[ 1522.679665][T20455]  check_noncircular+0x134/0x160
[ 1522.679680][T20455]  validate_chain+0xb9b/0x2130
[ 1522.679700][T20455]  ? rcu_is_watching+0x15/0xb0
[ 1522.679714][T20455]  ? lock_release+0x4b/0x3d0
[ 1522.679729][T20455]  ? lock_release+0x4b/0x3d0
[ 1522.679744][T20455]  ? __bfs+0x154/0x2a0
[ 1522.679761][T20455]  ? __pfx_hlock_conflict+0x10/0x10
[ 1522.679775][T20455]  ? check_path+0x21/0x40
[ 1522.679786][T20455]  ? check_noncircular+0xe0/0x160
[ 1522.679800][T20455]  __lock_acquire+0xab9/0xd20
[ 1522.679819][T20455]  ? mempool_alloc_noprof+0xa7/0x380
[ 1522.679838][T20455]  lock_acquire+0x117/0x350
[ 1522.679854][T20455]  ? mempool_alloc_noprof+0xa7/0x380
[ 1522.679877][T20455]  fs_reclaim_acquire+0x72/0x100
[ 1522.679894][T20455]  ? mempool_alloc_noprof+0xa7/0x380
[ 1522.679912][T20455]  mempool_alloc_noprof+0xa7/0x380
[ 1522.679931][T20455]  ? __pfx_mempool_alloc_noprof+0x10/0x10
[ 1522.679959][T20455]  bio_alloc_bioset+0x241/0x12a0
[ 1522.679979][T20455]  ? seqcount_lockdep_reader_access+0x122/0x1c0
[ 1522.679997][T20455]  blkdev_direct_IO+0x9c0/0x17e0
[ 1522.680019][T20455]  ? __pfx_blkdev_direct_IO+0x10/0x10
[ 1522.680036][T20455]  ? ktime_get_coarse_real_ts64_mg+0x1c5/0x1e0
[ 1522.680056][T20455]  ? blkdev_read_iter+0x210/0x440
[ 1522.680073][T20455]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1522.680086][T20455]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1522.680100][T20455]  ? blkdev_read_iter+0x210/0x440
[ 1522.680116][T20455]  ? blkdev_read_iter+0x210/0x440
[ 1522.680133][T20455]  ? touch_atime+0x384/0x6d0
[ 1522.680147][T20455]  ? blkdev_read_iter+0x210/0x440
[ 1522.680165][T20455]  blkdev_read_iter+0x23d/0x440
[ 1522.680184][T20455]  lo_submit_rw_aio+0x488/0x620
[ 1522.680198][T20455]  ? __pfx_lo_submit_rw_aio+0x10/0x10
[ 1522.680212][T20455]  ? blk_add_timer+0x1a5/0x2e0
[ 1522.680231][T20455]  ? blk_mq_start_request+0x498/0x8a0
[ 1522.680246][T20455]  loop_queue_rq+0x6c5/0x8d0
[ 1522.680262][T20455]  blk_mq_request_issue_directly+0x3c1/0x710
[ 1522.680280][T20455]  ? __pfx_blk_mq_request_issue_directly+0x10/0x10
[ 1522.680299][T20455]  blk_mq_issue_direct+0x2a0/0x660
[ 1522.680321][T20455]  ? blk_mq_dispatch_queue_requests+0x5f9/0x800
[ 1522.680336][T20455]  blk_mq_dispatch_queue_requests+0x621/0x800
[ 1522.680354][T20455]  blk_mq_flush_plug_list+0x432/0x550
[ 1522.680370][T20455]  ? blk_add_rq_to_plug+0x300/0x450
[ 1522.680385][T20455]  ? blk_mq_submit_bio+0xd5b/0x26e0
[ 1522.680402][T20455]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[ 1522.680418][T20455]  ? blk_mq_submit_bio+0x46a/0x26e0
[ 1522.680435][T20455]  __blk_flush_plug+0x3d3/0x4b0
[ 1522.680453][T20455]  ? __pfx___blk_flush_plug+0x10/0x10
[ 1522.680472][T20455]  __submit_bio+0x2d3/0x5a0
[ 1522.680488][T20455]  ? __pfx___submit_bio+0x10/0x10
[ 1522.680504][T20455]  ? blk_cgroup_bio_start+0x59d/0x640
[ 1522.680526][T20455]  submit_bio_noacct_nocheck+0x2eb/0xa50
[ 1522.680542][T20455]  ? bio_associate_blkg+0x6d/0x230
[ 1522.680559][T20455]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[ 1522.680576][T20455]  ? submit_bio_noacct+0xdfc/0x1b80
[ 1522.680594][T20455]  block_read_full_folio+0x7b7/0x830
[ 1522.680613][T20455]  ? __pfx_blkdev_get_block+0x10/0x10
[ 1522.680630][T20455]  filemap_read_folio+0x117/0x380
[ 1522.680647][T20455]  ? __pfx_blkdev_read_folio+0x10/0x10
[ 1522.680664][T20455]  ? __pfx_filemap_read_folio+0x10/0x10
[ 1522.680680][T20455]  ? filemap_add_folio+0x35f/0x540
[ 1522.680696][T20455]  do_read_cache_folio+0x358/0x590
[ 1522.680715][T20455]  ? __pfx_blkdev_read_folio+0x10/0x10
[ 1522.680733][T20455]  read_part_sector+0xb6/0x2b0
[ 1522.680748][T20455]  adfspart_check_ICS+0xa4/0xa50
[ 1522.680764][T20455]  ? snprintf+0xda/0x120
[ 1522.680779][T20455]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1522.680796][T20455]  ? __pfx_adfspart_check_ICS+0x10/0x10
[ 1522.680816][T20455]  bdev_disk_changed+0x75f/0x14b0
[ 1522.680837][T20455]  ? __pfx_bdev_disk_changed+0x10/0x10
[ 1522.680855][T20455]  loop_reread_partitions+0x5f/0xf0
[ 1522.680870][T20455]  loop_configure+0xbd6/0xe50
[ 1522.680887][T20455]  ? __pfx_loop_configure+0x10/0x10
[ 1522.680911][T20455]  lo_ioctl+0x806/0x1c50
[ 1522.680925][T20455]  ? stack_trace_save+0x9c/0xe0
[ 1522.680940][T20455]  ? __pfx_lo_ioctl+0x10/0x10
[ 1522.680958][T20455]  ? stack_depot_save_flags+0x40/0x860
[ 1522.680979][T20455]  ? kasan_save_track+0x4f/0x80
[ 1522.680994][T20455]  ? kasan_save_track+0x3e/0x80
[ 1522.681008][T20455]  ? kasan_save_free_info+0x46/0x50
[ 1522.681020][T20455]  ? __kasan_slab_free+0x5c/0x80
[ 1522.681036][T20455]  ? tomoyo_check_open_permission+0x2c2/0x3b0
[ 1522.681049][T20455]  ? security_file_open+0xb1/0x270
[ 1522.681067][T20455]  ? do_dentry_open+0x34e/0x1420
[ 1522.681091][T20455]  ? __lock_acquire+0xab9/0xd20
[ 1522.681109][T20455]  ? __lock_acquire+0xab9/0xd20
[ 1522.681127][T20455]  ? __lock_acquire+0xab9/0xd20
[ 1522.681147][T20455]  ? __lock_acquire+0xab9/0xd20
[ 1522.681166][T20455]  ? __lock_acquire+0xab9/0xd20
[ 1522.681188][T20455]  ? is_bpf_text_address+0x26/0x2b0
[ 1522.681206][T20455]  ? is_bpf_text_address+0x292/0x2b0
[ 1522.681220][T20455]  ? is_bpf_text_address+0x26/0x2b0
[ 1522.681235][T20455]  ? kernel_text_address+0xa5/0xe0
[ 1522.681251][T20455]  ? __kernel_text_address+0xd/0x40
[ 1522.681264][T20455]  ? unwind_get_return_address+0x4d/0x90
[ 1522.681283][T20455]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1522.681298][T20455]  ? arch_stack_walk+0xfc/0x150
[ 1522.681320][T20455]  ? stack_trace_save+0x9c/0xe0
[ 1522.681335][T20455]  ? stack_depot_save_flags+0x40/0x860
[ 1522.681355][T20455]  ? kasan_save_track+0x4f/0x80
[ 1522.681369][T20455]  ? kasan_save_track+0x3e/0x80
[ 1522.681383][T20455]  ? kasan_save_free_info+0x46/0x50
[ 1522.681395][T20455]  ? __kasan_slab_free+0x5c/0x80
[ 1522.681410][T20455]  ? kfree+0x1c0/0x680
[ 1522.681422][T20455]  ? tomoyo_path_number_perm+0x47a/0x5a0
[ 1522.681441][T20455]  ? security_file_ioctl+0xcb/0x2d0
[ 1522.681458][T20455]  ? __se_sys_ioctl+0x47/0x170
[ 1522.681472][T20455]  ? do_syscall_64+0xfa/0xfa0
[ 1522.681489][T20455]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.681510][T20455]  ? __asan_memset+0x22/0x50
[ 1522.681524][T20455]  ? blk_get_meta_cap+0x18c/0x750
[ 1522.681541][T20455]  ? __pfx_blk_get_meta_cap+0x10/0x10
[ 1522.681556][T20455]  ? kasan_quarantine_put+0xdd/0x220
[ 1522.681570][T20455]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1522.681589][T20455]  ? blkdev_common_ioctl+0x100c/0x2570
[ 1522.681607][T20455]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1522.681626][T20455]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[ 1522.681643][T20455]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1522.681657][T20455]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1522.681687][T20455]  ? __pfx_lo_ioctl+0x10/0x10
[ 1522.681700][T20455]  blkdev_ioctl+0x60e/0x710
[ 1522.681718][T20455]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1522.681733][T20455]  ? __fget_files+0x3a0/0x420
[ 1522.681751][T20455]  ? __fget_files+0x2a/0x420
[ 1522.681769][T20455]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1522.681787][T20455]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1522.681802][T20455]  __se_sys_ioctl+0xfc/0x170
[ 1522.681818][T20455]  do_syscall_64+0xfa/0xfa0
[ 1522.681836][T20455]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.681849][T20455]  ? clear_bhb_loop+0x60/0xb0
[ 1522.681863][T20455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.681876][T20455] RIP: 0033:0x7f002678f749
[ 1522.681890][T20455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1522.681901][T20455] RSP: 002b:00007f002753f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1522.681917][T20455] RAX: ffffffffffffffda RBX: 00007f00269e5fa0 RCX: 00007f002678f749
[ 1522.681928][T20455] RDX: 0000200000001ac0 RSI: 0000000000004c0a RDI: 0000000000000004
[ 1522.681937][T20455] RBP: 00007f0026813f91 R08: 0000000000000000 R09: 0000000000000000
[ 1522.681946][T20455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1522.681960][T20455] R13: 00007f00269e6038 R14: 00007f00269e5fa0 R15: 00007fff8f82ff88
[ 1522.681976][T20455]  </TASK>
[ 1523.497876][T20459] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1523.549602][T20458] loop6: detected capacity change from 524288000 to 0
[ 1523.559097][T20455] Dev loop6: unable to read RDB block 9
[ 1523.567177][T20455]  loop6: unable to read partition table
[ 1523.573124][T20455] loop6: partition table beyond EOD, truncated
[ 1523.579940][T20455] loop_reread_partitions: partition scan of loop6 (‰u0AŠ°Ë	) failed (rc=-5)
[ 1523.654456][ T5978] usb 9-1: Using ep0 maxpacket: 8
[ 1523.664852][ T5978] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1523.676157][ T5978] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1523.687024][ T5978] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1523.697024][ T5978] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1523.710245][ T5978] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1523.720063][ T5978] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1523.936025][ T5978] usb 9-1: GET_CAPABILITIES returned 0
[ 1523.941645][ T5978] usbtmc 9-1:16.0: can't read capabilities
[ 1524.184650][T17310] usb 9-1: USB disconnect, device number 21