last executing test programs:

11.676682594s ago: executing program 4 (id=401):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe2(0x0, 0x80000)
splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x38f9, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42c00)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2400)
write(r0, &(0x7f0000000040), 0xffffff4a)

10.528699911s ago: executing program 4 (id=409):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c40)=ANY=[], 0x23c}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x78)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=[{0x10, 0x110, 0xc}], 0x10}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x7, 0xe, &(0x7f0000002180)=ANY=[@ANYBLOB="b700000002ed0a00bfa3000000000000250a000028feffff6203f0fff8ffffff61a4f0ff000000007c0400000000000077000000000000002604000001ed0a00550a020017ffff17bf400000000000007b1a00fe000000001d04000000000000c60000000000000095000000000000000f3bc065b7a379d17cf9333379fc9e84af69002435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91082050e420fe275d0002000001b6482a0800000098efefb202ee010400006e7a1d03001f379cbf01de00b1b564fef3bef7d90692a4380548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc4b6cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0f2ce39da8db04acd00009fbe4b61a615c6c57ac21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e791665858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7296e37c4f46010400000000c3d829faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b85d9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1ba7ec6667e699fdc9a1f5a7b3caae05f13792292cbb49b3aab06b1e042ff2164d80c605532908ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c1e3fcd7071b53ac29df826f8ae6d6e18c1eac7e9bb5a05d8edf808df932c19e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b308008931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000400000000001800010300000000000000407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668238e85c79eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c0230ddfc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb057253472f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f33400047445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faee0beac08dfb8d3682ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3816953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694cd5fe9d145906d410f58f1951405d10504efe402cae085afef5dbd616e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f024f8da775f71150212b84fc0456351e096f1e7e6133ae14d1429cd4905dabb52e43af0065acf97b49512d1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232c54226e24b6c38e70380bb2f57e8767dc811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed6caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb9517f787b0900278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e5343571a95b12aec06a9f581ea97c3f03add23f14c8db5555c62de4f626483632a2ab549000ccd3a3477f88dd6e66bbb6a8083432a94081f72ed7fec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e0df6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900662201ae21ef164437f7ecf8ed9a22da26ae804bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2bd16adae02c821b62428902aad499825ab85a348638384cd1f8bb72b3e5250b0d0a20b4e2a2328d53b5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717719ca77a4e0a97c1c6ca791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65246fec3c34e2de044cdaa70b8a67b33fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1deee15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba69060000008b4264eb6f5137bdaa075f1488d22230592a7900000000000037c8986c1c19100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b8697741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e029a210fa9274d4ad7c445e50f76419ab4f78f67a09e63dd4faa2e7b19399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e228cca07bab4770b4185de44db6bf21fef32a8d5b36d9016238fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd37220e31d4731614a50c16c6a417442ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffeac350a5c554a387de4ee7aac6478dd82bef044a6d33c789d566c90c46ad581ac62f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bdad938bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f9b180010000000000000c89f3fb2f951ae81d7fcc8bc0400000000000000000000000000000000009231feef311734493c9fd999c728e3e21bb4f2bafbcd197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e80b65a9201bc4b730500df5a0100363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe038c8348bcdd40a1792be952c17f56e5e2f73019352f1fb6822a99f933ee220d5233fa20595aa5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd957729d63dc1bfc7b772cb000000af22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce90146b444338c1f7a2e991888d64e861583f0e0022121248465d37e7c386f8c614dff95defb464172998a684e21ca960897c32a127453ffffffffffffffffbcfcd7e27e37ea9c80a5b073208d29f2e4ce9438bc39300bbcc27a457296cc27f224ef4ced0773ed6bdbe4c8965d7002fa8b4c1b11f3c5e74ecedeaf4221f17448241500000000b52ee61d77b0d5adb1ca7ab9c34e7d72738309da56d5fc96acb119283c534cd5b0429d3e923c4aba0000000000000000000000f30000c54e3614c328e472bbcab5010973f6887d602bbf2f090c8ca87e58621ed208b2c48e38d86b017657daa0371e96dee683d0ce64485c47d89b363dc2b5e3dc998181c150f1f963c52b8750d947448d29bfd944d350b83c2919b1eff72072a9e1e615f5ddd8cab9459689cf259acb61a73cfeffffffffffffff4a354904909e15a68b999a8b5e5f08fcdf295e6fb68fdba28e3c6f566246416b4cf698b6fc5e9e39eb4e15e2f74e76d40e8646f0bb5395c8e31f92ccb73ff45b2bef72b2ab4306708e8e2df01ee6eb2c61bca7a1c820b821e35ac210caa0e676ff182644678bf7c8fe554cf5b32c283b226b398e977d8455971bfa42bb733cd63123255acb793b35582ae61ca8834e9d6f0fd2c57a82c89bd2e6f8d3504135854c36179dc71eeeb7b89d697abe74bb0accb12cdb4e2b4666f0ab74f0bbec4deaf1ae8fb2f2666ca202a1547d3642046e3397617c3bc8c85616e1d0d45b08e5eea4962141ffcaadfeec7e7dda146b36e4f681e8318069e821dcbe9dd41c4fcf025402e38ad8dc5c9fb7329e3719ba226d58afbf1ab306a7b57740085a0df4a07346b75ba21f9513b269657b0483a4e7530db07e5b1354920153227389487b53b661033ff2c10ef982eeb7dafb460104ae0c779c521bfa7f9daf3d7085d7d80f279227aa4e8dbf672e0000000000000000000000000000000071b96aa2dcb74da616702edf6139d0ece1a10dc80bb31916cf3347e764a33fddeb5aba6e332a82117b7d3aa656455af4ed9fcc560645168173547a9d6efa2d167290c0e63e7b80a186cb34c18b422782ee5ec268c283231507ab4409442f5c125d97aae5a4c2960aab0c16ef54966d295f7e8db38d6e8200000000000000000000000024fbdc9c129b0861e0639f8237ee9b7ce67b1d4c786dad3685dc1c7cbf7a096dfa475303b606c5fc9e769122f41402b5976cf221af47eb9ceb279a08d8e084f4f808ad2ec841f86070eee32a4b4fbdc77f06fcdb3941aac633882c264a27e8784a9cc704939132e428317b68e80f805dbc19d6e09f1adb4fb706c5a280b1958800ef630517347fa2076a28081cca208a182efa4dbf9e7e6474ced53c36eefd000000000000000000000000000000000000000041bb141a12605fd0fe2534690caa2473d671911619a001462e0deb4e7b13b055f341af34d66f6501550206bad3d64eb498ba4070f8a5b1061d353bb74d521d52887c84c47fc8385e0590410203c3f13c53fd72c67d33b9aeeb1841bd2234efb055dc7c9031080cecc7ac4ff261d0810b67354f08fc2eada568ad49000000000000000000000000008210e99d338dbfc97441a9d7c5636616d31b5dc352adcbe84acf31652eec4ed2e1509232e23361548acf88e0333e2721d8f7fd1b3086b2dacd3624bec743821e9d39f6f5a5cd9b1483fdfec3412d0bfb18ca8df5d8904ec0f4c43c9348038c8b9d94b86025b46b96e825552880c94cb2bfecb6da827a56083923cd121d4b14df15b761028caab512f6bd749140a6639180a0172e0859ce1274afaacc997e2c468402c63c13decc3280955b92ef902274efd653eedc0bf3f066856bf5204036e0448a2f70d62c8467ee661b5fbc764f9c044eb14a4071078120d1b3ce85e955a3ffe48845af190ee8eceb97d22fa0829aa18042a450e73364c68f12e8c4821e5ba17d5d36847fa7516d511f92824f1d514847e34ce43cb2eec6a1dd3d16db2f7afad959b3777b6be9b18fed9d0ac9cd4f7fe97d38aef9bc4ad9a1bf9ec77c7a28d6bc6b14968c8f045bf81d3f8bbdd0d040c50dfc647307b1222b06439890ff618d2b2689ea4c5e4672b21726df2c2d69707def1fdd062fe49502064595d4854393f40444f80a7eb3eeb533b50aa4bcf563b4125219b9aa4f67830c7d475b99c07787fd286134d223d06eeb68b9a7bdf82c7bb7cf16e03d2313543e9f221a267808e0245500e4a712d25851697a939e097490d327e700a2a2674dc3867175f886c24791d3a100000000846e4eaa8631308dab74d0f45b4fb1081f753ae999241215627152f6a96a62250260255cb21181c53493419ecbf00c0a3c4fa674f744fcc020981e0896fd4d8199ef96cae461605ff2ca3e4c5db3de7eb1062a123650067cff0c7d433202249db2133781aac9c8a9815a4ef3805221219c3a9cd80c816cd83939bfddf17d8e99590b7387be9e440dc06d43ec40f0e8ab1ec008299f96ecc4b0e0e2e3d5e68b0686398e1197ed2c8ec536d4a62ba950e60ce28afe7296042e1a4c9c35b72e409e1a371b8ff9e3c972756b6c1685a6f9d9c97dde0d213c59068faf02f65943171bfb8cba50a2337ec4e51c2d75ee8fd76b0c0e39f2189a7a36a381ffea08e2feb64a3f37213292928c2db3353baafcadccc43a87e131cf88e801646ebffc99e7c2cc08cd30dd601c03da57a55ba661d9df114296b360f702179b16ac22f8e95621028b8747b7e68cae474ca00130f60fcb1a810a969329c9c5fa000000008313705e362202ccf47ef4fcb9045036095e7d7c0f240c858d565751c0b92d906100a04fc0cc40e4327c2798b85e416db5e8a64e7d81ebe888624f68ed3a0e138505c476941ae36a9373450d37b3bab73f8dd8e67c415805466724ebcc698a1876002f5b6a994e037c2991a0566dd92df6fcc9320feee693a80b4a18abce533b34a18e84f515217d"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x26}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8051}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000004c0)='./cgroup/cgroup.procs\x00', &(0x7f00000002c0)=[0x1], &(0x7f0000000700), 0x200000000000, 0x1}}, 0x40)
getrandom(&(0x7f0000000880)=""/171, 0xab, 0x0)
getpid()
socket$nl_generic(0x10, 0x3, 0x10)
r6 = mq_open(&(0x7f0000000380)='&\x00w\xb4N6Bf\xa9\xc2\xd0\b\x06L\xbbQ\xd6T\xe3+SD\xa8\x0f\xefwHw\xdab\xc4\x1a\xe55@hA5\xd6\xec.)\x8f}\xc5#L\x99\"\x84;{\xfa\x04~\xf1\x17\x1d\x90\x83\xfc\x1e\xae\xb0/(\xbb\xd3\xb7\xca\x13j\xab\xfa\xc5Mq\xb7ks\xe0 \x9d\xf8\x7f\x84b\xa4h\xeekc\xffZ\x9fg\x84lm\xd7F\x97\xdcd\v\x00\x00\x90\x03\x12^\xf2{\xf1\xbe\x12[~\xe7\xca\xe4\x13\xd6k\xa6\xf3v5F\xc9.\xce\x87z\xd4<\xa8\xba\xd0\x9c\ff\xe1\xe2\xf9\x18\xc0\xd0\xa1\x02K\xdd<a\xbe\xbeZ\r\xce\x9f\x835W\x87\xea\xe4e\xbdD\xc7\xb2', 0x8c1, 0x1a2, 0x0)
mq_notify(r6, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}})
mq_timedsend(r6, 0x0, 0x0, 0x5, 0x0)
socket$xdp(0x2c, 0x3, 0x0)

10.254775013s ago: executing program 2 (id=411):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="12000000010000000400000008"], 0x50)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000000114010026bd7000fbdbdf2508000100"], 0x20}, 0x1, 0x0, 0x0, 0xd8}, 0x40090)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000006dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000004480)={0x90, 0x0, 0xc594, {0x3, 0xfffffffffffffffe, 0x7fffffff, 0x1fffffffffffd, 0x400, 0xc, {0x1, 0x40000000000009, 0x8, 0x1, 0x1, 0x4, 0x8, 0x6, 0xdab5, 0xa000, 0x0, 0x0, 0x0, 0x6, 0x9}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
getpgid(0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001c40)={0x2020, 0x0, 0x0, <r3=>0x0}, 0x2020)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x10000, &(0x7f0000000300)={[{@debug}, {@journal_dev={'journal_dev', 0x3d, 0x802}}, {@inlinecrypt}, {@nouid32}, {@grpjquota}, {@nobarrier}, {@nodiscard}, {@nodiscard}, {@nodioread_nolock}, {@delalloc}, {@nodiscard}], [{@fowner_eq={'fowner', 0x3d, r3}}, {@permit_directio}]}, 0x81, 0xbe0, &(0x7f0000000440)="$eJzs3M9rHNcdAPDvjH7alrtyKaXuxSql2FC6ll1kalOoXVx66aGQXAMW8soIrX8gKTiSBVkl/0BIcg7kEkhiEnyIz74kkGsuiXONySFggmIlEEKiMPtDkqVd/bBWGln+fOBp3ps3M+/71Ug778HuBvDMGsh+pBFHI+JSElGo708jorta642o1I5bmJ8d+WF+diSJxcXnvk0iiYhH87MjjWsl9e2heqM3Ij77dxK/fXXtuJPTM+PD5XJpot4+OXX1xsnJ6Zm/jV0dvlK6Urp26sw/hk4PnRk8O9S2XH/86vzd7//0368rP7338+3v3ngnifPRV+9bmUc9620biIGl38lKnREx3Ibr7wUd9XxW5pl0bnBSusNBAQDQUrpiDvf7KERHLE/eCvHx57kGBwAAALTFYkfEIgAAALDPJdb/AAAAsM813gfwaH52pFHyfUfC7np4ISL6a/kv1EutpzMq1W1vdEXEwUdJrPxYa1I7bdsGIuLBl2c/zEo0+RzyTqvMRcQfmt3/pJp/f/2T0KvzTyNisA3jD6xqP035n2/D+HnnD8Cz6d6F2oNs7fMvXZr/RJPnX2eTZ9eTyPv515j/LayZ/y3n39Fi/vf/TY5x6923brbqy/L/593/fNAo2fjZdltJbcHDuYg/djbLP1nKP2mR/6UNrp1E7RKFX26WWh2Td/6Lb0ccj+b5NyTrfz/RydGxcmmw9rPpGHOfDr3favy888/u/8EW+a9z/3uzfTceu1LrL/V54eLFO636Ns4//aY7eb5a667veWl4amriVER38r+1+0+vn2/jmMY10rmIE39e//+/2d9/9ppQqf9tZJnP1bdZ+5VVY/7r9q2P1ss/W/vlef8vb/3+V/e9tskx/vLJ6yda9a1c/2YlG/9BUlsLN3F404kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsK+kEdEXSVqMiKRaT9NiMeJQRPwuDqbl65NTfx29/uK1y1lfRH90paNj5dJgRBRq7SRrn6rWl9unV7X/HhFHIuLNwoFquzhyvXw57+QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYcigi+iJJixGRRsRCIU2LxbyjAgAAANquP+8AAAAAgB1n/Q8AAAD7n/U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+zIsXv3k4ionDtQLZnuel9XrpEBOy3NOwAgNx15BwDkpjPvAIDcbHGNb7oA+1CyQX9vy56etscCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwN51/Oi9+0lEVM4dqJZMd72vq+kZx3YxOmAnpXkHAOSmY73Ozt2LA9h9T/wvfri9cQC7r/kaH3iWJBv09y4fU3m8p2ftwesuKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mvVVS5IWIyKt1tO0WIw4HBH90ZWMjpVLgxHxm4j4otDVk7V78g4aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtpucnhkfLpdLE09SSbZ3erNKJdp8QZWnsvLy3ghjdyvJ3gijVsn7lQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDxMTs+MD5fLpYnJvCMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8jY5PTM+XC6XJjZRubOVg1dU8s4RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID8/BoAAP//YD0Mhw==")
getgid()
gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0x2)
fcntl$setsig(r4, 0xa, 0x12)
ppoll(&(0x7f0000000140)=[{r5, 0x8002}], 0x1, 0x0, 0x0, 0x0)
setsockopt$packet_int(r2, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)

10.082602676s ago: executing program 3 (id=412):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000df100bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x0, 0xe, 0x0, &(0x7f0000000280)="1d5ff8317ca952a2ba4bfee0f003", 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6}, 0x50)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x6000009, 0x2010, r1, 0x797cd000)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, 0x0, 0x40000)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x20010, r1, 0x89a3d000)
chdir(0x0)
mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x2000, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file1\x00')
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000037400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140))
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r4, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r5, 0x800, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x80085}, 0x40084)
r6 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r6, &(0x7f0000000240)={0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000000140)=[{{&(0x7f00000000c0)={0xa, 0x4e22, 0x201, @private0={0xfc, 0x0, '\x00', 0x1}, 0x102}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000001c0)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="24000000000000002900000032000000fe8000000000000000000000000000bb6b"], 0x28}}], 0x1, 0x854)
r7 = syz_open_dev$usbfs(0x0, 0x54f, 0x2c8680)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x8108551b, 0x0)

9.970389071s ago: executing program 4 (id=414):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000004)
syz_mount_image$vfat(&(0x7f0000001040), &(0x7f0000000040)='./file1\x00', 0x2000040, &(0x7f0000001140)=ANY=[@ANYBLOB='rodir,shortname=lower,uni_xlate=0,iocharset=cp850,codepage=852,utf8=1,codepage=775,uni_xlate=0,shortname=winnt,utf8=1,uni_xlate=1,iocharset\riso8859-3,uni_xlate=1,\x00'], 0x1, 0x36a, &(0x7f0000001200)="$eJzs3T9oXHUcAPDv/cndpVCTQSg6nW6ClFZx0MUEqVDMoJXDf4sHTa3enUIODy5Dr1kUR8VF0Mmtg46dxUHErYOrFaQqLmay0OKTu/fu/6VJwcSqnw+0/O775/1+7+WRSx7JL6+vReP8UlzY3b0RlUouimvPrMXNXKxGPgqRuhwAwH/JzSSJ35PUIPD0nao/OhZL6ah0JKsDAA7D4P3/jePpi3L27yAOWgcA3HPmvv9f7PmF0XcObVkAwCGaeP/PDQIPT6VnHvMXRz8TAAD8e734yqvPrW9EnKtWKxGt9zu1Ti2eGufXL8Sb0YzNOBUrcTsifVCQPi3o///s2Y0zp6p9P69Grd/RqUW0ep1a+pXCemHQX47TsRKrWX8y6i/0+08P+qsRcbk3mD9auU5tKY5l8/9wLDbj+MWVuH+uP+Lsxpk/kiQZHKDWGvb3InaiMjyJ/vpPxkpcyw9enI9+b3qsfCxnRRtT/Z0r5UEdAAAAAAAAAAAAAAAAAAAAAAAchpPLpWpmdbT/TdLqdd47lxVU5/OD/X3SdLY/0E66P1BSHu7O80Fhdn+g6f15OrVi5P/RMwcAAAAAAAAAAAAAAAAAAIB7R7tbinqzubnV7m43xoNSs5cO8v3I299+8fVyzNa8VRhHopgebqomi0V3u1GIiH6qEKP2ZNSeFAY1M8vot6SRXNSvXB2teLKmPDqL7UZ991r6Ynyc8jA1iuSKo5rjD/306dyk3e3Gn+NIIUapSnt+hd3tXDb/RKp1XxrqR3pbC7v2GOTa3cf2qbmeJMle7Zc+me+KSkRx7gP3dwy+uXHxgcfbJ55o54qN+lfZpg+PPLry0vWPP/+1UW9GdmmazdJW+3Zy91PkxvfoMJWL6dT+x9kZR3a22t164fvfXn7ww+/SSH54bxSinV/QnkxG3t17ri9nI6V00F9m6QBnurTg5l88eO3W1B2+NHN97tx+4rO1+tVLP/4yvJj7dU18krBRBwAAAAAAAAAAAAAAAAAAHImJ3xW/C0++cHgrAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICjN/77/xODnbnIQQa3ejGfKm9utfecfPlITxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+xvwIAAP//7vhoSw==")
getdents64(0xffffffffffffffff, &(0x7f0000000fc0)=""/224, 0xe0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, 0x0, 0x0, 0x80, r4, 0x0, 0x7}, 0x38)
close(r0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file1\x00', 0x42, 0x0)
close(r6)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000000), 0x1004014, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000280), 0x84000, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="2c6e6f657874656e642c76657173696f6e3d3970323030302e4c2c646972656374696f2c63616368653d7265616461686561642c6163636573733d636c69656e742c667363616368652c736d61636b743d7b2f2c40242e2c646f6e745f686173682c6f626a5f757365723dc42b2c000000000000"])
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f00000009c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r5}})

9.595113704s ago: executing program 3 (id=416):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a1)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0)

8.685580327s ago: executing program 0 (id=418):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
socket$inet6(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0xb9f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
ptrace$ARCH_SHSTK_DISABLE(0x1e, r1, 0x0, 0x5002)
ioctl$SNDCTL_SEQ_CTRLRATE(0xffffffffffffffff, 0xc0045103, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
utime(0x0, 0xfffffffffffffffd)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000700)=0x8, 0x4)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r4, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10)

8.669265362s ago: executing program 4 (id=419):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe2(&(0x7f0000000400)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80000)
splice(r1, 0x0, r3, 0x0, 0x38f9, 0x0)
fcntl$setstatus(r2, 0x4, 0x42c00)
fcntl$setstatus(r2, 0x4, 0x2400)
write(r0, 0x0, 0x0)

8.505537448s ago: executing program 2 (id=421):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @loopback}, 0xd357}, 0x1c)
sendto$inet6(r0, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000714fa228", 0x1e, 0x8000, 0x0, 0x0)

8.504241419s ago: executing program 3 (id=422):
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x80)
r1 = fsopen(&(0x7f0000000000)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000040)='&$\x00', &(0x7f0000000080)='./file0\x00', r0)

8.367393475s ago: executing program 2 (id=423):
r0 = socket$inet_sctp(0x2, 0x6, 0x84)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x8480, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rename(0x0, &(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000000)={0x28, 0x4, 0x0, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000, 0x3})
socket$qrtr(0x2a, 0x2, 0x0)
ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000100)={0x28, 0x7, 0x0, 0x0, 0x800, 0x7002, 0x3ffe})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xc00, 0xe}, 0x80, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000814000580080001"], 0x5c}, 0x1, 0x0, 0x0, 0x20008800}, 0x0)
r7 = syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
ioctl$VIDIOC_G_TUNER(r7, 0xc054561d, &(0x7f0000000200)={0xffffffff, "63ff8791919a5b70f918110cd2e1f7fbd15ec7918e806deb14c0f82379b49307", 0x3, 0x1, 0x3, 0xcd5, 0x4, 0x4, 0x400, 0x4})
sendto$inet(r0, &(0x7f00000000c0)="268fd64c41a98beb630fdb2d6569c3be21ad62c8e00cdf651d57e995a96ff63b06f4023e7d5589118167af1a4197358383d9ea7f87559cf2225737350cba569fe3be244efee8069fadbb2af9bab2e202e223ea54d9db99b84643e7a03090f277baf22b2673de5c0be131f84b1a2e384df5e1827fdceebf91ebc3", 0x7a, 0x4004004, &(0x7f0000000140)={0x2, 0x4e20, @rand_addr=0x64010102}, 0x10)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)

7.256056054s ago: executing program 0 (id=424):
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r0 = add_key$user(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r0, 0x1c4e)

7.223446646s ago: executing program 1 (id=425):
capset(&(0x7f0000000040)={0x19980330}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

6.293516363s ago: executing program 0 (id=426):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000df100bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x0, 0xe, 0x0, &(0x7f0000000280)="1d5ff8317ca952a2ba4bfee0f003", 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6}, 0x50)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x6000009, 0x2010, r1, 0x797cd000)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, 0x0, 0x40000)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x20010, r1, 0x89a3d000)
chdir(0x0)
mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x2000, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file1\x00')
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000037400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140))
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r4, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r5, 0x800, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x80085}, 0x40084)
r6 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r6, &(0x7f0000000240)={0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000000140)=[{{&(0x7f00000000c0)={0xa, 0x4e22, 0x201, @private0={0xfc, 0x0, '\x00', 0x1}, 0x102}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000001c0)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="24000000000000002900000032000000fe8000000000000000000000000000bb6b"], 0x28}}], 0x1, 0x854)
r7 = syz_open_dev$usbfs(0x0, 0x54f, 0x2c8680)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x8108551b, 0x0)

6.293025816s ago: executing program 3 (id=427):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = socket(0x2b, 0x80801, 0x1)
getpeername$packet(r1, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000880)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0xb, 0xc9, [@empty, @loopback]}, @timestamp={0x44, 0x8, 0x55, 0x0, 0x0, [0x0]}, @ssrr={0x89, 0x3, 0x96}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x800}}}}}}, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe2(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80000)
splice(r4, 0x0, r6, 0x0, 0x38f9, 0x0)
fcntl$setstatus(r5, 0x4, 0x42c00)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket(0x23, 0x80805, 0x0)
listen(r8, 0x0)
accept4$unix(r8, 0x0, 0x0, 0x0)
setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
fcntl$setstatus(r5, 0x4, 0x2400)
write(r3, &(0x7f0000000040), 0xffffff4a)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000c80)={r2, r0, 0x16, 0x0, @val=@iter={0x0}}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2f}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo/3\x00')
close(0x3)
read$FUSE(r9, &(0x7f0000002080)={0x2020}, 0x54)

6.291866915s ago: executing program 4 (id=428):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)={0x1c, 0x0, 0x200, 0x70bd28, 0x6, {}, [@ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8880}, 0x20000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = socket$rxrpc(0x21, 0x2, 0xa)
sendmsg$inet(r2, 0x0, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r2, 0x110, 0x1, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
listen(r3, 0x0)
recvmmsg(r3, &(0x7f0000002cc0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000140)=""/61, 0x3d}], 0x1}, 0xf}], 0x1, 0x20, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r4, 0x0, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000006b113200000000008510000002000000850000000500000095003300000000009500a50500000000d7d86929483a930f2c70e28b47c5a00beaff8cc04257c275f6febbffdda80963ef4d4723307ab70fec7e371be2f916497c74ba124e7c3d0d0ef2d9fae6916f283d9ff87d9a2dede5f1e1268044b539e00f3a7136acde92c31d5db96585f6369be77641f27ead6e878ed48108d92d7bb3670ef346f9450f2c3f9c1430b8ec2a767823a16c87e1ff53172a95c85d3491c0fc93e6e3893d2674bfefa957b16f5de52eec758cf56a16bac6daa02a7ec3e5f1e8bb27"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$int_in(r7, 0x5421, &(0x7f0000000440)=0x6)
connect$bt_rfcomm(r7, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x6}, 0xa)
close(r7)

6.022829647s ago: executing program 1 (id=429):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x100000c7}, 0x4000004)
r0 = open(&(0x7f0000000040)='.\x00', 0x20000, 0x0)
getdents64(r0, &(0x7f0000000fc0)=""/224, 0xe0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, 0x0, 0x0, 0x80, r5, 0x0, 0x7}, 0x38)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
close(r1)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file1\x00', 0x42, 0x0)
setsockopt$MRT_PIM(r7, 0x0, 0xcf, &(0x7f00000000c0)=0x4, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000000), 0x1004014, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r8}})
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000280), 0x84000, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c6e6f657874656e642c76657173696f6e3d3970323030302e4c2c646972656374696f2c63616368653d7265616461686561642c6163636573733d636c69656e742c667363616368652c736d61636b743d7b2f2c40242e2c646f6e745f686173682c6f626a5f757365723dc42b2c000000000000"])
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f00000009c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r6}})

5.878763362s ago: executing program 2 (id=430):
r0 = syz_usb_connect(0x3, 0x362, &(0x7f0000000680)=ANY=[@ANYBLOB="12011003440074203d1b04934d7c0102030109025003"], &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000001880)={0x14, 0x0, &(0x7f0000001840)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000200)=ANY=[@ANYRES32=r0], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
fremovexattr(r1, &(0x7f0000000040)=@known='system.posix_acl_default\x00')

5.235151755s ago: executing program 0 (id=431):
socket$netlink(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000080)={0x88}, 0x8)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0xfffe, 0x3000000, @mcast2, 0x4}, 0x1c)
write(r0, &(0x7f00000000c0)="8f2a0a65", 0x4)
socket(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
lseek(r1, 0x25, 0x4)

5.057439871s ago: executing program 4 (id=432):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000003f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b707000014000000b7060000000000008500000005000000bf0900000000000035090100000000009500000000000000bf9100000000000056070000010000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xfffffffd, 0x2})
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0xfffffffffffffff9, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
umount2(&(0x7f0000000040)='.\x00', 0x2)

4.914235258s ago: executing program 3 (id=433):
gettimeofday(0x0, &(0x7f0000000140))
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
syz_mount_image$f2fs(&(0x7f0000000100), &(0x7f0000000040)='./bus\x00', 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="6163746976655f6c6f67733d322c686561702c6e6f696e6c696e655f64656e7472792c6163746976655f6c6f67733d362c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303032332c6a71666d743d76667376302c616c6c6f635f6d6f64653d64656661756c742c6661756c745f747970653d30303030303030303030303031363737373231342c71756f74612c646973636172642c6a71666d743d76667376312c6673796e635f6d6f64653d706f7369782c696e6c696e655f646174612c67727071756f74613d6163746976655f6c6f67733d322c6c617a7974696d652c71756f74612c72657365727665725f726f6f743d30303030303030303030303030303030303030362c6d65615e7572652c7063723d30303030303030303030303030303030303034392c646f6e745f61707072616973652c00ff29d0fe17e4c4341c45671dd25dfa91a37c701b07211a12cd72f3186867d29073d5c363c29b4ca676972bf8f94697fab943ab1c6d7fa3a18d16d5e339f461016a1950fd58569021caba03d761f3ea76c27f97b8472cb94ebe242e118b5f1269b29ad902f9b17932c95626af588a06ce34c57c32ad59a72a3fda9a6463dbf665f435aed687bd95909d1f305ec0a2fae7420d7f112c385438f2959f370b3a9a24a59c3f28fa62acd9a57c8f5163f9", @ANYRESHEX], 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xa, 0x1c, &(0x7f0000005980)=ANY=[@ANYRESOCT, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc090000000000003509017a6e82e771ff4a0c47ff6627bd7500000000009500000000000000b7020000000000007b9af8ff00000000b5090b00000000007baaf0ff00000000bf8700000000000007080000fffdffffbca4000000000000a7040000f0ffffff740200001d00000018290000", @ANYRES32=r0], &(0x7f0000000980)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x17)
openat$sndseq(0xffffff9c, 0x0, 0x482)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0xb, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000180)=0x100, 0x4)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000240)={0x2, 0x4e20, @remote}, 0x10)
recvfrom$inet(r1, 0x0, 0x0, 0x2042, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x400840, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
acct(&(0x7f0000000040)='./file0\x00')
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$inet_sctp(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000084000000060000000300000000000000044c223455d1964be5f82a0f6f0ed8a25b02a4"], 0x18}, 0x44)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x802084, 0x0, 0x3e, 0x0, &(0x7f0000000140))
openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x800c4, 0xf7)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write$FUSE_IOCTL(r3, &(0x7f0000000280)={0x20, 0xffffffffffffffda, 0x0, {0x0, 0x0, 0x401, 0xe2}}, 0x1c)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x0)
mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000180)=0x86c, 0x7, 0x7)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000080000000060a010400000000000000000100000008000b4000000000500004804c0001800a00010071756f74610000003c0002800c00044000000000000007ff08000240000000000c00014000000000810000000000000000000000000000070c00044000000000000000010900010073797a3000000000050007"], 0xf4}}, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r4, 0xc2604110, &(0x7f0000000600)={0x0, [[0x0, 0x1, 0x3, 0xa, 0x0, 0xfffffffc, 0xa73c], [0x1000, 0x0, 0x0, 0x1, 0x9, 0x4, 0x0, 0x10000000], [0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27]], '\x00', [{0x1}, {0xfffffff8, 0xfffffffb}, {0x7, 0x72}, {0xffffffff, 0xffffffff}, {0x0, 0x4}, {0x0, 0x8}, {}, {0x4, 0xfffffffc}, {}, {}, {0x0, 0x4}], '\x00', 0x4, 0x0, 0x0, 0x2})

3.483459692s ago: executing program 3 (id=434):
r0 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x2000)

3.417330679s ago: executing program 0 (id=435):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/13], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001d00)=@newtaction={0x8e0, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x8cc, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x64, 0x7, 0x8, 0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r4}]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x87c, 0x2, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x9, 0xffff, 0xaa56, 0x3, 0x70, 0x100, 0xffff, 0x8001, 0x4, 0x5, 0xf095, 0x3, 0x8, 0x2, 0x3, 0x1, 0x412, 0x3, 0x1000, 0x3, 0x4, 0x1, 0xfffffff8, 0x4, 0x200, 0xf, 0x5, 0x8, 0x9000000, 0xd, 0xa43, 0x8c69, 0x6, 0x254, 0x80, 0x80000001, 0x2, 0x9, 0xd0f, 0x8, 0xffffffff, 0x9, 0x400, 0xfffffffe, 0x1, 0x10000, 0x401, 0x75a8, 0x3ff, 0x7, 0x6, 0xb, 0x8, 0x2, 0xff0, 0x5, 0x80000000, 0x6, 0x401, 0x7fff, 0x2, 0x3, 0xff, 0x7, 0xffffff7f, 0x8, 0x6, 0x6, 0x100, 0x101, 0x3, 0x6, 0xe1bc, 0x4, 0x6, 0x3, 0x5, 0x53, 0xe, 0x2d, 0x101, 0x81, 0x3, 0xe, 0x0, 0x1, 0x2, 0x8001, 0xf, 0x2, 0xfffffffb, 0xc, 0x7, 0x4, 0xffffffff, 0x2, 0x80000000, 0x2, 0x100, 0x3, 0x7, 0x1, 0xff, 0x8, 0x3, 0x1, 0x8, 0x10, 0xcd3, 0x2, 0x7f, 0x80, 0x10000, 0x2, 0x8000, 0x800, 0x5, 0x4, 0x0, 0x82, 0x5, 0x0, 0x4, 0x6e4ba82a, 0x3f, 0xdb51, 0x7fffffff, 0x73, 0x8, 0x0, 0x1, 0x3, 0xfffffe01, 0x3, 0x6, 0x80000000, 0x1, 0x0, 0x6, 0x1ff, 0x3, 0xe1, 0x5, 0x7, 0x6a, 0x5, 0x0, 0xf44c, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x2, 0x3, 0x3, 0x10a, 0x7, 0xa19, 0x0, 0x8001, 0x8ad, 0xee57, 0x7f, 0x8, 0x3, 0x80000000, 0x0, 0x9, 0xfffffffd, 0xfffffff8, 0x2, 0x9, 0xb, 0x2, 0x8ad6, 0x401, 0x9, 0xfffffffa, 0x2000, 0xdce5, 0x1, 0xa77b, 0xffff, 0x8001, 0x9, 0x1, 0x1, 0x7fff, 0x0, 0x3, 0x7, 0x10001, 0x7, 0x2, 0xbfab, 0x8, 0x8, 0xa, 0x1, 0x4cc, 0x6863e206, 0x1ff, 0x2, 0x8000, 0x9, 0xff800000, 0x1b329254, 0x0, 0x2, 0x1a5, 0x0, 0xffffffff, 0x6, 0x7f, 0x9, 0x7, 0x7, 0x6, 0xb, 0xff, 0x80000000, 0x9, 0x1, 0x1, 0x5, 0x10000, 0x2, 0x7, 0x81, 0xc000, 0x4, 0x0, 0x1c00000, 0x276, 0x401, 0x6, 0x7, 0x2, 0x6, 0x7, 0x1aa, 0x727, 0x9, 0x8, 0x7, 0x2, 0x2, 0x4, 0x4, 0x40c0, 0x2, 0x7f800000, 0x57, 0x80000001]}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x7fff}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8001, 0x51, 0x0, 0x9, 0xf4a, 0xa, 0x5, 0x28a2, 0x10, 0x5, 0xd, 0x9a, 0x15, 0x1, 0x8, 0x7f93, 0x5, 0x4, 0x80000001, 0x1, 0x80, 0x4, 0xfff, 0x10000, 0x8, 0x2, 0x4, 0x6, 0x5, 0x5, 0x5, 0x5, 0x40, 0x1, 0x8, 0x40, 0x50c8, 0xfffffffc, 0x7, 0x5, 0x4, 0x8, 0x80000001, 0x1ff, 0x4, 0x2380000, 0x9, 0x6, 0x6, 0x43, 0x4, 0x5, 0x8001, 0x2b, 0x5, 0x5, 0x0, 0x6223, 0x2, 0x6, 0xd, 0x0, 0x2a3, 0x8000, 0x8, 0x2ae, 0x9, 0x9, 0x3, 0x2357, 0x3, 0x8, 0x3, 0x0, 0x2, 0x7, 0x0, 0x200, 0x7, 0x5, 0x4, 0x101, 0xc, 0x3, 0x6, 0x0, 0x1, 0x4, 0x81, 0xb, 0x7, 0x8001, 0x9caf, 0xfff, 0x3, 0x7, 0x78, 0x5, 0x9, 0x8, 0x401, 0xffffffff, 0x9, 0xd, 0x7, 0xfffffffc, 0x3, 0x2, 0x7f, 0x5, 0xf, 0x5, 0x1, 0x9, 0x8, 0xd, 0x6a8b, 0x7f, 0x80, 0x4486, 0x5, 0xbc95, 0x80, 0x0, 0x5, 0x8, 0x43, 0x5, 0x0, 0x40000000, 0x0, 0xc1, 0x2, 0xe2, 0x4, 0x14, 0x3, 0x4, 0x6, 0xffffffff, 0x6, 0xc, 0x37, 0xfff, 0x5, 0xc801, 0x5, 0x8, 0x0, 0x400, 0xffffffff, 0x7, 0x9, 0x6, 0xc14, 0x8, 0x1ff, 0x4, 0xfffffff3, 0x7, 0x1, 0x4, 0xfffffe9c, 0x4, 0x7f, 0x0, 0x7460000, 0x10000, 0x7ff, 0xe, 0x8, 0x5, 0x3, 0x7fff, 0x1000, 0xfd, 0x5, 0xfffffffe, 0x5, 0x0, 0x234f, 0x81, 0xfffffffc, 0x80000001, 0x4, 0x3, 0x80000001, 0x696, 0x8, 0x5, 0x6, 0x10001, 0x5, 0x751, 0x9, 0xa6, 0x8, 0x8001, 0xffffffff, 0x3, 0x5, 0x3, 0x0, 0x3, 0x1, 0x4, 0x4, 0x5, 0x3, 0x6, 0x5, 0xffff, 0x350, 0xe, 0x8, 0x1, 0x1, 0xb4, 0x9, 0x400, 0x2, 0x7f, 0xfffffffb, 0x101, 0x8, 0xd, 0x2, 0x971f, 0x10000001, 0x1, 0xd289, 0x7fff, 0x101, 0x721, 0xf, 0xb2d6, 0x401, 0x401, 0x5, 0x6e, 0x5, 0x7, 0x7f, 0xffff, 0x5, 0x5, 0xd7, 0xffffffff, 0x6, 0x6, 0x7, 0x0, 0xc0000000, 0xb, 0x4, 0x7]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x10000000, 0x8, 0x9c, 0xff, {0x6, 0x1, 0x5, 0x7, 0x9, 0x7fffffff}, {0x4, 0x0, 0x9, 0x9, 0x7ff, 0x1}, 0x7, 0x9, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x8e0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x40000)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd708", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x96}]}}}}}}}}, 0x0)
r6 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x6, 0x0, 0x0, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x2, 0x0, 0x0, 0xff7ffffb, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94)

2.198937746s ago: executing program 0 (id=436):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021180900000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000100003800c00008008000340000000000800044000000003d408038048070080340007800b0001007470726f7879000024000280080003400000001208000240000000040800034000000011080003400000000b0900090073797a3200000000080003400000000010020a800c0002800800034000000002c2000100e512491df3b3cc13ad2aca07b6816ab9350d36b0c0329cdc09f913c43ecd900ea2e681188ea95f222fc29ae16caf1c0608afd6658442cfeaab27e375f984160ea295f6af74d49ece29f8452dfe5e73a2635edab12d64d34fdb03a262049259471ec508a144bb11c94ee6ea21d818b89dea562f658c39a07616f5b74ba4dbd4b8c6a230ce225fb78db7f8b2c6ed0b747abbb3d5241d4484d71be6108c9152c1e7a97459d2b1b8f2af99bb4cfa2695eb5f2bea796414b2f8d91e7e18ab782a00008f0001002b565d50d6adf0fbbb6ec083210c3d2f6e2973f79f031431c4109ee9a87c563a9cf68eb8b24c7e3a69ef5dd745756ce778d4b1973cc2c90632f37d508cfd004c00b865e359b4956067dfc5bf0151ad29249698f2c78bc10cda2cc03c50764ced8ee998bd961ac173fa4bd2d4da96a2cb9a5b59e04ecf5e410fe1e869063f3a558e73fb40bbd2cb53c3783500360001007f728b2773907a1e1e5e47750f4159e0f90327ebcab5a41bdf06945d6d0adb537ea5b6d1860acd3c78e8f2b05bac385c6e9b00004000028008000180fffffffd080003400000000208000180fffffffc08000340000000020900020073797a3100000000080003400000000408000340000000043000028008000180ffffffff080003400000000408000340000000040900020073797a300000000008000180fffffffd04000280400202805600010050df7aeb47371b24726e7fd7fe931fb6f27a46fb88d79354acbf028b7cd60d21ff8ff472aceda97ade869884b2a0d5786c67777c597ef1a186c1317a2b59469038f29a01ead0efecbd5e04e848ecf7251fac0000100002800900020073797a3000000000800001003ac3735c9dd28691a046d7f2fd34df78130f6c981dda7fbfa28cd884747b279af9038d37624742f5f816d0ac7725eeb5f1404239c2adce651be32d51b3202a2a2958765d132608b41036ed08437ca0023d8240f36cdd6b0434068162f271f4c7ebe9052d51de336fc1173de1ddf92bf1eb8071c2acb1b1a98bfd124cc500010005ed3651e13e5fc4d47c4fe72fbfacd532a554c7b24e6860e7851e817a9ab447b85536e93176f05fcff03dd2e8b1465ab107396cd19c921670f15aaa77ff5573bcc42709a19a4eeb233a6d27e372893f4480c83f1caa20f4de92eea5d7ad775864c28531dcdc4fa4766c15185b8bb61337fbf93f78e191845bd4146bb599cae70ea503abce3e7598980dad829ac9971ac907b90adc61e41eec8dc4833facb48bf85e487987b71b112741d8f11da56fbb50e5fe11d756a015e4fd86f6f1409fdc780000001800028008000340000000030900020073797a310000000014000280080003400000000208000340000000010c00028008000180ffffffff0c000280080003400000000248000280080003400000000108000180fffffffd0900020073797a3100000000080003400000000108000340000000030900020073797a30000000000900020073797a3000000000a8000280200002800900020073797a310000000008000180ffffffff08000180fffffffe34000280080003400000000308000180ffffffff0900020073797a320000000008000180ffffffff0900020073797a32000000003c000280080003400000000308000180fffffffe08000180000000000900020073797a32000000000900020073797a300000000008000180fffffffd1400028008000340000000010800034000000002040201"], 0x99c}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0xfffd}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs$pagemap(0x0, &(0x7f00000000c0))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x7, 0x0, 0x0, 0x63, 0x41, 0x44, 0x0, 0x65})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, <r3=>0x0}, &(0x7f0000000140)=0xc)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000400)='./file0\x00', 0x402, &(0x7f0000001a40)=ANY=[@ANYBLOB='iocharset=macinuit,umask=00000000000000000000354,errors=continue,gid=', @ANYRESHEX=r3, @ANYBLOB=',iocharset=koi8-r,discard,allow_utime=00000000000000000000010,discard,allow_utime=00000000000000000000004,uid=', @ANYRESHEX=0x0, @ANYBLOB=',gid=', @ANYRESHEX=0x0, @ANYBLOB="3cfaf0c8b6eca02453decf4c663cdf6c8aca7084d9b4386866a21bb3ec26b6d50ae4ad3f87d725d8725712b8489024deafd6509f6c3c6fdc"], 0x1, 0x151f, &(0x7f0000000500)="$eJzs3AucT9XaOPDnWWvtMSbp1ySXYa31bH7JZZkkySVJLkmSJEluCUmTHElIDLklDUlILkNyGUJymZg07ve7JCRJkyQhuSXr/5nidTp1/uec9/Qe7+ed5/v5/D7WM3s/az97P7NnXzDfdh1Wq0nt6o2ICP4t+OsfyQAQCwCDAOAaAAgAoHx8+fjs5bklJv97G2F/rofSrnQF7Eri/uds3P+cjfufs3H/czbuf87G/c/ZuP85G/efsZxsy4xC1/In5374/X9Oxtf//xsunnzw5boy13cDiPln87j/ORv3//+s4J9Zifufs3H/c6rYK10A+1+Az/+cINffXcL9z9m4/4zlZFf6/fOV/kAkZx+DK/39xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsZzjjL1MAcGl8petijDHGGGOMMcbYn8fnutIVMMYYY4wxxhhj7H8eggAJCgKIgVwQC7khDgQAXA154RqIwLUQD9dBPrge8kMBKAiFIAEKQxHQYCAGCEIoCsUgCjdAcbgRSkBJKAWlwUEZSISboCzcDOXgFigPt0IFuA0qQiWoDFXgdqgKd0A1uBOqw11QA2pCLagNd0MduAfqwr1QD+6D+nA/NIAHoCE8CI3gIWgMD0MTeASawqPQDJpDC2gJrf5b+S9AT3gRekFvSIY+0Bdegn7QHwbAQBgEL8NgeAWGwKuQAkNhGLwGw+F1GAFvwEgYBaPhTRgDb8FYGAfjYQKkwkSYBG/DZHgHpsBUmAbTIQ1mwEx4F2bBbJgD78FceB/mwXxYAAshHT6ARbAYMuBDWAIfQSYshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC2yFbbAddsDHsBM+gV3wKeyGPbAXPoN98Pm/mH/6b/K7ISCgQIEKFcZgDMZibozDOMyDeTAv5sUIRjAe4zEf5sP8mB8LYkFMwAQsgkXQoEFCwqJYFKMYxeJYHEtgCSyFpdChw0RMxLJ4M5bDclgey2MFrIAVsRJWwipYBatiVayG1bA6VscaWANrYS28G+/GPlgX62I9rIf1sf6l11PYCBthY2yMTbAJNsWm2AybYQtsga2wFbbG1tgG22A7bIftsT12wA6YhEnYETtiJ+yEnbEzdsEu2BW7Yjfsjt2zXsgF+CK+iL2xhuiDfbEv9sOUXANwIA7El3EwvoKv4KuYgkNxGL6Gr+HrOAJP4UgchaNxNFYVb+FYHIckJmAqpuIknISTcTJOwak4FadjGs7AmTgTZ+FsnI3v4Vx8H9/H+TgfF2I6puMiXIwZmIFL8DRm4lJchstxBa7EFbga1+BqXIfrcR1uxI24GTfjVtyK23E7fowf4yeoAPBT3IN7MAX34T7cj/vxAB7Ag3gQszALD+EhPIyH8QgewaN4FI/hcTyBx/EknsRTeBrP4Bk8h+fwPD6X8HXjT0quTQGRTQklYkSMiBWxIk7EiTwij8gr8oqIiIh4ES/yiXwiv8gvCoqCIkEkiCKiiDDCCBJhDACIqIiK4qK4KCFKiFKilHDCiUSRKMqKsqKcKCfKi1tFBXGbqCgqibauiqgiqop2rpq4U1QX1UUNUVPUErVFbVFH1BF1RV1RT9QT9UV90UA8IBqKPjgAHxLZnWkihmJTMQybieZCXvwJ1lqMwDairWgnnhCjcCR2EK1dknhadBRjsZP4ixiHz4ouYgJ2Fc+LbqK76CFeED1FG9dL9BZTsI/oK6ZjP9FfDBADxSysKd7DublriVdFihgqhonXxEJ8XYwQb4iRYpQYLd4UY8RbYqwYJ8aLCSJVTBSTxNtisnhHTBFTxTQxXaSJGWKmeFfMErPFHPGemCveF/PEfLFALBTp4gOxSCwWGeJDsUR8JDLFUrFMLBcrxEqxSqwWa8RasU6sFxvERrFJbBZbxFaxTWwXO8THYqf4ROwSn4rdYo/YKz4T+8TnYr/4QhwQX4qD4iuRJb4Wh8Q34rD4VhwR34mj4ntxTBwXJ8QP4qT4UZwSp8UZcVacEz+J8+JncUF4ARKlkFIqGcgYmUvGytwyTl4l88jg4tG9VsbL62Q+eb3MLwvIgrKQTJCFZRGppZFWkgxlUVlMRuUNsri8UZaQJWUpWVo6WUYmyptkWXmzLCdvkeXlrbKCvE1WlJVkZVlF3i6ryjskRH7dRg1ZU9aSteXdMhnukXXlvbKevE/Wl/fLBvIB2VA+KBvJh2Rj+bBsIh+RTeWjsplsLlvIlrKVfEy2lo/LNrKtbCefkO3lk7KDfEomyadlR+kvfos8K7vI52RX+bzsJrvLHvJneUF62Uv2ltAHZF/5kuwn+8sBcqAcJF+Wg+Urcoh8VabIoXKYfE0Ol6/LEfINOVKOkqPlm3KMfEuOlePkeDlBpsqJcpJ8W06W78gpcqqcJqfLNDlDDrg40xwp/2H+23+QP+SXrW+WW+RWuQ0vtkJ+InfJXXK33C33yr1yn9wn98v98oA8IA/KgzJLZslD8pA8LA/LI/KIPCqPymPyuDwrf5An5Y/ylDwtT8uz8pw8J89fPAagUAkllVKBilG5VKzKreLUVSqPulrlVdeoiLpWxavrVD51vcqvCqiCqpBKUIVVEaWVUVaRClVRVUxF1Q2XqlSlVGnlVBmVqG76V/JVcXWjKqFK/ib/Un3Jf6e+VqqVaq1aqzaqjWqn2qn2qr3qoDqoJJWkOqqOqpPqpDqrzqqL6qK6qq6qm+qmeqgeqqfqqXqpXipZJau+6iXVT/VXA9RANUi9rAarmIu7kqKGqWFquBquRqgRaqQaqUar0WqMGqPGqrFqvBqvUlWqmqQmqclqspqipqhpappKU2lqppqpZqlZao6ao+aquWqemqcWqAUqXaWrRWqRylAZaolaojLVUrVULVfL1Uq1Uq1Wq9VatVatV+vVRrVRZaotaovaprapHWqH2ql2ql1ql9qtdqu9aq/ap/ap/Wq/OqAOqIPqoMpSWeqQOqQOq8PqiDqijqqj6pg6pk6oE+qkOqlOqVPqjDqjzqlz6rw6ry6oC9m3fYEIRKCC7CttTBAbxAZxQVyQJ8gT5A3yBpEgEsQH8UG+4Pogf1AgKBgUChKCwkGRQAcmsIG4eKSiwQ1B8eDGoERQMigVlA5cUCZIDG4KygY3B+WCW4Lywa1BheC2oGJQKagcVAluD6oGdwTVgjuD6sFdQY2gZlArqB3cHdQJ7gnqBvcG9YL7gvrB/UGD4IGgYfBg0Ch4KGgcPBw0CR4JmgaPBs2C5kGLoGXQ6k+d3/tTBR53m3Vvnaz76L76Jd1P99cD9EA9SL+sB+tX9BD9qk7RQ/Uw/Zoerl/XI/QbeqQepUfrN/UY/ZYeq8fp8XqCTtUT9ST9tp6s39FT9FQ9TU/XaXqGnqnf1bP0bD1Hv6fn6vf1PD1fL9ALdbr+QC/Si3WG/lAv0R/pTL1UL9PL9Qq9Uq/Sq/UavVav0+v1Br1Rb9Kb9Ra9VW/T2/UO/bHeqT/Ru/Snerfeo/fqz/Q+/bner7/QB/SX+qD+Smfpr/Uh/Y0+rL/VR/R3+qj+Xh/Tx/UJ/YM+qX/Up/RpfUaf1ef0T/q8/llf0D775j778m6UUSbGxJhYE2viTJzJY/KYvCaviZiIiTfxJp/JZ/Kb/KagKWgSTIIpYoqYbGTIFDVFTdRETXFT3JQwJUwpU8o440yiSTRlTVlTzpQz5U15U8FUMBVNRVPZVDa3m9vNHeYOc6e509xl7jI1TU1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTDPTwrQwrUwr09q0Nm1MG9POtDPtTXvTwXQwSSbJdDQdTSfTyXQ2nU0X08V0NV1NN9PN9DA9TE/T0/QyvUyySTZ9TV/Tz/QzA8wAM8gMMoPNYDPEDDEpJsUMM8PMcDPcjDAjzEgzyozOPn3MW2asGWfGmwkm1aSaSWaSmWwmmylmiplmppk0k2Zmmplmlpll5pg5Zq6Za+aZeWaBWWDSTbpZZBaZDJNhlpglJtNkmmVmmVlhVphVZpVZY9aYdWad2QAbzCazyWwxW8w2s83sMDvMTrPT7DK7zG6z2+w1e80+s8/sN/vNAXPAHDQHTZbJMofMIXPYHDZHzBFz1Bw1x8wxc8KcMCfNSXPKnDJnzBlzzhS4eL30JtbmtnH2KpvHXm3z2mvs38YFbSGbYAvbIlbb/LbAb2JjrS1hS9pStrR1toxNtDf9Lq5oK9nKtoq93Va1d9hqv4vr2HtsXXuvrWfvs7Xt3b+J69v7bQP7iG2ICGCb28a2pW1iH7FN7aO2mW1uW9iWtr190nawT9kk+7TtaJ/5XbzILrZr7Fq7zq63u+0ee8aetYftt/ac/cn2sr3tIPuyHWxfsUPsqzbFDv1dPNq+acfYt+xYO86OtxN+F0+z022anWFn2nftLDv7d3G6/cDOtRl2np1vF9iFv8TZNWXYD+0S+5HNtAEss8vtCrvSrrKr/6vW5Xaj3WQ32132U7vNbrc77Md256UbYbvH7rWf2X32c3vIfmMP2C/tQXvEZtmvf4mz9++I/c4etd/bY/a4PWF/sCftj+pSdva+/2B/thest0BIQJIUBRRDuSiWclMcXUV56GrKS9dQhK6leLqO8tH1lJ8KUEEqRAlUmIqQJkOWiEIqSsUoSjfQpfJKUWlyVIYS6SYqSzdTObqFytOtVIFuo4pUiSpTFbqdqtIdVI3upOp0F9WgmlSLatPdVIfuobp0L9WD+6g+3U8N6AFqSA9SI3qIGtPD1IQeoab0KDWj5tSCWlIreoxa0+PUhtpSO3qC2tOT1IGeoiR6mjrSM9SJ/kKd6VnqQs9RV3qeulF36kEvUE96kXpRb0qmPtSXXqJ+1J8G0EAaRC/TYHqFhtCrlEJDaRi9RsPpdRpBb9BIGkWj6U0aQ2/RWBpH42kCpdJEmkRv02R6h6bQVJpG0ymNZtBMepdm0WyaQ+/RXHqf5tF8WkALKZ0+oEW0mDLoQ1pCH1EmLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQx7STPqFd9Cntpj20lz6jffQ57acv6AB9SQfpK8qir+kQfUOH6Vs6Qt/53vQ9HaPjdIJ+oJP0I52i03SGztI5+onO0890gTxBiKEIZajCIIwJc4WxYe4wLrwqzBNeHeYNrwkj4bVhfHhdmC+8PswfFggLhoXChLBwWCTUoQltSGEYFg2LhdHwhrB4eGNYIiwZlgpLhy4sEyaGN4Vlw5vDcuEtYfnw1rBCeFtYMawUPnJflfD2sGp4R1gtvDOsHt4V1ghrhrXC2uHdYZ3wnrBueG9YL7wvLBfeHzYIHwgbhg+GjcKHwsbhw2GT8JGwafho2CxsHrYIW4atwsfC1uHjYZuwbdgufCJsHz4ZdgifCpPCp8OO4TO/LL9/8d9fnhz2CfuGL4Uvhd7fKxdEF0bTox9EF0UXRzOiH0aXRD+KZkaXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFN0e9r50LHDrhpFMucDEul4t1uV2cu8rlcVe7vO4aF3HXunh3ncvnrnf5XQFX0BVyCa6wK+K0M846cqEr6oq5qLvBFXc3uhKupCvlSjvnyrhE19K1cq1ca/e4a+PaunbuCfeEe9I96Z5yT7mnXUf3jOvk/uI6u2ddF/ece84977q57q6He8H1dBPz/npOJru+rq/r5/q5AW6AG+QGucFusBvihrgUl+KGuWFuuBvuRrgRbqQb6Ua70W6MG+PGurFuvBvvUl2qm+QmucluspviprhpbppLc2luppvpZrlZrursX7cyz81zC9wCl+7S3SKXfc+Y4Za4JS7TZbplbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vldrnd/ppfJ3X73H633x1wB9xB95XLcl+7Q+4bd9h9646479xR97075o67E+4Hd9L96E650+6MO+vOuZ/cefezu+C8S41MjEyKvB2ZHHknMiUyNTItMj2SFpkRmRl5NzIrMjsyJ/JeZG7k/ci8yPzIgsjCSHrkg8iiyOJIRuTDyJLIR5HMyNLIssjyyIrIyoj3hbeFvqgv5qP+Bl/c3+hL+JK+lC/tnS/jE/1Nvqy/2Zfzt/jy/lZfwd/mK/pKvrJ/1DfzzX0L39K38o/51v5x38a39e38E769f9J38E/5JP+07+if8Z38X3xn/6zv4p/zXf3zvpvv7nv4F3xP/6Lv5Xv7ZN/H9/Uv+X6+vx/gB/pB/mU/2L/ih/hXfYof6of51/xw/7of4d/wI/0oPzrmTT/m0iMyTPCpfqKf5N/2k/07cKef6qf56T7Nz/Az/bt+lp/t5/j3/Fz/vp/n5/sFfqFP9x/4RX6xz/Af+iX+I5/pl156qexX+dV+jV/r1/n1foPf6Df5zX6L3+q3+e1+h//Y7/Sf+F3+U7/b7/F7/Wd+n//c7/df+AP+S3/Qf+Wz/Nf+kP/GH/bf+iP+O3/Uf++P+eP+hP/Bn/Q/+lP+tD/jz/pz/id/3v/sL/D/WWOMMcYY+6dMvDwUv13y6+v8Pn+QI/5q5b4AcPX2Qll/vTz7jnJD/l/H/UVC+wgAPN2760OXPjVqJCcnX1w3U0JQbD7Apb8JyvbL2/eL8VJoB09CErSFsn9Yf3/R/Rz9g/mjtwLE/VVOLFyOL8//BQAm/8H8jz0xelGF8Ez8/2f++QAlil3OyQ2X46XQ7pf3K22h3N+pv0Drf1B/7i9TAdr8VU4euBxfrj8RHodnIOk3azLGGGOMMcYYY7/qLyp3vvT8eelffP7R83mCupyTq/Sn/xX/o+dzxhhjjDHGGGOMXXnPdu/x1GNJSW07/+uDav+trH960BT+p2bmwR8OvAe49BUFAP/mhADZA/mf3Iut/5FtpVw8df520YqzPoD/Ha38MwZX+AcTY4wxxhhj7E93+ab/t19XV6ogxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsB/pP/DqxK72PjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG2JX2/wIAAP//EQ77jw==")
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001c40)={{{@in=@multicast2, @in=@loopback}}, {{@in6=@ipv4={""/10, ""/2, @private}}, 0x0, @in6=@private1}}, &(0x7f0000004040)=0xe8)
r5 = socket$inet6_icmp(0xa, 0x2, 0x3a)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, <r6=>0x0}, &(0x7f0000000480)=0xc)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000900)={0x0, 0x0, <r7=>0x0}, &(0x7f0000000940)=0xc)
setresgid(r6, r7, r6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000004280)=@bpf_tracing={0x1a, 0x12, &(0x7f0000004080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x6}, [@map_idx_val={0x18, 0x9, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x33}}]}, &(0x7f0000001c00)='syzkaller\x00', 0x0, 0xe, &(0x7f0000004180)=""/14, 0x40f00, 0x11, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f00000041c0)={0xa, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x1b328, 0xffffffffffffffff, 0x6, 0x0, &(0x7f0000001b80)=[{0x1, 0x4, 0xa}, {0x1, 0x3, 0xa, 0x6}, {0x4, 0x3, 0xb, 0x3}, {0x3, 0x3, 0xb, 0x3}, {0x4, 0x3, 0x3, 0x6}, {0x1, 0x5, 0x2, 0x8}], 0x10, 0x5}, 0x94)
syz_open_dev$dvb_demux(&(0x7f0000004340), 0x997, 0x501000)
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f0000000200)=0x7)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000004380)={0x70ef, 0x4d, {0xffffffffffffffff}, {0xee00}, 0x0, 0xffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000280)={<r10=>0x0, 0x0, <r11=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r9, &(0x7f0000000700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r10, @ANYRES32=0x0, @ANYRES32=r11], 0x58, 0x40044}}], 0x1, 0x44)
r12 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
mmap(&(0x7f0000077000/0x4000)=nil, 0x4000, 0xb635773f07ebbeea, 0x12, r12, 0x29844000)
socket$alg(0x26, 0x5, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bec9ff10cd0631016016af02030109021b00010000000009046b00016a93f00009058803"], 0x0)

2.055026996s ago: executing program 1 (id=437):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000140)=""/96, 0x60)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6(0xa, 0x2, 0x0)
syz_open_procfs$pagemap(0x0, &(0x7f0000000100))
epoll_create1(0x0)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
pipe2(&(0x7f0000000040), 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)

1.89806939s ago: executing program 2 (id=438):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe2(&(0x7f0000000400)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80000)
splice(r1, 0x0, r3, 0x0, 0x38f9, 0x0)
fcntl$setstatus(r2, 0x4, 0x42c00)
fcntl$setstatus(r2, 0x4, 0x2400)
write(r0, 0x0, 0x0)

1.639097039s ago: executing program 1 (id=439):
r0 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2)
preadv2(r0, 0x0, 0x0, 0x6, 0x3, 0x4)

1.451101084s ago: executing program 1 (id=440):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x8480, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rename(0x0, &(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000, 0x3})
socket$qrtr(0x2a, 0x2, 0x0)
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000100)={0x28, 0x7, r1, r1, 0x800, 0x7002, 0x3ffe})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1})
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xc00, 0xe}, 0x80, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000814000580080001"], 0x5c}, 0x1, 0x0, 0x0, 0x20008800}, 0x0)
r7 = syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
ioctl$VIDIOC_G_TUNER(r7, 0xc054561d, &(0x7f0000000200)={0xffffffff, "63ff8791919a5b70f918110cd2e1f7fbd15ec7918e806deb14c0f82379b49307", 0x3, 0x1, 0x3, 0xcd5, 0x4, 0x4, 0x400, 0x4})
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="268fd64c41a98beb630fdb2d6569c3be21ad62c8e00cdf651d57e995a96ff63b06f4023e7d5589118167af1a4197358383d9ea7f87559cf2225737350cba569fe3be244efee8069fadbb2af9bab2e202e223ea54d9db99b84643e7a03090f277baf22b2673de5c0be131f84b1a2e384df5e1827fdceebf91ebc3", 0x7a, 0x4004004, &(0x7f0000000140)={0x2, 0x4e20, @rand_addr=0x64010102}, 0x10)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)

186.63312ms ago: executing program 1 (id=441):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, 0x0, 0x0)
ioctl$VIDIOC_G_SLICED_VBI_CAP(0xffffffffffffffff, 0xc0745645, &(0x7f0000000680)={0x9, [0x4, 0x9, 0x1d, 0x80, 0x120, 0x4f3b, 0x9, 0x5, 0x8, 0x0, 0x1a98, 0x401, 0x3, 0xd, 0x2, 0x8, 0xffff, 0x20, 0x200, 0x4, 0xf4a3, 0x8001, 0x1, 0x2, 0x2, 0x2f3, 0x52, 0x8, 0x2, 0x401, 0x9, 0xff, 0x4, 0x7, 0x724d, 0x3, 0xfff9, 0x7, 0x400, 0x41, 0x5, 0xfffd, 0x4f7, 0x82f8, 0x1, 0xfff6, 0xfff, 0x8], 0x1})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0}, 0x68)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x2f64, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0x2, 0x23f})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x13, 0x0, 0x0, &(0x7f0000000680)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000000)={0xb, 0x29, 0x2, {0x401}}, 0xb)
io_uring_enter(r1, 0x2217, 0x7721, 0x2c, 0x0, 0x0)
r2 = accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$USBDEVFS_SETINTERFACE(r2, 0x80085504, &(0x7f0000000100)={0x7, 0x400})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000540), 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x5, 0x0, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "22a5cfd43437ad6a"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x5, 0x40, 0x7fff, {0x77359400}, {}, {0x0, 0x1}, 0x1, @can={{0x4, 0x1}, 0x2, 0x2, 0x0, 0x0, "b9b86a5b3700"}}, 0x48}, 0x1, 0x0, 0x0, 0x40885}, 0x20000800)
sendmsg$can_bcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYBLOB="0000000001"], 0x48}, 0x2}, 0x0)
migrate_pages(0x0, 0x3, &(0x7f00000001c0)=0x7f, &(0x7f0000000300)=0xa)
syz_genetlink_get_family_id$team(&(0x7f0000000000), 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
r5 = fsopen(&(0x7f0000000040)='omfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='w\b\x003\x9d\xbc\a\xae\xcd\xbaqw\xbf\x9e\xbb\x9f\xbe\xa6\xa1I\x9d\xa4\x87\"\xbc\xa8.\xa8\xb7FN\x0f\xa9\xde<\x9a\xd4\x00\x80Gx\xad\xd0\xdd\x0e\x16\xef\xc6\x1a\xa7\xee\xd8\x7f6\x1d\x81\xdevy\xbc\xcc\xa7L\x7f\xb2\x98\a\x9c\x9e\xc5U\xad\x95\t\x90s\x85\x06\x90bk1\xa5\x8a5mXw\t\xb4rkj\xce\x0135\xf4b\x17-\xc5\xfb\xcb\xc5\xb9\x1b\xf6\xd6\\\xda\xcd\x16\xd1l\x97\xdd', &(0x7f0000000700)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

0s ago: executing program 2 (id=442):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)={0x1c, 0x0, 0x200, 0x70bd28, 0x6, {}, [@ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8880}, 0x20000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = socket$rxrpc(0x21, 0x2, 0xa)
sendmsg$inet(r2, 0x0, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r2, 0x110, 0x1, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
listen(r3, 0x0)
recvmmsg(r3, &(0x7f0000002cc0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000140)=""/61, 0x3d}], 0x1}, 0xf}], 0x1, 0x20, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r4, 0x0, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000006b113200000000008510000002000000850000000500000095003300000000009500a50500000000d7d86929483a930f2c70e28b47c5a00beaff8cc04257c275f6febbffdda80963ef4d4723307ab70fec7e371be2f916497c74ba124e7c3d0d0ef2d9fae6916f283d9ff87d9a2dede5f1e1268044b539e00f3a7136acde92c31d5db96585f6369be77641f27ead6e878ed48108d92d7bb3670ef346f9450f2c3f9c1430b8ec2a767823a16c87e1ff53172a95c85d3491c0fc93e6e3893d2674bfefa957b16f5de52eec758cf56a16bac6daa02a7ec3e5f1e8bb27"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70)
r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$int_in(r7, 0x5421, 0x0)
connect$bt_rfcomm(r7, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x6}, 0xa)
close(r7)

kernel console output (not intermixed with test programs):

[ T6315] CPU: 1 UID: 0 PID: 6315 Comm: syz.2.125 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  147.048385][ T6315] Tainted: [L]=SOFTLOCKUP
[  147.048390][ T6315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  147.048399][ T6315] Call Trace:
[  147.048406][ T6315]  <TASK>
[  147.048414][ T6315]  dump_stack_lvl+0xe8/0x150
[  147.048451][ T6315]  __f2fs_is_valid_blkaddr+0xeb2/0x1570
[  147.048482][ T6315]  sanity_check_extent_cache+0x1a3/0x620
[  147.048505][ T6315]  ? f2fs_sanity_check_inline_data+0x75/0x780
[  147.048531][ T6315]  ? set_nlink+0x5f/0x170
[  147.048554][ T6315]  f2fs_iget+0x3c82/0x5a70
[  147.048606][ T6315]  f2fs_lookup+0x3ff/0xa30
[  147.048631][ T6315]  ? reacquire_held_locks+0x104/0x190
[  147.048657][ T6315]  ? __pfx_f2fs_lookup+0x10/0x10
[  147.048691][ T6315]  ? rt_spin_unlock+0x160/0x200
[  147.048716][ T6315]  ? d_alloc+0x144/0x190
[  147.048731][ T6315]  lookup_one_qstr_excl+0x12d/0x360
[  147.048756][ T6315]  filename_create+0x20e/0x370
[  147.048776][ T6315]  ? __pfx_filename_create+0x10/0x10
[  147.048795][ T6315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.048813][ T6315]  filename_mkdirat+0xd2/0x520
[  147.048833][ T6315]  ? __pfx_filename_mkdirat+0x10/0x10
[  147.048851][ T6315]  ? do_getname+0x151/0x250
[  147.048869][ T6315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.048884][ T6315]  __se_sys_mkdirat+0x35/0x150
[  147.048900][ T6315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.048916][ T6315]  do_syscall_64+0x15f/0x560
[  147.048931][ T6315]  ? trace_irq_disable+0x3b/0x140
[  147.048946][ T6315]  ? clear_bhb_loop+0x40/0x90
[  147.048963][ T6315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.048977][ T6315] RIP: 0033:0x7f6b56cabcc7
[  147.048992][ T6315] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  147.049004][ T6315] RSP: 002b:00007f6b54efde58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  147.049020][ T6315] RAX: ffffffffffffffda RBX: 00007f6b54efdee0 RCX: 00007f6b56cabcc7
[  147.049030][ T6315] RDX: 00000000000001ff RSI: 0000200000002080 RDI: 00000000ffffff9c
[  147.049039][ T6315] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  147.049047][ T6315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000002080
[  147.049055][ T6315] R13: 00007f6b54efdea0 R14: 0000000000000000 R15: 0000000000000000
[  147.049077][ T6315]  </TASK>
[  147.049202][ T6315] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix
[  147.050309][ T6315] F2FS-fs (loop2): access invalid blkaddr:0
[  147.050333][ T6315] CPU: 1 UID: 0 PID: 6315 Comm: syz.2.125 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  147.050356][ T6315] Tainted: [L]=SOFTLOCKUP
[  147.050361][ T6315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  147.050369][ T6315] Call Trace:
[  147.050375][ T6315]  <TASK>
[  147.050382][ T6315]  dump_stack_lvl+0xe8/0x150
[  147.050407][ T6315]  __f2fs_is_valid_blkaddr+0xeb2/0x1570
[  147.050442][ T6315]  sanity_check_extent_cache+0x1a3/0x620
[  147.050464][ T6315]  ? f2fs_sanity_check_inline_data+0x75/0x780
[  147.050488][ T6315]  ? set_nlink+0x5f/0x170
[  147.050512][ T6315]  f2fs_iget+0x3c82/0x5a70
[  147.050560][ T6315]  f2fs_lookup+0x3ff/0xa30
[  147.050586][ T6315]  ? __pfx_f2fs_lookup+0x10/0x10
[  147.050609][ T6315]  ? __pfx_d_alloc_parallel+0x10/0x10
[  147.050633][ T6315]  ? __rt_spin_lock_init+0x3e/0x50
[  147.050658][ T6315]  ? __init_waitqueue_head+0xae/0x160
[  147.050681][ T6315]  __lookup_slow+0x2d2/0x440
[  147.050708][ T6315]  ? __pfx___lookup_slow+0x10/0x10
[  147.050742][ T6315]  ? down_read+0x156/0x200
[  147.050760][ T6315]  ? __pfx_down_read+0x10/0x10
[  147.050782][ T6315]  ? lookup_fast+0x1a3/0x5b0
[  147.050809][ T6315]  lookup_slow+0x53/0x70
[  147.050831][ T6315]  path_lookupat+0x3f5/0x8c0
[  147.050867][ T6315]  filename_lookup+0x256/0x5d0
[  147.050893][ T6315]  ? __pfx_filename_lookup+0x10/0x10
[  147.050935][ T6315]  ? strncpy_from_user+0x150/0x2b0
[  147.050961][ T6315]  ? do_getname+0x151/0x250
[  147.050984][ T6315]  user_path_at+0x40/0x160
[  147.051002][ T6315]  __se_sys_mount+0x2dc/0x420
[  147.051029][ T6315]  ? __pfx___se_sys_mount+0x10/0x10
[  147.051058][ T6315]  ? __x64_sys_mount+0x20/0xc0
[  147.051078][ T6315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.051097][ T6315]  do_syscall_64+0x15f/0x560
[  147.051116][ T6315]  ? trace_irq_disable+0x3b/0x140
[  147.051134][ T6315]  ? clear_bhb_loop+0x40/0x90
[  147.051172][ T6315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.051189][ T6315] RIP: 0033:0x7f6b56cace59
[  147.051205][ T6315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  147.051226][ T6315] RSP: 002b:00007f6b54efe028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  147.051245][ T6315] RAX: ffffffffffffffda RBX: 00007f6b56f25fa0 RCX: 00007f6b56cace59
[  147.051258][ T6315] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 0000000000000000
[  147.051270][ T6315] RBP: 00007f6b56d42d6f R08: 0000200000000100 R09: 0000000000000000
[  147.051281][ T6315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  147.051290][ T6315] R13: 00007f6b56f26038 R14: 00007f6b56f25fa0 R15: 00007ffdf8477298
[  147.051318][ T6315]  </TASK>
[  147.051389][ T6315] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix
[  147.101277][ T6317] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  147.216559][ T5740] usb 2-1: ath9k_htc: USB layer deinitialized
[  147.626765][   T10] usb 2-1: USB disconnect, device number 3
[  148.413227][ T6333] netlink: 'syz.3.132': attribute type 5 has an invalid length.
[  148.413246][ T6333] netlink: 'syz.3.132': attribute type 4 has an invalid length.
[  148.775061][ T6338] loop3: detected capacity change from 0 to 40427
[  148.776102][ T6338] F2FS-fs: heap/no_heap options were deprecated
[  148.823125][ T6338] F2FS-fs (loop3): build fault injection rate: 19
[  148.823146][ T6338] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  148.837279][ T6338] F2FS-fs (loop3): invalid crc value
[  148.841124][ T6336] PKCS7: Unknown OID: [4] 0.38.11253.6554(bad)
[  148.841136][ T6336] PKCS7: Only support pkcs7_signedData type
[  148.871684][ T6338] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  148.907255][ T1007] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  148.951190][ T6338] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  148.967253][ T6338] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  148.976176][ T6338] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  149.000399][ T6338] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  149.004535][ T6338] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of vfs_getxattr_alloc+0x42e/0x590
[  149.015554][ T6338] netlink: 24 bytes leftover after parsing attributes in process `syz.3.133'.
[  149.196135][ T1007] usb 2-1: config index 0 descriptor too short (expected 65063, got 72)
[  149.214206][ T1007] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  149.214234][ T1007] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.214252][ T1007] usb 2-1: Product: syz
[  149.214264][ T1007] usb 2-1: Manufacturer: syz
[  149.214283][ T1007] usb 2-1: SerialNumber: syz
[  149.288276][ T5624] syz-executor: attempt to access beyond end of device
[  149.288276][ T5624] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  149.303193][ T5349] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  149.340962][ T1007] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  149.385726][ T5624] CPU: 0 UID: 0 PID: 5624 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  149.385755][ T5624] Tainted: [L]=SOFTLOCKUP
[  149.385760][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  149.385769][ T5624] Call Trace:
[  149.385776][ T5624]  <TASK>
[  149.385784][ T5624]  dump_stack_lvl+0xe8/0x150
[  149.385812][ T5624]  f2fs_stop_checkpoint+0x3cd/0x590
[  149.385849][ T5624]  f2fs_write_end_io+0x1274/0x1740
[  149.385891][ T5624]  __submit_merged_bio+0x256/0x6a0
[  149.385918][ T5624]  __submit_merged_write_cond+0x3c9/0x4e0
[  149.385953][ T5624]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  149.386003][ T5624]  f2fs_write_data_pages+0x287e/0x34f0
[  149.386069][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  149.386141][ T5624]  ? do_raw_spin_lock+0x12b/0x2f0
[  149.386172][ T5624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  149.386192][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  149.386211][ T5624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  149.386230][ T5624]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  149.386253][ T5624]  ? reacquire_held_locks+0x104/0x190
[  149.386274][ T5624]  ? rt_spin_lock+0x1e0/0x400
[  149.386305][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  149.386332][ T5624]  ? rt_spin_unlock+0x160/0x200
[  149.386354][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  149.386376][ T5624]  do_writepages+0x32e/0x550
[  149.386402][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  149.386426][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  149.386459][ T5624]  filemap_fdatawrite+0x1ec/0x2f0
[  149.386488][ T5624]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  149.386509][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  149.386564][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  149.386596][ T5624]  ? rt_spin_unlock+0x160/0x200
[  149.386622][ T5624]  f2fs_sync_dirty_inodes+0x30e/0x830
[  149.386659][ T5624]  f2fs_write_checkpoint+0x9df/0x26a0
[  149.386679][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  149.386730][ T5624]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  149.386806][ T5624]  kill_f2fs_super+0x314/0x730
[  149.386832][ T5624]  ? __pfx_kill_f2fs_super+0x10/0x10
[  149.386863][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  149.386895][ T5624]  deactivate_locked_super+0xbc/0x130
[  149.386922][ T5624]  cleanup_mnt+0x437/0x4d0
[  149.386940][ T5624]  ? _raw_spin_unlock_irq+0x23/0x50
[  149.386962][ T5624]  task_work_run+0x1d9/0x270
[  149.386987][ T5624]  ? __pfx_task_work_run+0x10/0x10
[  149.387024][ T5624]  exit_to_user_mode_loop+0xf3/0x4d0
[  149.387042][ T5624]  ? rcu_is_watching+0x15/0xb0
[  149.387065][ T5624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.387085][ T5624]  do_syscall_64+0x33e/0x560
[  149.387104][ T5624]  ? trace_irq_disable+0x3b/0x140
[  149.387122][ T5624]  ? clear_bhb_loop+0x40/0x90
[  149.387144][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.387162][ T5624] RIP: 0033:0x7facfc78e097
[  149.387179][ T5624] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  149.387192][ T5624] RSP: 002b:00007ffc1402bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  149.387211][ T5624] RAX: 0000000000000000 RBX: 00007facfc8221ca RCX: 00007facfc78e097
[  149.387223][ T5624] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1402bc70
[  149.387233][ T5624] RBP: 00007ffc1402bc70 R08: 00007ffc1402cc70 R09: 00000000ffffffff
[  149.387245][ T5624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1402cd00
[  149.387256][ T5624] R13: 00007facfc8221ca R14: 00000000000245d3 R15: 00007ffc1402cd40
[  149.387284][ T5624]  </TASK>
[  149.405521][ T5624] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  149.509306][ T5349] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  149.509332][ T5349] usb 5-1: config 0 has no interface number 0
[  149.572855][ T5349] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  149.572883][ T5349] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.572900][ T5349] usb 5-1: Product: syz
[  149.572912][ T5349] usb 5-1: Manufacturer: syz
[  149.572925][ T5349] usb 5-1: SerialNumber: syz
[  150.278167][ T6355] Process accounting resumed
[  150.798610][ T5349] usb 5-1: config 0 descriptor??
[  150.995338][ T6354] overlayfs: failed to resolve './file2': -2
[  151.014807][ T5740] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  151.218697][ T5948] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  151.268072][ T5740] usb 3-1: config index 0 descriptor too short (expected 65063, got 72)
[  151.294219][ T5740] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  151.294248][ T5740] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.294265][ T5740] usb 3-1: Product: syz
[  151.294276][ T5740] usb 3-1: Manufacturer: syz
[  151.294286][ T5740] usb 3-1: SerialNumber: syz
[  151.364245][ T5740] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  151.377931][   T10] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  151.931800][ T5349] uvcvideo 5-1:0.64: Found UVC 0.08 device syz (046d:0823)
[  151.931884][ T5349] uvcvideo 5-1:0.64: No valid video chain found.
[  152.523142][   T10] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  153.011053][ T5948] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  153.924416][ T6358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.924732][ T6358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.436853][ T5740] usb 3-1: USB disconnect, device number 3
[  157.503911][    C0] dummy_hcd dummy_hcd.2: timer fired with no URBs pending?
[  158.059734][ T5349] usb 5-1: USB disconnect, device number 3
[  160.536817][ T5948] ath9k_htc: Failed to initialize the device
[  160.576370][   T10] ath9k_htc: Failed to initialize the device
[  160.722950][ T5740] usb 3-1: ath9k_htc: USB layer deinitialized
[  161.799804][ T5755] usb 2-1: USB disconnect, device number 4
[  161.970097][ T5755] usb 2-1: ath9k_htc: USB layer deinitialized
[  163.169570][ T6370] loop4: detected capacity change from 0 to 1024
[  163.203387][ T6384] FAULT_INJECTION: forcing a failure.
[  163.203387][ T6384] name failslab, interval 1, probability 0, space 0, times 1
[  163.203421][ T6384] CPU: 1 UID: 0 PID: 6384 Comm: syz.3.146 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  163.203445][ T6384] Tainted: [L]=SOFTLOCKUP
[  163.203450][ T6384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  163.203460][ T6384] Call Trace:
[  163.203467][ T6384]  <TASK>
[  163.203474][ T6384]  dump_stack_lvl+0xe8/0x150
[  163.203500][ T6384]  should_fail_ex+0x46b/0x600
[  163.203529][ T6384]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  163.203548][ T6384]  should_failslab+0xa8/0x100
[  163.203568][ T6384]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  163.203585][ T6384]  kmem_cache_alloc_lru_noprof+0x8b/0x680
[  163.203603][ T6384]  ? shmem_alloc_inode+0x28/0x40
[  163.203620][ T6384]  ? __lock_acquire+0x6b5/0x2d10
[  163.203641][ T6384]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  163.203659][ T6384]  shmem_alloc_inode+0x28/0x40
[  163.203676][ T6384]  alloc_inode+0x6a/0x1b0
[  163.203700][ T6384]  new_inode+0x22/0x170
[  163.203726][ T6384]  shmem_get_inode+0x3da/0xf70
[  163.203752][ T6384]  ? __pfx_shmem_get_inode+0x10/0x10
[  163.203771][ T6384]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  163.203792][ T6384]  ? lockdep_hardirqs_on+0x7a/0x110
[  163.203811][ T6384]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  163.203832][ T6384]  __shmem_file_setup+0x20b/0x370
[  163.203847][ T6384]  ? rt_spin_lock+0x1e0/0x400
[  163.203872][ T6384]  ? __pfx___shmem_file_setup+0x10/0x10
[  163.203890][ T6384]  ? rt_spin_unlock+0x14f/0x200
[  163.203917][ T6384]  memfd_alloc_file+0x99/0x570
[  163.203944][ T6384]  ? __pfx_memfd_alloc_file+0x10/0x10
[  163.203976][ T6384]  __se_sys_memfd_create+0x329/0x420
[  163.203998][ T6384]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.204015][ T6384]  do_syscall_64+0x15f/0x560
[  163.204034][ T6384]  ? clear_bhb_loop+0x40/0x90
[  163.204053][ T6384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.204069][ T6384] RIP: 0033:0x7facfc78ce59
[  163.204084][ T6384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  163.204096][ T6384] RSP: 002b:00007facfa9dde08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  163.204115][ T6384] RAX: ffffffffffffffda RBX: 0000000000005d0c RCX: 00007facfc78ce59
[  163.204127][ T6384] RDX: 00007facfa9ddee0 RSI: 0000000000000000 RDI: 00007facfc822f4f
[  163.204146][ T6384] RBP: 0000200000005e00 R08: 00000000ffffffff R09: 0000000000000000
[  163.204157][ T6384] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000005d80
[  163.204167][ T6384] R13: 00007facfa9ddee0 R14: 00007facfa9ddea0 R15: 0000200000005dc0
[  163.204195][ T6384]  </TASK>
[  163.212688][ T6370] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  164.134089][ T6389] loop3: detected capacity change from 0 to 40427
[  164.135245][ T6389] F2FS-fs: heap/no_heap options were deprecated
[  164.408692][ T6389] F2FS-fs (loop3): build fault injection rate: 19
[  164.408717][ T6389] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  164.414163][ T6389] F2FS-fs (loop3): invalid crc value
[  164.475450][ T6389] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  164.573853][ T6389] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  164.582608][ T6389] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  164.592214][ T6389] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  164.654846][ T6389] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  164.662022][ T6389] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of vfs_getxattr_alloc+0x42e/0x590
[  164.670804][ T6389] netlink: 24 bytes leftover after parsing attributes in process `syz.3.147'.
[  165.319165][ T6406] netlink: 4 bytes leftover after parsing attributes in process `syz.2.141'.
[  165.809052][ T6399] overlayfs: failed to resolve './file2': -2
[  167.462967][ T6416] netlink: 24 bytes leftover after parsing attributes in process `syz.0.153'.
[  167.474419][ T6423] loop4: detected capacity change from 0 to 512
[  167.620951][ T6423] EXT4-fs: error -4 creating inode table initialization thread
[  167.621742][ T6423] EXT4-fs (loop4): mount failed
[  167.667244][ T5624] syz-executor: attempt to access beyond end of device
[  167.667244][ T5624] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  167.670142][ T5624] CPU: 1 UID: 0 PID: 5624 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  167.670170][ T5624] Tainted: [L]=SOFTLOCKUP
[  167.670177][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  167.670186][ T5624] Call Trace:
[  167.670192][ T5624]  <TASK>
[  167.670200][ T5624]  dump_stack_lvl+0xe8/0x150
[  167.670228][ T5624]  f2fs_stop_checkpoint+0x3cd/0x590
[  167.670260][ T5624]  f2fs_write_end_io+0x1274/0x1740
[  167.670302][ T5624]  __submit_merged_bio+0x256/0x6a0
[  167.670328][ T5624]  __submit_merged_write_cond+0x3c9/0x4e0
[  167.670363][ T5624]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  167.670410][ T5624]  f2fs_write_data_pages+0x287e/0x34f0
[  167.670461][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.670527][ T5624]  ? do_raw_spin_lock+0x12b/0x2f0
[  167.670555][ T5624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  167.670575][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  167.670593][ T5624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  167.670607][ T5624]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  167.670630][ T5624]  ? reacquire_held_locks+0x104/0x190
[  167.670651][ T5624]  ? rt_spin_lock+0x1e0/0x400
[  167.670679][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  167.670707][ T5624]  ? rt_spin_unlock+0x160/0x200
[  167.670728][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.670748][ T5624]  do_writepages+0x32e/0x550
[  167.670774][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  167.670799][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  167.670831][ T5624]  filemap_fdatawrite+0x1ec/0x2f0
[  167.670869][ T5624]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  167.670891][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  167.670941][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  167.670972][ T5624]  ? rt_spin_unlock+0x160/0x200
[  167.670997][ T5624]  f2fs_sync_dirty_inodes+0x30e/0x830
[  167.671034][ T5624]  f2fs_write_checkpoint+0x9df/0x26a0
[  167.671054][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  167.671104][ T5624]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  167.671184][ T5624]  kill_f2fs_super+0x314/0x730
[  167.671213][ T5624]  ? __pfx_kill_f2fs_super+0x10/0x10
[  167.671245][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  167.671277][ T5624]  deactivate_locked_super+0xbc/0x130
[  167.671305][ T5624]  cleanup_mnt+0x437/0x4d0
[  167.671324][ T5624]  ? _raw_spin_unlock_irq+0x23/0x50
[  167.671346][ T5624]  task_work_run+0x1d9/0x270
[  167.671371][ T5624]  ? __pfx_task_work_run+0x10/0x10
[  167.671403][ T5624]  exit_to_user_mode_loop+0xf3/0x4d0
[  167.671422][ T5624]  ? rcu_is_watching+0x15/0xb0
[  167.671445][ T5624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.671465][ T5624]  do_syscall_64+0x33e/0x560
[  167.671484][ T5624]  ? trace_irq_disable+0x3b/0x140
[  167.671502][ T5624]  ? clear_bhb_loop+0x40/0x90
[  167.671524][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.671541][ T5624] RIP: 0033:0x7facfc78e097
[  167.671560][ T5624] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  167.671574][ T5624] RSP: 002b:00007ffc1402bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  167.671593][ T5624] RAX: 0000000000000000 RBX: 00007facfc8221ca RCX: 00007facfc78e097
[  167.671605][ T5624] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1402bc70
[  167.671616][ T5624] RBP: 00007ffc1402bc70 R08: 00007ffc1402cc70 R09: 00000000ffffffff
[  167.671627][ T5624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1402cd00
[  167.671636][ T5624] R13: 00007facfc8221ca R14: 00000000000286fd R15: 00007ffc1402cd40
[  167.671662][ T5624]  </TASK>
[  167.671776][ T5624] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  167.825715][ T6433] FAULT_INJECTION: forcing a failure.
[  167.825715][ T6433] name failslab, interval 1, probability 0, space 0, times 0
[  167.825747][ T6433] CPU: 0 UID: 0 PID: 6433 Comm: syz.1.157 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  167.825771][ T6433] Tainted: [L]=SOFTLOCKUP
[  167.825777][ T6433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  167.825786][ T6433] Call Trace:
[  167.825793][ T6433]  <TASK>
[  167.825800][ T6433]  dump_stack_lvl+0xe8/0x150
[  167.825826][ T6433]  should_fail_ex+0x46b/0x600
[  167.825856][ T6433]  should_failslab+0xa8/0x100
[  167.825877][ T6433]  kmem_cache_alloc_lru_noprof+0x8b/0x680
[  167.825894][ T6433]  ? __d_alloc+0x37/0x6f0
[  167.825914][ T6433]  __d_alloc+0x37/0x6f0
[  167.825929][ T6433]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  167.825957][ T6433]  d_alloc_pseudo+0x21/0xc0
[  167.825974][ T6433]  alloc_file_pseudo+0xdd/0x240
[  167.825996][ T6433]  ? rt_spin_unlock+0x160/0x200
[  167.826020][ T6433]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  167.826040][ T6433]  ? alloc_fd+0x679/0x6f0
[  167.826079][ T6433]  anon_inode_getfd+0xc8/0x200
[  167.826103][ T6433]  __se_sys_landlock_create_ruleset+0x3c4/0x4b0
[  167.826131][ T6433]  ? __pfx___se_sys_landlock_create_ruleset+0x10/0x10
[  167.826166][ T6433]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.826185][ T6433]  do_syscall_64+0x15f/0x560
[  167.826202][ T6433]  ? trace_irq_disable+0x3b/0x140
[  167.826220][ T6433]  ? clear_bhb_loop+0x40/0x90
[  167.826241][ T6433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.826257][ T6433] RIP: 0033:0x7fd77f94ce59
[  167.826272][ T6433] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  167.826284][ T6433] RSP: 002b:00007fd77dba6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bc
[  167.826300][ T6433] RAX: ffffffffffffffda RBX: 00007fd77fbc5fa0 RCX: 00007fd77f94ce59
[  167.826312][ T6433] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000200000000140
[  167.826322][ T6433] RBP: 00007fd77dba6090 R08: 0000000000000000 R09: 0000000000000000
[  167.826332][ T6433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.826341][ T6433] R13: 00007fd77fbc6038 R14: 00007fd77fbc5fa0 R15: 00007ffc048fe3e8
[  167.826366][ T6433]  </TASK>
[  168.345965][ T6437] loop4: detected capacity change from 0 to 512
[  168.361247][ T6443] netlink: 152 bytes leftover after parsing attributes in process `syz.1.163'.
[  168.700248][ T6454] netlink: 564 bytes leftover after parsing attributes in process `syz.2.162'.
[  168.802061][ T6449] loop1: detected capacity change from 0 to 40427
[  168.803183][ T6449] F2FS-fs: heap/no_heap options were deprecated
[  168.823313][ T6449] F2FS-fs (loop1): build fault injection rate: 19
[  168.823333][ T6449] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  168.845323][ T6449] F2FS-fs (loop1): invalid crc value
[  168.854067][ T6449] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  168.921950][ T6449] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  168.932009][ T6449] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  168.955789][ T6449] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  168.988497][ T6449] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  168.993644][ T6449] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xda0
[  168.998904][   T38] audit: type=1804 audit(1779290847.262:3): pid=6449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.164" name="/newroot/34/bus/bus" dev="loop1" ino=13 res=1 errno=0
[  169.003466][ T6449] F2FS-fs (loop1): inject checkpoint error in f2fs_balance_fs of __write_node_folio+0x1551/0x1c70
[  169.008861][ T6449] CPU: 0 UID: 0 PID: 6449 Comm: syz.1.164 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  169.008896][ T6449] Tainted: [L]=SOFTLOCKUP
[  169.008902][ T6449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  169.008912][ T6449] Call Trace:
[  169.008920][ T6449]  <TASK>
[  169.008928][ T6449]  dump_stack_lvl+0xe8/0x150
[  169.008957][ T6449]  f2fs_stop_checkpoint+0x3cd/0x590
[  169.008990][ T6449]  f2fs_balance_fs+0x346/0x870
[  169.009011][ T6449]  ? __write_node_folio+0x1551/0x1c70
[  169.009036][ T6449]  ? __pfx_f2fs_balance_fs+0x10/0x10
[  169.009053][ T6449]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  169.009073][ T6449]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  169.009102][ T6449]  ? trace_lock_elapsed_time_end+0xf3/0xbc0
[  169.009124][ T6449]  ? f2fs_up_read_trace+0x1b/0x40
[  169.009145][ T6449]  ? folio_unlock+0x101/0x160
[  169.009166][ T6449]  __write_node_folio+0x1551/0x1c70
[  169.009207][ T6449]  ? __pfx___write_node_folio+0x10/0x10
[  169.009249][ T6449]  ? folio_clear_dirty_for_io+0x1d4/0x700
[  169.009277][ T6449]  ? folio_clear_dirty_for_io+0x1d4/0x700
[  169.009300][ T6449]  ? folio_clear_dirty_for_io+0x56a/0x700
[  169.009324][ T6449]  ? folio_clear_dirty_for_io+0x1d4/0x700
[  169.009351][ T6449]  f2fs_fsync_node_pages+0x1620/0x2090
[  169.009390][ T6449]  ? add_lock_to_list+0x61/0x100
[  169.009412][ T6449]  ? check_noncircular+0xda/0x150
[  169.009441][ T6449]  ? __pfx_f2fs_fsync_node_pages+0x10/0x10
[  169.009464][ T6449]  ? __lock_acquire+0x146e/0x2d10
[  169.009507][ T6449]  ? do_raw_spin_lock+0x12b/0x2f0
[  169.009570][ T6449]  f2fs_do_sync_file+0x1283/0x19e0
[  169.009597][ T6449]  ? __pfx_f2fs_do_sync_file+0x10/0x10
[  169.009614][ T6449]  ? __lock_acquire+0x146e/0x2d10
[  169.009664][ T6449]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  169.009684][ T6449]  ? sync_lazytime+0x5e/0x4c0
[  169.009709][ T6449]  ? vfs_fsync_range+0x143/0x150
[  169.009725][ T6449]  ? f2fs_sync_file+0xec/0x160
[  169.009767][ T6449]  f2fs_file_write_iter+0x746/0x24c0
[  169.009806][ T6449]  ? vfs_write+0x22d/0xba0
[  169.009826][ T6449]  ? __pfx_f2fs_file_write_iter+0x10/0x10
[  169.009863][ T6449]  vfs_write+0x629/0xba0
[  169.009889][ T6449]  ? __pfx_vfs_write+0x10/0x10
[  169.009910][ T6449]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  169.009930][ T6449]  ? lockdep_hardirqs_on+0x7a/0x110
[  169.009950][ T6449]  ? mutex_lock_nested+0x152/0x1d0
[  169.009973][ T6449]  ? fdget_pos+0x252/0x320
[  169.010004][ T6449]  ksys_write+0x156/0x270
[  169.010024][ T6449]  ? __pfx_ksys_write+0x10/0x10
[  169.010050][ T6449]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.010070][ T6449]  do_syscall_64+0x15f/0x560
[  169.010088][ T6449]  ? trace_irq_disable+0x3b/0x140
[  169.010106][ T6449]  ? clear_bhb_loop+0x40/0x90
[  169.010128][ T6449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.010145][ T6449] RIP: 0033:0x7fd77f94ce59
[  169.010164][ T6449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  169.010178][ T6449] RSP: 002b:00007fd77dba6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  169.010197][ T6449] RAX: ffffffffffffffda RBX: 00007fd77fbc5fa0 RCX: 00007fd77f94ce59
[  169.010210][ T6449] RDX: 000000000000001c RSI: 0000200000000280 RDI: 0000000000000008
[  169.010222][ T6449] RBP: 00007fd77f9e2d6f R08: 0000000000000000 R09: 0000000000000000
[  169.010233][ T6449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  169.010244][ T6449] R13: 00007fd77fbc6038 R14: 00007fd77fbc5fa0 R15: 00007ffc048fe3e8
[  169.010273][ T6449]  </TASK>
[  169.010294][ T6449] F2FS-fs (loop1): Stopped filesystem due to reason: 1
[  169.032843][ T6449] netlink: 24 bytes leftover after parsing attributes in process `syz.1.164'.
[  169.532418][ T6461] evm: overlay not supported
[  169.683632][ T6464] /dev/sg0: Can't lookup blockdev
[  169.734770][ T6464] loop2: detected capacity change from 0 to 512
[  169.837689][ T6464] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  170.078470][ T6464] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters
[  170.095340][    C0] EXT4-fs (loop2): error count since last fsck: 1
[  170.095366][    C0] EXT4-fs (loop2): initial error at time 1779290848: ext4_mb_generate_buddy:1317
[  170.095387][    C0] EXT4-fs (loop2): last error at time 1779290848: ext4_mb_generate_buddy:1317
[  170.096639][ T6464] Quota error (device loop2): write_blk: dquota write failed
[  170.096656][ T6464] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5
[  170.096775][ T6464] Quota error (device loop2): write_blk: dquota write failed
[  170.105528][ T6464] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[  170.116020][ T6464] EXT4-fs error (device loop2): ext4_acquire_dquot:7034: comm syz.2.167: Failed to acquire dquot type 1
[  170.116049][ T6464] loop2: lost filesystem error report for type 5 error -28
[  170.242833][ T6464] EXT4-fs (loop2): 1 truncate cleaned up
[  170.266918][ T6464] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.297823][ T6464] ext4: Unknown parameter 'bfs'
[  170.529523][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.4.169'.
[  170.534427][ T5623] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.846965][ T6482] loop4: detected capacity change from 0 to 4096
[  170.847617][ T6482] EXT4-fs: inline encryption not supported
[  170.847667][ T6482] ext4: Unknown parameter 'fowner'
[  170.965352][ T6490] loop2: detected capacity change from 0 to 1024
[  170.985321][ T6490] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  171.579554][ T6497] loop3: detected capacity change from 0 to 2048
[  172.024105][ T6497] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  172.517272][ T6522] netlink: 8 bytes leftover after parsing attributes in process `syz.0.179'.
[  172.838915][ T6525] loop2: detected capacity change from 0 to 256
[  172.840261][ T6525] vfat: Unknown parameter 'iocharsetiso8859-3'
[  173.507465][ T6534] 9p: Bad value for 'rfdno'
[  173.763155][ T5740] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  173.810409][ T6531] netlink: 8 bytes leftover after parsing attributes in process `syz.4.182'.
[  173.832244][ T6529] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  174.019617][ T5740] usb 3-1: config 0 has an invalid interface number: 69 but max is 0
[  174.019643][ T5740] usb 3-1: config 0 has no interface number 0
[  174.019684][ T5740] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  174.019705][ T5740] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  174.027827][ T5740] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  174.027852][ T5740] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.027870][ T5740] usb 3-1: Product: syz
[  174.027882][ T5740] usb 3-1: Manufacturer: syz
[  174.027894][ T5740] usb 3-1: SerialNumber: syz
[  174.188292][ T5740] usb 3-1: config 0 descriptor??
[  174.188965][ T6534] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  174.211621][ T5740] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  174.426754][ T6541] loop3: detected capacity change from 0 to 1024
[  174.514480][ T6541] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  175.061423][ T5740] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  175.469740][ T6552] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  176.125472][ T5948] usb 3-1: USB disconnect, device number 4
[  176.187466][ T5948] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  176.188675][ T5948] cyberjack 3-1:0.69: device disconnected
[  176.341104][ T6561] FAULT_INJECTION: forcing a failure.
[  176.341104][ T6561] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.341136][ T6561] CPU: 0 UID: 0 PID: 6561 Comm: syz.0.189 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  176.341163][ T6561] Tainted: [L]=SOFTLOCKUP
[  176.341169][ T6561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  176.341179][ T6561] Call Trace:
[  176.341185][ T6561]  <TASK>
[  176.341193][ T6561]  dump_stack_lvl+0xe8/0x150
[  176.341219][ T6561]  should_fail_ex+0x46b/0x600
[  176.341250][ T6561]  _copy_from_user+0x2d/0xb0
[  176.341271][ T6561]  lo_ioctl+0x773/0x1fc0
[  176.341295][ T6561]  ? lock_acquire+0x106/0x350
[  176.341321][ T6561]  ? __pfx_lo_ioctl+0x10/0x10
[  176.341342][ T6561]  ? ktime_get+0x45/0x220
[  176.341361][ T6561]  ? ktime_get+0x45/0x220
[  176.341378][ T6561]  ? seqcount_lockdep_reader_access+0xd4/0x100
[  176.341397][ T6561]  ? ktime_get+0x1f5/0x220
[  176.341415][ T6561]  ? lapic_next_event+0x11/0x20
[  176.341436][ T6561]  ? clockevents_program_event+0x491/0x630
[  176.341462][ T6561]  ? __lock_acquire+0x6b5/0x2d10
[  176.341488][ T6561]  ? __lock_acquire+0x6b5/0x2d10
[  176.341509][ T6561]  ? __lock_acquire+0x6b5/0x2d10
[  176.341534][ T6561]  ? __lock_acquire+0x6b5/0x2d10
[  176.341555][ T6561]  ? __lock_acquire+0x6b5/0x2d10
[  176.341582][ T6561]  ? unwind_next_frame+0xa6/0x2550
[  176.341618][ T6561]  ? unwind_next_frame+0xa6/0x2550
[  176.341643][ T6561]  ? is_bpf_text_address+0x26/0x2b0
[  176.341673][ T6561]  ? is_bpf_text_address+0x26/0x2b0
[  176.341697][ T6561]  ? is_bpf_text_address+0x292/0x2b0
[  176.341716][ T6561]  ? is_bpf_text_address+0x26/0x2b0
[  176.341737][ T6561]  ? kernel_text_address+0xa5/0xe0
[  176.341759][ T6561]  ? __kernel_text_address+0xd/0x30
[  176.341779][ T6561]  ? unwind_get_return_address+0x4d/0x90
[  176.341802][ T6561]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  176.341818][ T6561]  ? arch_stack_walk+0xfb/0x150
[  176.341850][ T6561]  ? stack_trace_save+0xa9/0x100
[  176.341866][ T6561]  ? __pfx_stack_trace_save+0x10/0x10
[  176.341881][ T6561]  ? kasan_save_free_info+0x46/0x50
[  176.341905][ T6561]  ? stack_depot_save_flags+0x33/0x810
[  176.341933][ T6561]  ? kasan_save_track+0x4f/0x80
[  176.341956][ T6561]  ? kasan_save_track+0x3e/0x80
[  176.341978][ T6561]  ? kasan_save_free_info+0x46/0x50
[  176.341996][ T6561]  ? __kasan_slab_free+0x5c/0x80
[  176.342011][ T6561]  ? kfree+0x1c5/0x6c0
[  176.342033][ T6561]  ? tomoyo_path_number_perm+0x501/0x630
[  176.342051][ T6561]  ? security_file_ioctl+0xc3/0x2a0
[  176.342067][ T6561]  ? __se_sys_ioctl+0x47/0x170
[  176.342084][ T6561]  ? do_syscall_64+0x15f/0x560
[  176.342102][ T6561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.342125][ T6561]  ? __asan_memset+0x22/0x50
[  176.342146][ T6561]  ? blk_get_meta_cap+0x16d/0x7a0
[  176.342174][ T6561]  ? __pfx_blk_get_meta_cap+0x10/0x10
[  176.342206][ T6561]  ? blkdev_common_ioctl+0x14b7/0x3240
[  176.342237][ T6561]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  176.342263][ T6561]  ? kasan_quarantine_put+0xbb/0x1f0
[  176.342294][ T6561]  ? tomoyo_path_number_perm+0x219/0x630
[  176.342314][ T6561]  ? tomoyo_path_number_perm+0x219/0x630
[  176.342336][ T6561]  ? do_vfs_ioctl+0x117b/0x1540
[  176.342390][ T6561]  ? __pfx_lo_ioctl+0x10/0x10
[  176.342414][ T6561]  blkdev_ioctl+0x5e6/0x750
[  176.342440][ T6561]  ? __pfx_blkdev_ioctl+0x10/0x10
[  176.342462][ T6561]  ? __fget_files+0x2a/0x420
[  176.342488][ T6561]  ? bpf_lsm_file_ioctl+0x9/0x20
[  176.342508][ T6561]  ? __pfx_blkdev_ioctl+0x10/0x10
[  176.342530][ T6561]  __se_sys_ioctl+0xff/0x170
[  176.342548][ T6561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.342566][ T6561]  do_syscall_64+0x15f/0x560
[  176.342584][ T6561]  ? trace_irq_disable+0x3b/0x140
[  176.342608][ T6561]  ? clear_bhb_loop+0x40/0x90
[  176.342629][ T6561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.342646][ T6561] RIP: 0033:0x7f0b55cbce59
[  176.342662][ T6561] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  176.342676][ T6561] RSP: 002b:00007f0b53f16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  176.342695][ T6561] RAX: ffffffffffffffda RBX: 00007f0b55f35fa0 RCX: 00007f0b55cbce59
[  176.342707][ T6561] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003
[  176.342718][ T6561] RBP: 00007f0b53f16090 R08: 0000000000000000 R09: 0000000000000000
[  176.342729][ T6561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.342739][ T6561] R13: 00007f0b55f36038 R14: 00007f0b55f35fa0 R15: 00007ffeeb9c6e38
[  176.342768][ T6561]  </TASK>
[  176.830037][ T6570] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  177.906082][ T6579] loop4: detected capacity change from 0 to 512
[  177.995878][ T6579] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.996049][ T6579] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.150537][ T5622] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.777388][ T6600] netlink: 8 bytes leftover after parsing attributes in process `syz.3.196'.
[  179.308316][ T5349] kernel read not supported for file bpf-prog (pid: 5349 comm: kworker/1:3)
[  179.772264][ T6612] loop2: detected capacity change from 0 to 512
[  180.479880][ T6622] loop3: detected capacity change from 0 to 256
[  180.485341][ T6622] vfat: Unknown parameter 'iocharsetiso8859-3'
[  181.227751][ T6629] FAULT_INJECTION: forcing a failure.
[  181.227751][ T6629] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  181.227847][ T6629] CPU: 1 UID: 0 PID: 6629 Comm: syz.4.202 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  181.227872][ T6629] Tainted: [L]=SOFTLOCKUP
[  181.227878][ T6629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  181.227888][ T6629] Call Trace:
[  181.227895][ T6629]  <TASK>
[  181.227903][ T6629]  dump_stack_lvl+0xe8/0x150
[  181.227930][ T6629]  should_fail_ex+0x46b/0x600
[  181.227961][ T6629]  _copy_from_user+0x2d/0xb0
[  181.227983][ T6629]  __sys_connect+0x156/0x450
[  181.228005][ T6629]  ? __pfx___sys_connect+0x10/0x10
[  181.228021][ T6629]  ? lockdep_hardirqs_on+0x7a/0x110
[  181.228051][ T6629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.228076][ T6629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.228094][ T6629]  __x64_sys_connect+0x7a/0x90
[  181.228114][ T6629]  do_syscall_64+0x15f/0x560
[  181.228134][ T6629]  ? clear_bhb_loop+0x40/0x90
[  181.228155][ T6629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.228173][ T6629] RIP: 0033:0x7f947a91ce59
[  181.228189][ T6629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  181.228203][ T6629] RSP: 002b:00007f9478b34028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  181.228228][ T6629] RAX: ffffffffffffffda RBX: 00007f947ab96180 RCX: 00007f947a91ce59
[  181.228241][ T6629] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000008
[  181.228252][ T6629] RBP: 00007f9478b34090 R08: 0000000000000000 R09: 0000000000000000
[  181.228263][ T6629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.228274][ T6629] R13: 00007f947ab96218 R14: 00007f947ab96180 R15: 00007ffccc8151c8
[  181.228303][ T6629]  </TASK>
[  181.288757][ T6628] 9p: Bad value for 'rfdno'
[  182.574462][ T6633] loop1: detected capacity change from 0 to 512
[  182.703155][ T5948] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  182.883288][   T37] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  182.902778][ T5948] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[  182.902802][ T5948] usb 4-1: config 0 has no interface number 0
[  182.902840][ T5948] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  182.902863][ T5948] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  182.957237][ T5948] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  182.957263][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.957281][ T5948] usb 4-1: Product: syz
[  182.957293][ T5948] usb 4-1: Manufacturer: syz
[  182.957305][ T5948] usb 4-1: SerialNumber: syz
[  182.995820][ T5948] usb 4-1: config 0 descriptor??
[  182.996566][ T6628] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  183.011713][ T5948] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  183.033953][   T37] usb 5-1: Using ep0 maxpacket: 32
[  183.037251][   T37] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  183.037274][   T37] usb 5-1: config 0 has no interface number 0
[  183.037372][   T37] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  183.037397][   T37] usb 5-1: config 0 interface 85 has no altsetting 0
[  183.306195][   T37] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  183.306281][   T37] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.306300][   T37] usb 5-1: Product: syz
[  183.306312][   T37] usb 5-1: Manufacturer: syz
[  183.306324][   T37] usb 5-1: SerialNumber: syz
[  183.984321][ T5948] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  184.122041][   T37] usb 5-1: config 0 descriptor??
[  184.435495][ T5948] usb 4-1: USB disconnect, device number 6
[  184.808673][   T37] appletouch 5-1:0.85: Failed to read mode from device.
[  184.808912][   T37] appletouch 5-1:0.85: probe with driver appletouch failed with error -5
[  185.238113][ T6653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.208'.
[  185.972090][ T6651] loop3: detected capacity change from 0 to 512
[  186.231847][   T37] usb 5-1: USB disconnect, device number 4
[  186.245779][ T5948] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  186.253538][ T5948] cyberjack 4-1:0.69: device disconnected
[  186.349117][ T6660] capability: warning: `syz.2.213' uses 32-bit capabilities (legacy support in use)
[  186.522459][ T6663] netlink: 92 bytes leftover after parsing attributes in process `syz.0.215'.
[  186.716753][ T6668] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  186.726536][ T6663] netlink: 12 bytes leftover after parsing attributes in process `syz.0.215'.
[  186.804475][ T6670] loop2: detected capacity change from 0 to 512
[  186.917522][ T6673] loop4: detected capacity change from 0 to 128
[  186.922245][ T6673] ubifs: Unknown parameter 'auth_hauh_name'
[  187.472174][ T6683] loop3: detected capacity change from 0 to 256
[  187.481568][ T6683] vfat: Unknown parameter 'iocharsetiso8859-3'
[  187.940272][ T6689] 9p: Bad value for 'rfdno'
[  188.923142][ T5737] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  189.087986][ T5737] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[  189.088011][ T5737] usb 4-1: config 0 has no interface number 0
[  189.088053][ T5737] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  189.088075][ T5737] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  189.090889][ T5737] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  189.090915][ T5737] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.090932][ T5737] usb 4-1: Product: syz
[  189.090944][ T5737] usb 4-1: Manufacturer: syz
[  189.090957][ T5737] usb 4-1: SerialNumber: syz
[  189.373727][ T5737] usb 4-1: config 0 descriptor??
[  189.378455][ T6689] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  189.409149][ T5737] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  189.440180][ T5737] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  191.254945][ T5631] usb 4-1: USB disconnect, device number 7
[  191.327169][ T5631] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  191.328416][ T5631] cyberjack 4-1:0.69: device disconnected
[  191.399726][ T6709] FAULT_INJECTION: forcing a failure.
[  191.399726][ T6709] name failslab, interval 1, probability 0, space 0, times 0
[  191.399758][ T6709] CPU: 1 UID: 0 PID: 6709 Comm: syz.2.228 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  191.399781][ T6709] Tainted: [L]=SOFTLOCKUP
[  191.399787][ T6709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  191.399797][ T6709] Call Trace:
[  191.399804][ T6709]  <TASK>
[  191.399810][ T6709]  dump_stack_lvl+0xe8/0x150
[  191.399837][ T6709]  should_fail_ex+0x46b/0x600
[  191.399865][ T6709]  ? __pfx_sock_alloc_inode+0x10/0x10
[  191.399888][ T6709]  should_failslab+0xa8/0x100
[  191.399906][ T6709]  ? __pfx_sock_alloc_inode+0x10/0x10
[  191.399927][ T6709]  kmem_cache_alloc_lru_noprof+0x8b/0x680
[  191.399944][ T6709]  ? sock_alloc_inode+0x2c/0x190
[  191.399969][ T6709]  ? __pfx_sock_alloc_inode+0x10/0x10
[  191.399990][ T6709]  sock_alloc_inode+0x2c/0x190
[  191.400012][ T6709]  ? __pfx_sock_alloc_inode+0x10/0x10
[  191.400032][ T6709]  alloc_inode+0x6a/0x1b0
[  191.400055][ T6709]  do_accept+0x147/0x930
[  191.400075][ T6709]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  191.400103][ T6709]  ? __pfx_do_accept+0x10/0x10
[  191.400139][ T6709]  __sys_accept4+0x139/0x230
[  191.400159][ T6709]  ? __pfx___sys_accept4+0x10/0x10
[  191.400177][ T6709]  ? __pfx_ksys_write+0x10/0x10
[  191.400199][ T6709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.400218][ T6709]  __x64_sys_accept+0x7d/0x90
[  191.400236][ T6709]  do_syscall_64+0x15f/0x560
[  191.400254][ T6709]  ? trace_irq_disable+0x3b/0x140
[  191.400271][ T6709]  ? clear_bhb_loop+0x40/0x90
[  191.400303][ T6709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.400318][ T6709] RIP: 0033:0x7f6b56cace59
[  191.400334][ T6709] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  191.400348][ T6709] RSP: 002b:00007f6b54efe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  191.400365][ T6709] RAX: ffffffffffffffda RBX: 00007f6b56f25fa0 RCX: 00007f6b56cace59
[  191.400378][ T6709] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  191.400388][ T6709] RBP: 00007f6b54efe090 R08: 0000000000000000 R09: 0000000000000000
[  191.400397][ T6709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  191.400407][ T6709] R13: 00007f6b56f26038 R14: 00007f6b56f25fa0 R15: 00007ffdf8477298
[  191.400435][ T6709]  </TASK>
[  191.738312][ T6717] netlink: 12 bytes leftover after parsing attributes in process `syz.1.226'.
[  192.662725][ T6715] Driver unsupported XDP return value 0 on prog  (id 51) dev N/A, expect packet loss!
[  194.372188][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  194.372268][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  194.388817][ T1007] kernel write not supported for file bpf-prog (pid: 1007 comm: kworker/1:2)
[  194.443371][ T6732] loop4: detected capacity change from 0 to 512
[  195.875518][ T6750] loop1: detected capacity change from 0 to 256
[  195.910764][ T6750] vfat: Unknown parameter 'iocharsetiso8859-3'
[  195.972245][ T6754] Bluetooth: hci0: invalid length 0, exp 2 for type 20
[  197.356127][ T6760] 9p: Bad value for 'rfdno'
[  198.374448][ T6764] loop3: detected capacity change from 0 to 40427
[  198.375425][ T6764] F2FS-fs: heap/no_heap options were deprecated
[  198.413429][ T6764] F2FS-fs (loop3): build fault injection rate: 19
[  198.413451][ T6764] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  198.415598][ T6764] F2FS-fs (loop3): invalid crc value
[  198.427608][ T6764] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  198.460333][   T32] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  198.496052][ T6764] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  198.512024][ T6764] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  198.525609][ T6764] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  198.550743][ T6764] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  198.552136][ T6764] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of vfs_getxattr_alloc+0x42e/0x590
[  198.562651][   T38] audit: type=1804 audit(1779290876.822:4): pid=6764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.244" name="/newroot/47/bus/bus" dev="loop3" ino=14 res=1 errno=0
[  198.616580][   T32] usb 2-1: config 0 has an invalid interface number: 69 but max is 0
[  198.616605][   T32] usb 2-1: config 0 has no interface number 0
[  198.616646][   T32] usb 2-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  198.616668][   T32] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  198.655240][   T32] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  198.655266][   T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.655284][   T32] usb 2-1: Product: syz
[  198.655295][   T32] usb 2-1: Manufacturer: syz
[  198.655307][   T32] usb 2-1: SerialNumber: syz
[  198.707974][   T32] usb 2-1: config 0 descriptor??
[  198.708723][ T6760] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  198.728777][   T32] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  198.814733][ T5624] syz-executor: attempt to access beyond end of device
[  198.814733][ T5624] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  198.837447][   T32] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  198.859916][ T5624] CPU: 1 UID: 0 PID: 5624 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  198.859944][ T5624] Tainted: [L]=SOFTLOCKUP
[  198.859950][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  198.859961][ T5624] Call Trace:
[  198.859968][ T5624]  <TASK>
[  198.859976][ T5624]  dump_stack_lvl+0xe8/0x150
[  198.860003][ T5624]  f2fs_stop_checkpoint+0x3cd/0x590
[  198.860032][ T5624]  f2fs_write_end_io+0x1274/0x1740
[  198.860070][ T5624]  __submit_merged_bio+0x256/0x6a0
[  198.860092][ T5624]  __submit_merged_write_cond+0x3c9/0x4e0
[  198.860124][ T5624]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  198.860169][ T5624]  f2fs_write_data_pages+0x287e/0x34f0
[  198.860223][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  198.860295][ T5624]  ? do_raw_spin_lock+0x12b/0x2f0
[  198.860324][ T5624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  198.860344][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  198.860362][ T5624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  198.860380][ T5624]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  198.860403][ T5624]  ? reacquire_held_locks+0x104/0x190
[  198.860424][ T5624]  ? rt_spin_lock+0x1e0/0x400
[  198.860454][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  198.860481][ T5624]  ? rt_spin_unlock+0x160/0x200
[  198.860503][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  198.860524][ T5624]  do_writepages+0x32e/0x550
[  198.860547][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  198.860569][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  198.860599][ T5624]  filemap_fdatawrite+0x1ec/0x2f0
[  198.860626][ T5624]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  198.860646][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  198.860696][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  198.860727][ T5624]  ? rt_spin_unlock+0x160/0x200
[  198.860750][ T5624]  f2fs_sync_dirty_inodes+0x30e/0x830
[  198.860784][ T5624]  f2fs_write_checkpoint+0x9df/0x26a0
[  198.860803][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  198.860858][ T5624]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  198.860932][ T5624]  kill_f2fs_super+0x314/0x730
[  198.860960][ T5624]  ? __pfx_kill_f2fs_super+0x10/0x10
[  198.860992][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  198.861024][ T5624]  deactivate_locked_super+0xbc/0x130
[  198.861051][ T5624]  cleanup_mnt+0x437/0x4d0
[  198.861068][ T5624]  ? _raw_spin_unlock_irq+0x23/0x50
[  198.861090][ T5624]  task_work_run+0x1d9/0x270
[  198.861113][ T5624]  ? __pfx_task_work_run+0x10/0x10
[  198.861142][ T5624]  exit_to_user_mode_loop+0xf3/0x4d0
[  198.861159][ T5624]  ? rcu_is_watching+0x15/0xb0
[  198.861182][ T5624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.861201][ T5624]  do_syscall_64+0x33e/0x560
[  198.861219][ T5624]  ? trace_irq_disable+0x3b/0x140
[  198.861237][ T5624]  ? clear_bhb_loop+0x40/0x90
[  198.861258][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.861276][ T5624] RIP: 0033:0x7facfc78e097
[  198.861293][ T5624] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  198.861307][ T5624] RSP: 002b:00007ffc1402bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  198.861325][ T5624] RAX: 0000000000000000 RBX: 00007facfc8221ca RCX: 00007facfc78e097
[  198.861337][ T5624] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1402bc70
[  198.861347][ T5624] RBP: 00007ffc1402bc70 R08: 00007ffc1402cc70 R09: 00000000ffffffff
[  198.861358][ T5624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1402cd00
[  198.861369][ T5624] R13: 00007facfc8221ca R14: 0000000000030706 R15: 00007ffc1402cd40
[  198.861399][ T5624]  </TASK>
[  198.913544][ T5624] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  199.366211][ T6781] loop4: detected capacity change from 0 to 4096
[  200.036751][ T1007] usb 2-1: USB disconnect, device number 5
[  200.094920][ T1007] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  200.127808][ T1007] cyberjack 2-1:0.69: device disconnected
[  200.264684][   T32] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  200.424419][   T32] usb 4-1: Using ep0 maxpacket: 32
[  200.439023][   T32] usb 4-1: unable to get BOS descriptor or descriptor too short
[  200.443267][   T32] usb 4-1: config 117 has an invalid interface number: 86 but max is 0
[  200.443289][   T32] usb 4-1: config 117 has an invalid descriptor of length 0, skipping remainder of the config
[  200.443306][   T32] usb 4-1: config 117 has no interface number 0
[  200.443347][   T32] usb 4-1: config 117 interface 86 altsetting 162 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  200.443511][   T32] usb 4-1: config 117 interface 86 altsetting 162 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[  200.443536][   T32] usb 4-1: config 117 interface 86 has no altsetting 0
[  200.451581][   T32] usb 4-1: New USB device found, idVendor=1b3d, idProduct=9304, bcdDevice=7c.4d
[  200.451733][   T32] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.451751][   T32] usb 4-1: Product: syz
[  200.451763][   T32] usb 4-1: Manufacturer: syz
[  200.451776][   T32] usb 4-1: SerialNumber: syz
[  201.503176][ T5629] Bluetooth: hci3: command 0x0406 tx timeout
[  201.547486][ T5629] Bluetooth: hci1: command 0x0406 tx timeout
[  201.814096][ T5629] Bluetooth: hci2: command 0x0406 tx timeout
[  201.852218][ T5628] Bluetooth: hci4: command 0x0406 tx timeout
[  201.925249][ T5629] Bluetooth: hci0: command 0x0406 tx timeout
[  202.217932][ T6800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.218487][ T6800] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.257052][ T6802] loop1: detected capacity change from 0 to 512
[  202.274286][ T6781] NILFS (loop4): error -4 creating segctord thread
[  202.712826][ T6366] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  202.822290][ T6808] FAULT_INJECTION: forcing a failure.
[  202.822290][ T6808] name failslab, interval 1, probability 0, space 0, times 0
[  202.822324][ T6808] CPU: 1 UID: 0 PID: 6808 Comm: syz.0.256 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  202.822344][ T6808] Tainted: [L]=SOFTLOCKUP
[  202.822350][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  202.822357][ T6808] Call Trace:
[  202.822369][ T6808]  <TASK>
[  202.822376][ T6808]  dump_stack_lvl+0xe8/0x150
[  202.822400][ T6808]  should_fail_ex+0x46b/0x600
[  202.822425][ T6808]  should_failslab+0xa8/0x100
[  202.822445][ T6808]  kmem_cache_alloc_noprof+0x87/0x680
[  202.822460][ T6808]  ? vm_area_dup+0x2b/0x670
[  202.822478][ T6808]  vm_area_dup+0x2b/0x670
[  202.822494][ T6808]  __split_vma+0x1e4/0xa40
[  202.822511][ T6808]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  202.822528][ T6808]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  202.822542][ T6808]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  202.822560][ T6808]  ? __pfx___split_vma+0x10/0x10
[  202.822584][ T6808]  ? try_to_take_rt_mutex+0x840/0xb00
[  202.822617][ T6808]  vms_gather_munmap_vmas+0x32d/0x1380
[  202.822637][ T6808]  ? __lock_acquire+0x6b5/0x2d10
[  202.822658][ T6808]  ? __lock_acquire+0x6b5/0x2d10
[  202.822676][ T6808]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  202.822691][ T6808]  ? tomoyo_check_open_permission+0x1d3/0x470
[  202.822721][ T6808]  do_vmi_align_munmap+0x2c7/0x4d0
[  202.822736][ T6808]  ? __lock_acquire+0x6b5/0x2d10
[  202.822762][ T6808]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  202.822788][ T6808]  ? mtree_range_walk+0x6fc/0x8b0
[  202.822825][ T6808]  do_vmi_munmap+0x252/0x2d0
[  202.822847][ T6808]  do_munmap+0xf9/0x170
[  202.822864][ T6808]  ? __pfx_do_munmap+0x10/0x10
[  202.822892][ T6808]  mremap_to+0x353/0x880
[  202.822915][ T6808]  ? mtree_load+0x12a/0x780
[  202.822930][ T6808]  ? __pfx_mremap_to+0x10/0x10
[  202.822948][ T6808]  ? __pfx_mtree_load+0x10/0x10
[  202.822968][ T6808]  ? check_prep_vma+0x7a5/0xbd0
[  202.822996][ T6808]  __se_sys_mremap+0xe7a/0x11e0
[  202.823034][ T6808]  ? __pfx___se_sys_mremap+0x10/0x10
[  202.823057][ T6808]  ? fput+0xa0/0xd0
[  202.823077][ T6808]  ? ksys_write+0x248/0x270
[  202.823092][ T6808]  ? __pfx_ksys_write+0x10/0x10
[  202.823110][ T6808]  ? __x64_sys_mremap+0x20/0xc0
[  202.823127][ T6808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.823145][ T6808]  do_syscall_64+0x15f/0x560
[  202.823165][ T6808]  ? clear_bhb_loop+0x40/0x90
[  202.823184][ T6808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.823200][ T6808] RIP: 0033:0x7f0b55cbce59
[  202.823216][ T6808] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  202.823228][ T6808] RSP: 002b:00007f0b53ef5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  202.823246][ T6808] RAX: ffffffffffffffda RBX: 00007f0b55f36090 RCX: 00007f0b55cbce59
[  202.823257][ T6808] RDX: 0000000000001000 RSI: 0000000000003000 RDI: 0000200000831000
[  202.823268][ T6808] RBP: 00007f0b53ef5090 R08: 0000200000486000 R09: 0000000000000000
[  202.823278][ T6808] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[  202.823288][ T6808] R13: 00007f0b55f36128 R14: 00007f0b55f36090 R15: 00007ffeeb9c6e38
[  202.823314][ T6808]  </TASK>
[  202.986341][ T6366] usb 3-1: Using ep0 maxpacket: 32
[  202.988684][ T6366] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  202.988706][ T6366] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  202.988724][ T6366] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  202.988741][ T6366] usb 3-1: config 1 has no interface number 0
[  202.988779][ T6366] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  202.988801][ T6366] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  202.988843][ T6366] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  202.988862][ T6366] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.258482][   T32] ftdi_sio 4-1:117.86: FTDI USB Serial Device converter detected
[  203.294624][ T6366] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  203.305244][   T32] ftdi_sio ttyUSB0: unknown device type: 0x7c4d
[  203.352254][   T32] usb 4-1: USB disconnect, device number 8
[  203.365636][   T32] ftdi_sio 4-1:117.86: device disconnected
[  203.703325][ T6813] loop3: detected capacity change from 0 to 40427
[  203.704424][ T6813] F2FS-fs: heap/no_heap options were deprecated
[  203.714312][ T6813] F2FS-fs (loop3): build fault injection rate: 19
[  203.714329][ T6813] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  203.717569][ T6813] F2FS-fs (loop3): invalid crc value
[  203.726906][ T6816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  203.728052][ T6816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  203.734027][ T6813] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  203.755990][ T6366] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  203.772929][ T6816] netlink: 'syz.2.258': attribute type 2 has an invalid length.
[  203.813446][ T6813] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  203.820999][ T6813] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  203.835035][ T6813] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  203.860708][ T6366] usb 3-1: USB disconnect, device number 5
[  203.910318][ T6813] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  203.911803][ T6813] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of vfs_getxattr_alloc+0x42e/0x590
[  203.929468][ T6366] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  203.951442][   T38] audit: type=1804 audit(1779290882.172:5): pid=6813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.259" name="/newroot/49/bus/bus" dev="loop3" ino=14 res=1 errno=0
[  203.963302][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  204.076100][ T5624] syz-executor: attempt to access beyond end of device
[  204.076100][ T5624] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  204.081119][ T5624] CPU: 1 UID: 0 PID: 5624 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  204.081147][ T5624] Tainted: [L]=SOFTLOCKUP
[  204.081154][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  204.081163][ T5624] Call Trace:
[  204.081170][ T5624]  <TASK>
[  204.081177][ T5624]  dump_stack_lvl+0xe8/0x150
[  204.081204][ T5624]  f2fs_stop_checkpoint+0x3cd/0x590
[  204.081236][ T5624]  f2fs_write_end_io+0x1274/0x1740
[  204.081273][ T5624]  __submit_merged_bio+0x256/0x6a0
[  204.081298][ T5624]  __submit_merged_write_cond+0x3c9/0x4e0
[  204.081334][ T5624]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  204.081383][ T5624]  f2fs_write_data_pages+0x287e/0x34f0
[  204.081437][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  204.081514][ T5624]  ? do_raw_spin_lock+0x12b/0x2f0
[  204.081545][ T5624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  204.081566][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  204.081585][ T5624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  204.081604][ T5624]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  204.081628][ T5624]  ? reacquire_held_locks+0x104/0x190
[  204.081649][ T5624]  ? rt_spin_lock+0x1e0/0x400
[  204.081680][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  204.081707][ T5624]  ? rt_spin_unlock+0x160/0x200
[  204.081729][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  204.081750][ T5624]  do_writepages+0x32e/0x550
[  204.081776][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  204.081802][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  204.081835][ T5624]  filemap_fdatawrite+0x1ec/0x2f0
[  204.081864][ T5624]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  204.081886][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  204.081940][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  204.081972][ T5624]  ? rt_spin_unlock+0x160/0x200
[  204.081998][ T5624]  f2fs_sync_dirty_inodes+0x30e/0x830
[  204.082034][ T5624]  f2fs_write_checkpoint+0x9df/0x26a0
[  204.082054][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  204.082102][ T5624]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  204.082178][ T5624]  kill_f2fs_super+0x314/0x730
[  204.082206][ T5624]  ? __pfx_kill_f2fs_super+0x10/0x10
[  204.082240][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  204.082277][ T5624]  deactivate_locked_super+0xbc/0x130
[  204.082306][ T5624]  cleanup_mnt+0x437/0x4d0
[  204.082324][ T5624]  ? _raw_spin_unlock_irq+0x23/0x50
[  204.082347][ T5624]  task_work_run+0x1d9/0x270
[  204.082372][ T5624]  ? __pfx_task_work_run+0x10/0x10
[  204.082404][ T5624]  exit_to_user_mode_loop+0xf3/0x4d0
[  204.082423][ T5624]  ? rcu_is_watching+0x15/0xb0
[  204.082446][ T5624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.082465][ T5624]  do_syscall_64+0x33e/0x560
[  204.082490][ T5624]  ? trace_irq_disable+0x3b/0x140
[  204.082508][ T5624]  ? clear_bhb_loop+0x40/0x90
[  204.082529][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.082546][ T5624] RIP: 0033:0x7facfc78e097
[  204.082564][ T5624] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  204.082579][ T5624] RSP: 002b:00007ffc1402bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  204.082598][ T5624] RAX: 0000000000000000 RBX: 00007facfc8221ca RCX: 00007facfc78e097
[  204.082610][ T5624] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1402bc70
[  204.082621][ T5624] RBP: 00007ffc1402bc70 R08: 00007ffc1402cc70 R09: 00000000ffffffff
[  204.082633][ T5624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1402cd00
[  204.082644][ T5624] R13: 00007facfc8221ca R14: 0000000000031bf9 R15: 00007ffc1402cd40
[  204.082675][ T5624]  </TASK>
[  204.124922][ T5624] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  204.125629][   T10] usb 1-1: Using ep0 maxpacket: 32
[  204.136692][   T10] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[  204.136717][   T10] usb 1-1: config 0 has no interface number 0
[  204.136765][   T10] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  204.136789][   T10] usb 1-1: config 0 interface 85 has no altsetting 0
[  204.149480][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  204.149507][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.149524][   T10] usb 1-1: Product: syz
[  204.149536][   T10] usb 1-1: Manufacturer: syz
[  204.149547][   T10] usb 1-1: SerialNumber: syz
[  204.211947][   T10] usb 1-1: config 0 descriptor??
[  204.896164][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.265'.
[  204.910361][ T6827] loop1: detected capacity change from 0 to 256
[  204.920193][ T6827] vfat: Unknown parameter 'iocharsetiso8859-3'
[  205.474356][ T6834] 9p: Bad value for 'rfdno'
[  206.269999][ T6832] loop4: detected capacity change from 0 to 4096
[  206.294615][ T6832] EXT4-fs: inline encryption not supported
[  206.294754][ T6832] ext4: Unknown parameter 'fowner'
[  206.335870][   T10] appletouch 1-1:0.85: Failed to read mode from device.
[  206.336079][   T10] appletouch 1-1:0.85: probe with driver appletouch failed with error -5
[  206.373078][   T32] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  206.413980][   T10] usb 1-1: USB disconnect, device number 4
[  206.525274][   T32] usb 2-1: config 0 has an invalid interface number: 69 but max is 0
[  206.525300][   T32] usb 2-1: config 0 has no interface number 0
[  206.525338][   T32] usb 2-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  206.525369][   T32] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  206.569456][   T32] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  206.569483][   T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.569501][   T32] usb 2-1: Product: syz
[  206.569514][   T32] usb 2-1: Manufacturer: syz
[  206.569527][   T32] usb 2-1: SerialNumber: syz
[  206.608954][   T32] usb 2-1: config 0 descriptor??
[  206.609737][ T6834] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  206.646913][ T6837] CUSE: info not properly terminated
[  206.686772][   T32] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  206.718854][   T32] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  207.583891][ T6845] netlink: 8 bytes leftover after parsing attributes in process `syz.0.267'.
[  208.266934][ T6844] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  208.763627][ T1007] usb 2-1: USB disconnect, device number 6
[  208.801127][ T1007] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  208.814806][ T6848] netlink: 12 bytes leftover after parsing attributes in process `syz.4.269'.
[  208.833607][ T1007] cyberjack 2-1:0.69: device disconnected
[  210.230773][ T5737] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  210.763300][ T5737] usb 1-1: Using ep0 maxpacket: 32
[  210.774516][ T5737] usb 1-1: unable to get BOS descriptor or descriptor too short
[  210.775843][ T5737] usb 1-1: config 117 has an invalid interface number: 86 but max is 0
[  210.775866][ T5737] usb 1-1: config 117 has an invalid descriptor of length 0, skipping remainder of the config
[  210.775884][ T5737] usb 1-1: config 117 has no interface number 0
[  210.775938][ T5737] usb 1-1: config 117 interface 86 altsetting 162 has 1 endpoint descriptor, different from the interface descriptor's value: 12
[  210.775962][ T5737] usb 1-1: config 117 interface 86 has no altsetting 0
[  210.806298][ T5737] usb 1-1: New USB device found, idVendor=1b3d, idProduct=9304, bcdDevice=7c.4d
[  210.806331][ T5737] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.806349][ T5737] usb 1-1: Product: syz
[  210.806362][ T5737] usb 1-1: Manufacturer: syz
[  210.806374][ T5737] usb 1-1: SerialNumber: syz
[  210.885724][ T6862] netlink: 8 bytes leftover after parsing attributes in process `syz.1.272'.
[  211.207163][ T6862] loop1: detected capacity change from 0 to 4096
[  211.212815][ T6862] EXT4-fs: inline encryption not supported
[  211.212897][ T6862] ext4: Unknown parameter 'fowner'
[  211.491404][ T6855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  211.491918][ T6855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  212.193163][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  212.248226][ T5737] ftdi_sio 1-1:117.86: FTDI USB Serial Device converter detected
[  212.281344][ T5737] ftdi_sio ttyUSB0: unknown device type: 0x7c4d
[  212.307455][ T5737] usb 1-1: USB disconnect, device number 5
[  212.332677][ T5737] ftdi_sio 1-1:117.86: device disconnected
[  212.343170][   T10] usb 3-1: Using ep0 maxpacket: 32
[  212.348568][   T10] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  212.348591][   T10] usb 3-1: config 0 has no interface number 0
[  212.348632][   T10] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  212.348657][   T10] usb 3-1: config 0 interface 85 has no altsetting 0
[  212.354947][   T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  212.354973][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.354990][   T10] usb 3-1: Product: syz
[  212.355003][   T10] usb 3-1: Manufacturer: syz
[  212.355015][   T10] usb 3-1: SerialNumber: syz
[  212.598322][ T6890] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3
[  212.606550][   T10] usb 3-1: config 0 descriptor??
[  212.608228][ T6888] loop4: detected capacity change from 0 to 256
[  212.617209][ T6888] exfat: Bad value for 'gid'
[  212.617226][ T6888] exfat: Bad value for 'gid'
[  212.912517][ T6897] loop4: detected capacity change from 0 to 256
[  212.931268][ T6897] vfat: Unknown parameter 'iocharsetiso8859-3'
[  212.955658][ T6896] loop1: detected capacity change from 0 to 512
[  213.186648][   T10] appletouch 3-1:0.85: Failed to read mode from device.
[  213.186865][   T10] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  213.372148][ T6901] 9p: Bad value for 'rfdno'
[  214.284792][ T5632] Bluetooth: hci4: command 0x0406 tx timeout
[  214.356267][   T10] usb 3-1: USB disconnect, device number 6
[  214.704566][ T5349] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  214.726019][ T6885] loop3: detected capacity change from 0 to 40427
[  214.735797][ T6885] F2FS-fs: heap/no_heap options were deprecated
[  214.738261][ T6885] F2FS-fs (loop3): build fault injection rate: 19
[  214.738280][ T6885] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  214.739436][ T6885] F2FS-fs (loop3): invalid crc value
[  215.596273][ T5349] usb 5-1: config 0 has an invalid interface number: 69 but max is 0
[  215.596300][ T5349] usb 5-1: config 0 has no interface number 0
[  215.596336][ T5349] usb 5-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  215.596360][ T5349] usb 5-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  215.606163][ T5349] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  215.606190][ T5349] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.606208][ T5349] usb 5-1: Product: syz
[  215.606220][ T5349] usb 5-1: Manufacturer: syz
[  215.606232][ T5349] usb 5-1: SerialNumber: syz
[  215.745437][ T5349] usb 5-1: config 0 descriptor??
[  215.752122][ T6901] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  215.772765][ T5349] cyberjack 5-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  215.802057][ T6885] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  215.856018][ T5349] usb 5-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  216.018481][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.1.285'.
[  216.024823][ T5349] usb 5-1: USB disconnect, device number 5
[  216.090036][ T5349] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  216.287762][ T6885] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  216.316536][ T6885] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  216.400956][ T5349] cyberjack 5-1:0.69: device disconnected
[  216.560640][ T6924] netlink: 12 bytes leftover after parsing attributes in process `syz.2.287'.
[  218.504938][ T6936] loop4: detected capacity change from 0 to 256
[  218.506018][ T6936] exfat: Bad value for 'gid'
[  218.506033][ T6936] exfat: Bad value for 'gid'
[  219.627217][ T5740] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  219.631972][ T6935] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  219.803062][ T5740] usb 1-1: Using ep0 maxpacket: 32
[  219.805637][ T5740] usb 1-1: unable to get BOS descriptor or descriptor too short
[  219.807114][ T5740] usb 1-1: config 117 has an invalid interface number: 86 but max is 0
[  219.807137][ T5740] usb 1-1: config 117 has an invalid descriptor of length 0, skipping remainder of the config
[  219.807152][ T5740] usb 1-1: config 117 has no interface number 0
[  219.807202][ T5740] usb 1-1: config 117 interface 86 altsetting 162 has 1 endpoint descriptor, different from the interface descriptor's value: 12
[  219.807227][ T5740] usb 1-1: config 117 interface 86 has no altsetting 0
[  219.873545][ T5740] usb 1-1: New USB device found, idVendor=1b3d, idProduct=9304, bcdDevice=7c.4d
[  219.873572][ T5740] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.873590][ T5740] usb 1-1: Product: syz
[  219.873603][ T5740] usb 1-1: Manufacturer: syz
[  219.873615][ T5740] usb 1-1: SerialNumber: syz
[  219.942800][ T1007] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  220.105061][ T1007] usb 2-1: Using ep0 maxpacket: 32
[  220.107701][ T1007] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  220.107726][ T1007] usb 2-1: config 0 has no interface number 0
[  220.107767][ T1007] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  220.107793][ T1007] usb 2-1: config 0 interface 85 has no altsetting 0
[  220.126450][ T1007] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  220.126531][ T1007] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.126550][ T1007] usb 2-1: Product: syz
[  220.126563][ T1007] usb 2-1: Manufacturer: syz
[  220.126575][ T1007] usb 2-1: SerialNumber: syz
[  220.177937][ T1007] usb 2-1: config 0 descriptor??
[  220.412649][ T1007] appletouch 2-1:0.85: Failed to read mode from device.
[  220.417163][ T1007] appletouch 2-1:0.85: probe with driver appletouch failed with error -5
[  220.432247][ T6929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.452898][ T6929] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.635975][ T1007] usb 2-1: USB disconnect, device number 7
[  221.750295][ T5740] ftdi_sio 1-1:117.86: FTDI USB Serial Device converter detected
[  221.800012][ T5740] ftdi_sio ttyUSB0: unknown device type: 0x7c4d
[  221.912755][ T5740] usb 1-1: USB disconnect, device number 6
[  221.950221][ T5740] ftdi_sio 1-1:117.86: device disconnected
[  225.813482][ T6977] loop2: detected capacity change from 0 to 256
[  225.820760][ T6977] vfat: Unknown parameter 'iocharsetiso8859-3'
[  226.609263][ T6971] loop3: detected capacity change from 0 to 40427
[  226.610376][ T6971] F2FS-fs: heap/no_heap options were deprecated
[  226.656796][ T6971] F2FS-fs (loop3): build fault injection rate: 19
[  226.656819][ T6971] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  226.697885][ T6971] F2FS-fs (loop3): invalid crc value
[  226.744822][ T6971] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  226.832765][ T6971] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  226.846473][ T6971] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  226.861378][ T6971] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  227.001033][ T6971] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  227.005269][ T6971] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of vfs_getxattr_alloc+0x42e/0x590
[  227.031063][   T38] audit: type=1804 audit(1779290905.292:6): pid=6971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.297" name="/newroot/54/bus/bus" dev="loop3" ino=14 res=1 errno=0
[  227.365812][ T6989] 9p: Bad value for 'rfdno'
[  228.147610][ T5624] syz-executor: attempt to access beyond end of device
[  228.147610][ T5624] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  228.185125][ T5624] CPU: 1 UID: 0 PID: 5624 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  228.185163][ T5624] Tainted: [L]=SOFTLOCKUP
[  228.185169][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  228.185185][ T5624] Call Trace:
[  228.185192][ T5624]  <TASK>
[  228.185200][ T5624]  dump_stack_lvl+0xe8/0x150
[  228.185228][ T5624]  f2fs_stop_checkpoint+0x3cd/0x590
[  228.185261][ T5624]  f2fs_write_end_io+0x1274/0x1740
[  228.185302][ T5624]  __submit_merged_bio+0x256/0x6a0
[  228.185328][ T5624]  __submit_merged_write_cond+0x3c9/0x4e0
[  228.185363][ T5624]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  228.185412][ T5624]  f2fs_write_data_pages+0x287e/0x34f0
[  228.185468][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  228.185537][ T5624]  ? do_raw_spin_lock+0x12b/0x2f0
[  228.185571][ T5624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  228.185592][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  228.185613][ T5624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  228.185632][ T5624]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  228.185656][ T5624]  ? reacquire_held_locks+0x104/0x190
[  228.185678][ T5624]  ? rt_spin_lock+0x1e0/0x400
[  228.185708][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  228.185737][ T5624]  ? rt_spin_unlock+0x160/0x200
[  228.185759][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  228.185781][ T5624]  do_writepages+0x32e/0x550
[  228.185806][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  228.185831][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  228.185864][ T5624]  filemap_fdatawrite+0x1ec/0x2f0
[  228.185892][ T5624]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  228.185929][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  228.185981][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  228.186014][ T5624]  ? rt_spin_unlock+0x160/0x200
[  228.186038][ T5624]  f2fs_sync_dirty_inodes+0x30e/0x830
[  228.186070][ T5624]  f2fs_write_checkpoint+0x9df/0x26a0
[  228.186085][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  228.186121][ T5624]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  228.186182][ T5624]  kill_f2fs_super+0x314/0x730
[  228.186203][ T5624]  ? __pfx_kill_f2fs_super+0x10/0x10
[  228.186227][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  228.186254][ T5624]  deactivate_locked_super+0xbc/0x130
[  228.186277][ T5624]  cleanup_mnt+0x437/0x4d0
[  228.186292][ T5624]  ? _raw_spin_unlock_irq+0x23/0x50
[  228.186312][ T5624]  task_work_run+0x1d9/0x270
[  228.186332][ T5624]  ? __pfx_task_work_run+0x10/0x10
[  228.186355][ T5624]  exit_to_user_mode_loop+0xf3/0x4d0
[  228.186371][ T5624]  ? rcu_is_watching+0x15/0xb0
[  228.186389][ T5624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.186406][ T5624]  do_syscall_64+0x33e/0x560
[  228.186423][ T5624]  ? trace_irq_disable+0x3b/0x140
[  228.186438][ T5624]  ? clear_bhb_loop+0x40/0x90
[  228.186455][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.186468][ T5624] RIP: 0033:0x7facfc78e097
[  228.186484][ T5624] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  228.186496][ T5624] RSP: 002b:00007ffc1402bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  228.186512][ T5624] RAX: 0000000000000000 RBX: 00007facfc8221ca RCX: 00007facfc78e097
[  228.186522][ T5624] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1402bc70
[  228.186531][ T5624] RBP: 00007ffc1402bc70 R08: 00007ffc1402cc70 R09: 00000000ffffffff
[  228.186540][ T5624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1402cd00
[  228.186549][ T5624] R13: 00007facfc8221ca R14: 000000000003764a R15: 00007ffc1402cd40
[  228.186576][ T5624]  </TASK>
[  228.190494][ T5624] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  228.553169][ T5740] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  228.659064][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  228.735935][ T5740] usb 2-1: Using ep0 maxpacket: 32
[  228.738926][ T5740] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  228.738950][ T5740] usb 2-1: config 0 has no interface number 0
[  228.738989][ T5740] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  228.739012][ T5740] usb 2-1: config 0 interface 85 has no altsetting 0
[  228.748135][ T5740] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  228.748161][ T5740] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.748179][ T5740] usb 2-1: Product: syz
[  228.748190][ T5740] usb 2-1: Manufacturer: syz
[  228.748202][ T5740] usb 2-1: SerialNumber: syz
[  228.806398][   T10] usb 5-1: Using ep0 maxpacket: 32
[  228.816495][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  228.817857][   T10] usb 5-1: config 117 has an invalid interface number: 86 but max is 0
[  228.817879][   T10] usb 5-1: config 117 has an invalid descriptor of length 0, skipping remainder of the config
[  228.817896][   T10] usb 5-1: config 117 has no interface number 0
[  228.817936][   T10] usb 5-1: config 117 interface 86 altsetting 162 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  228.817961][   T10] usb 5-1: config 117 interface 86 has no altsetting 0
[  228.826227][   T10] usb 5-1: New USB device found, idVendor=1b3d, idProduct=9304, bcdDevice=7c.4d
[  228.826254][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.826272][   T10] usb 5-1: Product: syz
[  228.826284][   T10] usb 5-1: Manufacturer: syz
[  228.826296][   T10] usb 5-1: SerialNumber: syz
[  228.883371][ T5740] usb 2-1: config 0 descriptor??
[  229.168319][ T5740] appletouch 2-1:0.85: Failed to read mode from device.
[  229.168539][ T5740] appletouch 2-1:0.85: probe with driver appletouch failed with error -5
[  229.183588][   T10] ftdi_sio 5-1:117.86: FTDI USB Serial Device converter detected
[  229.210549][   T10] ftdi_sio ttyUSB0: unknown device type: 0x7c4d
[  229.231448][ T5740] usb 2-1: USB disconnect, device number 8
[  229.279306][ T7006] overlayfs: failed to resolve './bus': -2
[  229.367514][ T6995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.378770][ T6995] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  230.649759][ T7018] overlayfs: failed to resolve './bus': -2
[  230.726886][   T10] usb 5-1: USB disconnect, device number 6
[  230.746898][   T10] ftdi_sio 5-1:117.86: device disconnected
[  231.053825][ T7024] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  232.140908][ T7029] loop1: detected capacity change from 0 to 40427
[  232.141978][ T7029] F2FS-fs: heap/no_heap options were deprecated
[  232.144797][ T7029] F2FS-fs (loop1): build fault injection rate: 19
[  232.144816][ T7029] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  232.146264][ T7029] F2FS-fs (loop1): invalid crc value
[  232.156527][ T7029] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  232.200019][ T7033] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  232.223489][ T7029] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  232.236668][ T7029] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  232.261423][ T7029] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  232.307707][ T7029] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  232.313046][ T7029] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of vfs_getxattr_alloc+0x42e/0x590
[  232.315965][   T38] audit: type=1804 audit(1779290910.582:7): pid=7029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.323" name="/newroot/63/bus/bus" dev="loop1" ino=14 res=1 errno=0
[  232.436632][ T5617] syz-executor: attempt to access beyond end of device
[  232.436632][ T5617] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  232.463577][ T5617] CPU: 1 UID: 0 PID: 5617 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  232.463608][ T5617] Tainted: [L]=SOFTLOCKUP
[  232.463614][ T5617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  232.463629][ T5617] Call Trace:
[  232.463636][ T5617]  <TASK>
[  232.463643][ T5617]  dump_stack_lvl+0xe8/0x150
[  232.463672][ T5617]  f2fs_stop_checkpoint+0x3cd/0x590
[  232.463705][ T5617]  f2fs_write_end_io+0x1274/0x1740
[  232.463747][ T5617]  __submit_merged_bio+0x256/0x6a0
[  232.463773][ T5617]  __submit_merged_write_cond+0x3c9/0x4e0
[  232.463809][ T5617]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  232.463877][ T5617]  f2fs_write_data_pages+0x287e/0x34f0
[  232.463939][ T5617]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  232.464010][ T5617]  ? do_raw_spin_lock+0x12b/0x2f0
[  232.464039][ T5617]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  232.464061][ T5617]  ? lockdep_hardirqs_on+0x7a/0x110
[  232.464080][ T5617]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  232.464098][ T5617]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  232.464122][ T5617]  ? reacquire_held_locks+0x104/0x190
[  232.464144][ T5617]  ? rt_spin_lock+0x1e0/0x400
[  232.464175][ T5617]  ? rt_spin_unlock+0x14f/0x200
[  232.464201][ T5617]  ? rt_spin_unlock+0x160/0x200
[  232.464223][ T5617]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  232.464245][ T5617]  do_writepages+0x32e/0x550
[  232.464270][ T5617]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  232.464294][ T5617]  ? rt_spin_unlock+0x14f/0x200
[  232.464327][ T5617]  filemap_fdatawrite+0x1ec/0x2f0
[  232.464356][ T5617]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  232.464377][ T5617]  ? __lock_acquire+0x6b5/0x2d10
[  232.464428][ T5617]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  232.464457][ T5617]  ? rt_spin_unlock+0x160/0x200
[  232.464482][ T5617]  f2fs_sync_dirty_inodes+0x30e/0x830
[  232.464519][ T5617]  f2fs_write_checkpoint+0x9df/0x26a0
[  232.464540][ T5617]  ? __lock_acquire+0x6b5/0x2d10
[  232.464588][ T5617]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  232.464659][ T5617]  kill_f2fs_super+0x314/0x730
[  232.464686][ T5617]  ? __pfx_kill_f2fs_super+0x10/0x10
[  232.464716][ T5617]  ? lockdep_hardirqs_on+0x7a/0x110
[  232.464745][ T5617]  deactivate_locked_super+0xbc/0x130
[  232.464773][ T5617]  cleanup_mnt+0x437/0x4d0
[  232.464791][ T5617]  ? _raw_spin_unlock_irq+0x23/0x50
[  232.464812][ T5617]  task_work_run+0x1d9/0x270
[  232.464836][ T5617]  ? __pfx_task_work_run+0x10/0x10
[  232.464867][ T5617]  exit_to_user_mode_loop+0xf3/0x4d0
[  232.464885][ T5617]  ? rcu_is_watching+0x15/0xb0
[  232.464914][ T5617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.464934][ T5617]  do_syscall_64+0x33e/0x560
[  232.464953][ T5617]  ? trace_irq_disable+0x3b/0x140
[  232.464975][ T5617]  ? clear_bhb_loop+0x40/0x90
[  232.464996][ T5617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.465014][ T5617] RIP: 0033:0x7fd77f94e097
[  232.465031][ T5617] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  232.465045][ T5617] RSP: 002b:00007ffc048fd658 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  232.465065][ T5617] RAX: 0000000000000000 RBX: 00007fd77f9e21ca RCX: 00007fd77f94e097
[  232.465075][ T5617] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc048fd710
[  232.465084][ T5617] RBP: 00007ffc048fd710 R08: 00007ffc048fe710 R09: 00000000ffffffff
[  232.465093][ T5617] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc048fe7a0
[  232.465101][ T5617] R13: 00007fd77f9e21ca R14: 0000000000038adf R15: 00007ffc048fe7e0
[  232.465124][ T5617]  </TASK>
[  232.470129][ T5617] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  233.210626][ T7045] smc: net device wlan0 applied user defined pnetid SYZ0
[  233.377072][ T7048] loop3: detected capacity change from 0 to 256
[  233.397995][ T7048] exfat: Bad value for 'gid'
[  233.398013][ T7048] exfat: Bad value for 'gid'
[  233.506531][ T7055] overlayfs: failed to resolve './bus': -2
[  233.612375][ T7056] loop1: detected capacity change from 0 to 256
[  233.615743][ T7056] vfat: Unknown parameter 'iocharsetiso8859-3'
[  233.654206][ T5740] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  233.784465][ T6366] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  233.824837][ T5740] usb 1-1: Using ep0 maxpacket: 32
[  233.827355][ T5740] usb 1-1: unable to get BOS descriptor or descriptor too short
[  233.832744][ T5740] usb 1-1: unable to read config index 0 descriptor/start: -61
[  233.832778][ T5740] usb 1-1: can't read configurations, error -61
[  233.987141][ T7060] netlink: 12 bytes leftover after parsing attributes in process `syz.2.334'.
[  234.759782][ T6366] usb 4-1: config 0 has an invalid interface number: 107 but max is 0
[  234.759809][ T6366] usb 4-1: config 0 has no interface number 0
[  234.759852][ T6366] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10
[  234.759876][ T6366] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  234.834331][ T5740] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  234.848942][ T6366] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  234.848970][ T6366] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  234.848988][ T6366] usb 4-1: Product: syz
[  234.849000][ T6366] usb 4-1: Manufacturer: syz
[  234.849013][ T6366] usb 4-1: SerialNumber: syz
[  234.898233][ T6366] usb 4-1: config 0 descriptor??
[  234.909102][ T6366] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected
[  234.914388][ T6366] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81
[  234.922819][ T6366] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1
[  234.977516][ T6366] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  234.983199][ T5740] usb 1-1: Using ep0 maxpacket: 32
[  234.985915][ T5740] usb 1-1: unable to get BOS descriptor or descriptor too short
[  234.996102][ T5740] usb 1-1: unable to read config index 0 descriptor/start: -61
[  234.996138][ T5740] usb 1-1: can't read configurations, error -61
[  234.999092][ T5740] usb usb1-port1: attempt power cycle
[  235.001206][ T6366] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2
[  235.037599][ T6366] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  235.057988][ T6366] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4
[  235.363781][ T7065] 9p: Bad value for 'rfdno'
[  235.963078][ T6366] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  235.965183][ T6366] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6
[  235.973681][ T6366] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  236.084120][ T6366] usb 4-1: USB disconnect, device number 9
[  236.104467][ T5740] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  236.124207][ T5740] usb 1-1: Using ep0 maxpacket: 32
[  236.129222][ T5740] usb 1-1: unable to get BOS descriptor or descriptor too short
[  236.130752][ T5740] usb 1-1: unable to read config index 0 descriptor/start: -61
[  236.130784][ T5740] usb 1-1: can't read configurations, error -61
[  236.183418][ T5631] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  236.222671][ T6366] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  236.263241][ T6366] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  236.275022][ T5740] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  236.293719][ T6366] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  236.297121][ T5740] usb 1-1: Using ep0 maxpacket: 32
[  236.299106][ T5740] usb 1-1: unable to get BOS descriptor or descriptor too short
[  236.302411][ T5740] usb 1-1: unable to read config index 0 descriptor/start: -61
[  236.302445][ T5740] usb 1-1: can't read configurations, error -61
[  236.327936][ T5740] usb usb1-port1: unable to enumerate USB device
[  236.329130][ T6366] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  236.334718][ T6366] keyspan 4-1:0.107: device disconnected
[  236.366061][ T5631] usb 2-1: config 0 has an invalid interface number: 69 but max is 0
[  236.366086][ T5631] usb 2-1: config 0 has no interface number 0
[  236.366129][ T5631] usb 2-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  236.366152][ T5631] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  236.407087][ T5631] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  236.407113][ T5631] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.407129][ T5631] usb 2-1: Product: syz
[  236.407140][ T5631] usb 2-1: Manufacturer: syz
[  236.407152][ T5631] usb 2-1: SerialNumber: syz
[  236.446076][ T5631] usb 2-1: config 0 descriptor??
[  236.446838][ T7065] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  236.462064][ T5631] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  236.549574][   T37] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  236.593765][ T5631] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  236.723239][   T37] usb 3-1: Using ep0 maxpacket: 32
[  236.735929][   T37] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  236.735955][   T37] usb 3-1: config 0 has no interface number 0
[  236.736042][   T37] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  236.736117][   T37] usb 3-1: config 0 interface 85 has no altsetting 0
[  236.774702][   T37] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  236.774729][   T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.774746][   T37] usb 3-1: Product: syz
[  236.774812][   T37] usb 3-1: Manufacturer: syz
[  236.774824][   T37] usb 3-1: SerialNumber: syz
[  236.889844][   T37] usb 3-1: config 0 descriptor??
[  237.006681][ T7078] loop3: detected capacity change from 0 to 512
[  237.111746][   T37] appletouch 3-1:0.85: Failed to read mode from device.
[  237.120065][   T37] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  237.192547][   T37] usb 3-1: USB disconnect, device number 7
[  237.799661][   T37] usb 2-1: USB disconnect, device number 9
[  237.866818][   T37] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  237.903688][   T37] cyberjack 2-1:0.69: device disconnected
[  238.112396][ T7093] loop3: detected capacity change from 0 to 256
[  238.116921][ T7093] exfat: Bad value for 'gid'
[  238.116938][ T7093] exfat: Bad value for 'gid'
[  238.138763][ T7070] loop4: detected capacity change from 0 to 40427
[  238.139927][ T7070] F2FS-fs: heap/no_heap options were deprecated
[  238.141149][ T7070] F2FS-fs (loop4): build fault injection rate: 19
[  238.141166][ T7070] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  238.142266][ T7070] F2FS-fs (loop4): invalid crc value
[  238.173829][ T7070] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  238.503173][ T5737] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  238.789060][ T7070] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  238.823058][ T5737] usb 2-1: Using ep0 maxpacket: 32
[  238.825715][ T5737] usb 2-1: unable to get BOS descriptor or descriptor too short
[  239.447180][ T7070] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  240.030354][ T7124] loop3: detected capacity change from 0 to 40427
[  240.032117][ T7124] F2FS-fs: heap/no_heap options were deprecated
[  240.034652][ T7126] netlink: 12 bytes leftover after parsing attributes in process `syz.0.355'.
[  240.791313][ T7124] F2FS-fs (loop3): build fault injection rate: 19
[  240.791337][ T7124] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  240.798017][ T5737] usb 2-1: unable to read config index 0 descriptor/start: -61
[  240.798055][ T5737] usb 2-1: can't read configurations, error -61
[  240.809456][ T7124] F2FS-fs (loop3): invalid crc value
[  240.877486][ T7124] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  240.946945][ T7124] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  240.975981][ T7124] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  241.026332][ T7124] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  241.133181][ T5737] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  241.241355][ T7124] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  241.483115][ T5737] usb 2-1: Using ep0 maxpacket: 32
[  241.501294][ T5737] usb 2-1: device descriptor read/all, error -71
[  241.519750][ T5737] usb usb2-port1: attempt power cycle
[  241.830786][ T5624] syz-executor: attempt to access beyond end of device
[  241.830786][ T5624] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  241.841157][ T5624] CPU: 0 UID: 0 PID: 5624 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  241.841188][ T5624] Tainted: [L]=SOFTLOCKUP
[  241.841194][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  241.841203][ T5624] Call Trace:
[  241.841211][ T5624]  <TASK>
[  241.841218][ T5624]  dump_stack_lvl+0xe8/0x150
[  241.841247][ T5624]  f2fs_stop_checkpoint+0x3cd/0x590
[  241.841280][ T5624]  f2fs_write_end_io+0x1274/0x1740
[  241.841322][ T5624]  __submit_merged_bio+0x256/0x6a0
[  241.841347][ T5624]  f2fs_submit_merged_write+0x284/0x390
[  241.841378][ T5624]  ? __pfx_f2fs_submit_merged_write+0x10/0x10
[  241.841421][ T5624]  f2fs_sync_node_pages+0x11fe/0x13c0
[  241.841466][ T5624]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  241.841524][ T5624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  241.841544][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  241.841562][ T5624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  241.841584][ T5624]  f2fs_write_checkpoint+0xeb8/0x26a0
[  241.841604][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  241.841655][ T5624]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  241.841729][ T5624]  kill_f2fs_super+0x314/0x730
[  241.841756][ T5624]  ? __pfx_kill_f2fs_super+0x10/0x10
[  241.841789][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  241.841822][ T5624]  deactivate_locked_super+0xbc/0x130
[  241.841850][ T5624]  cleanup_mnt+0x437/0x4d0
[  241.841868][ T5624]  ? _raw_spin_unlock_irq+0x23/0x50
[  241.841891][ T5624]  task_work_run+0x1d9/0x270
[  241.841915][ T5624]  ? __pfx_task_work_run+0x10/0x10
[  241.841946][ T5624]  exit_to_user_mode_loop+0xf3/0x4d0
[  241.841964][ T5624]  ? rcu_is_watching+0x15/0xb0
[  241.841986][ T5624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.842006][ T5624]  do_syscall_64+0x33e/0x560
[  241.842031][ T5624]  ? trace_irq_disable+0x3b/0x140
[  241.842049][ T5624]  ? clear_bhb_loop+0x40/0x90
[  241.842070][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.842087][ T5624] RIP: 0033:0x7facfc78e097
[  241.842105][ T5624] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  241.842120][ T5624] RSP: 002b:00007ffc1402bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  241.842139][ T5624] RAX: 0000000000000000 RBX: 00007facfc8221ca RCX: 00007facfc78e097
[  241.842151][ T5624] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1402bc70
[  241.842161][ T5624] RBP: 00007ffc1402bc70 R08: 00007ffc1402cc70 R09: 00000000ffffffff
[  241.842173][ T5624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1402cd00
[  241.842184][ T5624] R13: 00007facfc8221ca R14: 000000000003ae9a R15: 00007ffc1402cd40
[  241.842215][ T5624]  </TASK>
[  241.842222][ T5624] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  241.842400][ T5624] CPU: 0 UID: 0 PID: 5624 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  241.842424][ T5624] Tainted: [L]=SOFTLOCKUP
[  241.842430][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  241.842439][ T5624] Call Trace:
[  241.842446][ T5624]  <TASK>
[  241.842453][ T5624]  dump_stack_lvl+0xe8/0x150
[  241.842477][ T5624]  f2fs_stop_checkpoint+0x3cd/0x590
[  241.842509][ T5624]  f2fs_write_end_io+0x1274/0x1740
[  241.842553][ T5624]  __submit_merged_bio+0x256/0x6a0
[  241.842579][ T5624]  f2fs_submit_merged_write+0x284/0x390
[  241.842612][ T5624]  ? __pfx_f2fs_submit_merged_write+0x10/0x10
[  241.842657][ T5624]  f2fs_sync_node_pages+0x11fe/0x13c0
[  241.842704][ T5624]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  241.842769][ T5624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  241.842789][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  241.842808][ T5624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  241.842831][ T5624]  f2fs_write_checkpoint+0xeb8/0x26a0
[  241.842851][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  241.842905][ T5624]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  241.842980][ T5624]  kill_f2fs_super+0x314/0x730
[  241.843008][ T5624]  ? __pfx_kill_f2fs_super+0x10/0x10
[  241.843057][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  241.843091][ T5624]  deactivate_locked_super+0xbc/0x130
[  241.843118][ T5624]  cleanup_mnt+0x437/0x4d0
[  241.843136][ T5624]  ? _raw_spin_unlock_irq+0x23/0x50
[  241.843160][ T5624]  task_work_run+0x1d9/0x270
[  241.843184][ T5624]  ? __pfx_task_work_run+0x10/0x10
[  241.843217][ T5624]  exit_to_user_mode_loop+0xf3/0x4d0
[  241.843235][ T5624]  ? rcu_is_watching+0x15/0xb0
[  241.843257][ T5624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.843275][ T5624]  do_syscall_64+0x33e/0x560
[  241.843294][ T5624]  ? trace_irq_disable+0x3b/0x140
[  241.843312][ T5624]  ? clear_bhb_loop+0x40/0x90
[  241.843334][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.843351][ T5624] RIP: 0033:0x7facfc78e097
[  241.843367][ T5624] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  241.843381][ T5624] RSP: 002b:00007ffc1402bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  241.843398][ T5624] RAX: 0000000000000000 RBX: 00007facfc8221ca RCX: 00007facfc78e097
[  241.843410][ T5624] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1402bc70
[  241.843420][ T5624] RBP: 00007ffc1402bc70 R08: 00007ffc1402cc70 R09: 00000000ffffffff
[  241.843432][ T5624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1402cd00
[  241.843443][ T5624] R13: 00007facfc8221ca R14: 000000000003ae9a R15: 00007ffc1402cd40
[  241.843476][ T5624]  </TASK>
[  241.854070][ T5624] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  242.572429][ T7149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.366'.
[  243.851623][ T7165] netlink: 8 bytes leftover after parsing attributes in process `syz.4.363'.
[  246.734668][ T7168] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  247.223965][ T6366] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  247.373063][ T6366] usb 2-1: Using ep0 maxpacket: 32
[  247.375877][ T6366] usb 2-1: unable to get BOS descriptor or descriptor too short
[  247.377581][ T6366] usb 2-1: unable to read config index 0 descriptor/start: -61
[  247.377612][ T6366] usb 2-1: can't read configurations, error -61
[  247.499091][ T7190] Bluetooth: hci0: invalid length 0, exp 2 for type 19
[  247.506189][ T6366] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  247.681037][ T6366] usb 2-1: Using ep0 maxpacket: 32
[  247.687653][ T6366] usb 2-1: unable to get BOS descriptor or descriptor too short
[  247.693960][ T6366] usb 2-1: unable to read config index 0 descriptor/start: -61
[  247.693994][ T6366] usb 2-1: can't read configurations, error -61
[  247.694403][ T6366] usb usb2-port1: attempt power cycle
[  247.859644][ T7203] loop2: detected capacity change from 0 to 512
[  248.823455][ T6366] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  248.843920][ T6366] usb 2-1: Using ep0 maxpacket: 32
[  248.847890][ T6366] usb 2-1: unable to get BOS descriptor or descriptor too short
[  248.865112][ T6366] usb 2-1: unable to read config index 0 descriptor/start: -61
[  248.865147][ T6366] usb 2-1: can't read configurations, error -61
[  248.993335][ T6366] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  249.014780][ T6366] usb 2-1: Using ep0 maxpacket: 32
[  249.017663][ T6366] usb 2-1: unable to get BOS descriptor or descriptor too short
[  249.019641][ T6366] usb 2-1: unable to read config index 0 descriptor/start: -61
[  249.019673][ T6366] usb 2-1: can't read configurations, error -61
[  249.020037][ T6366] usb usb2-port1: unable to enumerate USB device
[  249.574921][ T7230] loop2: detected capacity change from 0 to 512
[  249.674311][ T7220] loop3: detected capacity change from 0 to 40427
[  249.675354][ T7220] F2FS-fs: heap/no_heap options were deprecated
[  249.692916][ T7220] F2FS-fs (loop3): build fault injection rate: 19
[  249.692935][ T7220] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  249.701929][ T7220] F2FS-fs (loop3): invalid crc value
[  249.727280][ T7220] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  249.803742][ T7220] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  249.811015][ T7220] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  249.821078][ T7220] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  249.926518][ T7220] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  249.943634][ T7220] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xda0
[  250.239718][ T5624] syz-executor: attempt to access beyond end of device
[  250.239718][ T5624] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  250.260150][ T5624] CPU: 0 UID: 0 PID: 5624 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  250.260181][ T5624] Tainted: [L]=SOFTLOCKUP
[  250.260187][ T5624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  250.260197][ T5624] Call Trace:
[  250.260204][ T5624]  <TASK>
[  250.260212][ T5624]  dump_stack_lvl+0xe8/0x150
[  250.260241][ T5624]  f2fs_stop_checkpoint+0x3cd/0x590
[  250.260274][ T5624]  f2fs_write_end_io+0x1274/0x1740
[  250.260317][ T5624]  __submit_merged_bio+0x256/0x6a0
[  250.260343][ T5624]  __submit_merged_write_cond+0x3c9/0x4e0
[  250.260379][ T5624]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  250.260428][ T5624]  f2fs_write_data_pages+0x287e/0x34f0
[  250.260494][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.260565][ T5624]  ? do_raw_spin_lock+0x12b/0x2f0
[  250.260595][ T5624]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  250.260616][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  250.260636][ T5624]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  250.260655][ T5624]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  250.260679][ T5624]  ? reacquire_held_locks+0x104/0x190
[  250.260701][ T5624]  ? rt_spin_lock+0x1e0/0x400
[  250.260730][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  250.260758][ T5624]  ? rt_spin_unlock+0x160/0x200
[  250.260780][ T5624]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.260808][ T5624]  do_writepages+0x32e/0x550
[  250.260834][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  250.260859][ T5624]  ? rt_spin_unlock+0x14f/0x200
[  250.260892][ T5624]  filemap_fdatawrite+0x1ec/0x2f0
[  250.260921][ T5624]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  250.260943][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  250.260997][ T5624]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  250.261029][ T5624]  ? rt_spin_unlock+0x160/0x200
[  250.261055][ T5624]  f2fs_sync_dirty_inodes+0x30e/0x830
[  250.261091][ T5624]  f2fs_write_checkpoint+0x9df/0x26a0
[  250.261112][ T5624]  ? __lock_acquire+0x6b5/0x2d10
[  250.261162][ T5624]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  250.261241][ T5624]  kill_f2fs_super+0x314/0x730
[  250.261270][ T5624]  ? __pfx_kill_f2fs_super+0x10/0x10
[  250.261304][ T5624]  ? lockdep_hardirqs_on+0x7a/0x110
[  250.261337][ T5624]  deactivate_locked_super+0xbc/0x130
[  250.261366][ T5624]  cleanup_mnt+0x437/0x4d0
[  250.261385][ T5624]  ? _raw_spin_unlock_irq+0x23/0x50
[  250.261407][ T5624]  task_work_run+0x1d9/0x270
[  250.261432][ T5624]  ? __pfx_task_work_run+0x10/0x10
[  250.261464][ T5624]  exit_to_user_mode_loop+0xf3/0x4d0
[  250.261489][ T5624]  ? rcu_is_watching+0x15/0xb0
[  250.261512][ T5624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.261532][ T5624]  do_syscall_64+0x33e/0x560
[  250.261551][ T5624]  ? trace_irq_disable+0x3b/0x140
[  250.261570][ T5624]  ? clear_bhb_loop+0x40/0x90
[  250.261591][ T5624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.261608][ T5624] RIP: 0033:0x7facfc78e097
[  250.261627][ T5624] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  250.261642][ T5624] RSP: 002b:00007ffc1402bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  250.261661][ T5624] RAX: 0000000000000000 RBX: 00007facfc8221ca RCX: 00007facfc78e097
[  250.261673][ T5624] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc1402bc70
[  250.261684][ T5624] RBP: 00007ffc1402bc70 R08: 00007ffc1402cc70 R09: 00000000ffffffff
[  250.261696][ T5624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc1402cd00
[  250.261708][ T5624] R13: 00007facfc8221ca R14: 000000000003cfb0 R15: 00007ffc1402cd40
[  250.261737][ T5624]  </TASK>
[  250.508325][ T5624] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  250.878882][ T7252] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  251.703282][ T7238] can0: slcan on ttyS3.
[  252.327169][ T7273] loop1: detected capacity change from 0 to 512
[  252.420425][ T7238] can0 (unregistered): slcan off ttyS3.
[  252.653109][   T37] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  252.804357][   T37] usb 1-1: Using ep0 maxpacket: 32
[  252.807217][   T37] usb 1-1: unable to get BOS descriptor or descriptor too short
[  252.808820][   T37] usb 1-1: config 117 has an invalid descriptor of length 0, skipping remainder of the config
[  252.808842][   T37] usb 1-1: config 117 has 0 interfaces, different from the descriptor's value: 1
[  252.814330][   T37] usb 1-1: New USB device found, idVendor=1b3d, idProduct=9304, bcdDevice=7c.4d
[  252.814357][   T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.814374][   T37] usb 1-1: Product: syz
[  252.814387][   T37] usb 1-1: Manufacturer: syz
[  252.814398][   T37] usb 1-1: SerialNumber: syz
[  253.147987][ T7296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.411'.
[  253.295569][ T7276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  253.296135][ T7276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  253.329992][ T7296] loop2: detected capacity change from 0 to 4096
[  253.332580][ T7296] EXT4-fs: inline encryption not supported
[  253.332656][ T7296] ext4: Unknown parameter 'fowner'
[  253.399457][ T7304] netlink: 12 bytes leftover after parsing attributes in process `syz.3.412'.
[  253.415315][ T7307] loop4: detected capacity change from 0 to 256
[  253.420604][ T7307] vfat: Unknown parameter 'iocharsetiso8859-3'
[  253.961259][ T7319] 9p: Bad value for 'rfdno'
[  254.518336][ T5740] usb 1-1: USB disconnect, device number 11
[  255.933328][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  255.933426][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  256.144697][ T7350] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  256.150550][ T7350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.423'.
[  257.063259][ T7354] netlink: 12 bytes leftover after parsing attributes in process `syz.0.426'.
[  258.333106][   T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  258.483142][   T10] usb 1-1: Using ep0 maxpacket: 32
[  258.491381][   T10] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[  258.491406][   T10] usb 1-1: config 0 has no interface number 0
[  258.491448][   T10] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  258.491473][   T10] usb 1-1: config 0 interface 85 has no altsetting 0
[  258.532243][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  258.532270][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.532288][   T10] usb 1-1: Product: syz
[  258.532301][   T10] usb 1-1: Manufacturer: syz
[  258.532313][   T10] usb 1-1: SerialNumber: syz
[  258.637548][   T10] usb 1-1: config 0 descriptor??
[  258.657525][ T7377] loop3: detected capacity change from 0 to 40427
[  258.658592][ T7377] F2FS-fs: heap/no_heap options were deprecated
[  258.682045][ T7377] F2FS-fs (loop3): build fault injection rate: 19
[  258.682060][ T7377] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  258.698961][ T7377] F2FS-fs (loop3): invalid crc value
[  258.723062][ T5737] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  258.731206][ T7377] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1850
[  258.869384][ T7377] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[  258.876866][ T7377] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  258.896296][ T7377] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  258.903637][ T5737] usb 3-1: Using ep0 maxpacket: 32
[  258.912119][ T5737] usb 3-1: unable to get BOS descriptor or descriptor too short
[  258.922297][ T5737] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  258.922321][ T5737] usb 3-1: config 0 has no interfaces?
[  258.935691][ T5737] usb 3-1: New USB device found, idVendor=1b3d, idProduct=9304, bcdDevice=7c.4d
[  258.935720][ T5737] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.935739][ T5737] usb 3-1: Product: syz
[  258.935751][ T5737] usb 3-1: Manufacturer: syz
[  258.935763][ T5737] usb 3-1: SerialNumber: syz
[  258.967136][ T5737] usb 3-1: config 0 descriptor??
[  258.995968][ T7377] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x91f/0x2020
[  258.997477][ T7377] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xda0
[  259.002604][   T38] audit: type=1804 audit(1779290937.262:8): pid=7377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.433" name="/newroot/76/bus/bus" dev="loop3" ino=13 res=1 errno=0
[  259.008290][ T7377] F2FS-fs (loop3): inject checkpoint error in f2fs_balance_fs of __write_node_folio+0x1551/0x1c70
[  259.008479][ T7377] CPU: 1 UID: 0 PID: 7377 Comm: syz.3.433 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  259.008505][ T7377] Tainted: [L]=SOFTLOCKUP
[  259.008511][ T7377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  259.008522][ T7377] Call Trace:
[  259.008529][ T7377]  <TASK>
[  259.008537][ T7377]  dump_stack_lvl+0xe8/0x150
[  259.008563][ T7377]  f2fs_stop_checkpoint+0x3cd/0x590
[  259.008597][ T7377]  f2fs_balance_fs+0x346/0x870
[  259.008620][ T7377]  ? __write_node_folio+0x1551/0x1c70
[  259.008645][ T7377]  ? __pfx_f2fs_balance_fs+0x10/0x10
[  259.008662][ T7377]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  259.008683][ T7377]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  259.008716][ T7377]  ? trace_lock_elapsed_time_end+0xf3/0xbc0
[  259.008734][ T7377]  ? f2fs_up_read_trace+0x1b/0x40
[  259.008755][ T7377]  ? folio_unlock+0x101/0x160
[  259.008775][ T7377]  __write_node_folio+0x1551/0x1c70
[  259.008815][ T7377]  ? __pfx___write_node_folio+0x10/0x10
[  259.008860][ T7377]  ? folio_clear_dirty_for_io+0x1d4/0x700
[  259.008889][ T7377]  ? folio_clear_dirty_for_io+0x1d4/0x700
[  259.008912][ T7377]  ? folio_clear_dirty_for_io+0x56a/0x700
[  259.008936][ T7377]  ? folio_clear_dirty_for_io+0x1d4/0x700
[  259.008963][ T7377]  f2fs_fsync_node_pages+0x1620/0x2090
[  259.009015][ T7377]  ? __pfx_f2fs_fsync_node_pages+0x10/0x10
[  259.009039][ T7377]  ? __lock_acquire+0x6b5/0x2d10
[  259.009065][ T7377]  ? __lock_acquire+0x6b5/0x2d10
[  259.009088][ T7377]  ? __lock_acquire+0x6b5/0x2d10
[  259.009111][ T7377]  ? __lock_acquire+0x6b5/0x2d10
[  259.009133][ T7377]  ? do_raw_spin_lock+0x12b/0x2f0
[  259.009197][ T7377]  f2fs_do_sync_file+0x1283/0x19e0
[  259.009226][ T7377]  ? __pfx_f2fs_do_sync_file+0x10/0x10
[  259.009289][ T7377]  ? sync_lazytime+0x1ac/0x4c0
[  259.009316][ T7377]  ? vfs_fsync_range+0x143/0x150
[  259.009333][ T7377]  ? f2fs_sync_file+0xec/0x160
[  259.009355][ T7377]  f2fs_file_write_iter+0x746/0x24c0
[  259.009392][ T7377]  ? vfs_write+0x22d/0xba0
[  259.009412][ T7377]  ? __pfx_f2fs_file_write_iter+0x10/0x10
[  259.009447][ T7377]  vfs_write+0x629/0xba0
[  259.009476][ T7377]  ? __pfx_vfs_write+0x10/0x10
[  259.009497][ T7377]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  259.009517][ T7377]  ? lockdep_hardirqs_on+0x7a/0x110
[  259.009539][ T7377]  ? mutex_lock_nested+0x152/0x1d0
[  259.009562][ T7377]  ? fdget_pos+0x252/0x320
[  259.009595][ T7377]  ksys_write+0x156/0x270
[  259.009616][ T7377]  ? __pfx_ksys_write+0x10/0x10
[  259.009643][ T7377]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.009664][ T7377]  do_syscall_64+0x15f/0x560
[  259.009683][ T7377]  ? trace_irq_disable+0x3b/0x140
[  259.009701][ T7377]  ? clear_bhb_loop+0x40/0x90
[  259.009722][ T7377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.009739][ T7377] RIP: 0033:0x7facfc78ce59
[  259.009757][ T7377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  259.009772][ T7377] RSP: 002b:00007facfa9de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  259.009791][ T7377] RAX: ffffffffffffffda RBX: 00007facfca05fa0 RCX: 00007facfc78ce59
[  259.009805][ T7377] RDX: 000000000000001c RSI: 0000200000000280 RDI: 0000000000000007
[  259.009817][ T7377] RBP: 00007facfc822d6f R08: 0000000000000000 R09: 0000000000000000
[  259.009828][ T7377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  259.009839][ T7377] R13: 00007facfca06038 R14: 00007facfca05fa0 R15: 00007ffc1402c948
[  259.009869][ T7377]  </TASK>
[  259.010720][ T7377] F2FS-fs (loop3): Stopped filesystem due to reason: 1
[  259.025667][ T7377] netlink: 24 bytes leftover after parsing attributes in process `syz.3.433'.
[  259.422030][   T10] appletouch 1-1:0.85: Failed to read mode from device.
[  259.422236][   T10] appletouch 1-1:0.85: probe with driver appletouch failed with error -5
[  259.730375][   T10] usb 1-1: USB disconnect, device number 12
[  259.789919][ T7387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.790479][ T7387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.123948][ T5632] Bluetooth: hci4: command 0x0406 tx timeout
[  260.271153][ T7391] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  261.282643][   T10] usb 3-1: USB disconnect, device number 8
[  261.473805][ T7397] Bluetooth: hci0: invalid length 0, exp 2 for type 19
[  261.663115][ T5737] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  261.815480][ T5737] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[  261.815506][ T5737] usb 1-1: config 0 has no interface number 0
[  261.815547][ T5737] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10
[  261.815571][ T5737] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  261.818118][ T5737] usb 1-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  261.818145][ T5737] usb 1-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  261.818164][ T5737] usb 1-1: Product: syz
[  261.818176][ T5737] usb 1-1: Manufacturer: syz
[  261.818273][ T5737] usb 1-1: SerialNumber: syz
[  262.427183][ T7413] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  262.701014][ T7413] netlink: 8 bytes leftover after parsing attributes in process `syz.1.440'.
[  263.101847][ T5737] usb 1-1: config 0 descriptor??
[  263.146979][ T5737] keyspan 1-1:0.107: Keyspan 4 port adapter converter detected
[  263.147323][ T5737] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 81
[  263.180884][ T5737] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 1
[  263.254036][ T5737] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  263.369985][ T5737] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 2
[  263.412338][ T5737] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  264.510993][ T5737] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 4
[  264.529154][ T7425] sg_write: data in/out 614400/136 bytes for SCSI command 0x0-- guessing data in;
[  264.529154][ T7425]    program syz.2.443 not setting count and/or reply_len properly
[  264.581499][ T5737] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  264.969274][ T7410] ==================================================================
[  264.969286][ T7410] BUG: KASAN: slab-use-after-free in clear_[  264.969286][ T7410] BUG: KASAN: slab-use-after-free in clear_tfile_check_list+0x114/0x380
[  264.969304][ T7410] Read of size 8 at addr ffff8880372f91e8 by task syz.3.434/7410
[  264.969313][ T7410] 
[  264.969322][ T7410] CPU: 0 UID: 0 PID: 7410 Comm: syz.3.434 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  264.969336][ T7410] Tainted: [L]=SOFTLOCKUP
[  264.969339][ T7410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  264.969346][ T7410] Call Trace:
[  264.969350][ T7410]  <TASK>
[  264.969355][ T7410]  dump_stack_lvl+0xe8/0x150
[  264.969369][ T7410]  print_address_description+0x55/0x1e0
[  264.969382][ T7410]  ? clear_tfile_check_list+0x114/0x380
[  264.969392][ T7410]  print_report+0x58/0x70
[  264.969404][ T7410]  kasan_report+0x117/0x150
[  264.969415][ T7410]  ? clear_tfile_check_list+0x114/0x380
[  264.969427][ T7410]  clear_tfile_check_list+0x114/0x380
[  264.969437][ T7410]  ? clear_tfile_check_list+0x22/0x380
[  264.969447][ T7410]  do_epoll_ctl_file+0x8fd/0xed0
[  264.969461][ T7410]  ? do_epoll_ctl_file+0xac3/0xed0
[  264.969476][ T7410]  ? __pfx_do_epoll_ctl_file+0x10/0x10
[  264.969490][ T7410]  ? __fget_files+0x3a6/0x420
[  264.969503][ T7410]  ? __fget_files+0x2a/0x420
[  264.969517][ T7410]  __se_sys_epoll_ctl+0x14e/0x210
[  264.969527][ T7410]  ? __pfx___se_sys_epoll_ctl+0x10/0x10
[  264.969537][ T7410]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.969555][ T7410]  do_syscall_64+0x15f/0x560
[  264.969566][ T7410]  ? trace_irq_disable+0x3b/0x140
[  264.969577][ T7410]  ? clear_bhb_loop+0x40/0x90
[  264.969589][ T7410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.969599][ T7410] RIP: 0033:0x7facfc78ce59
[  264.969608][ T7410] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  264.969617][ T7410] RSP: 002b:00007facfa579028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  264.969628][ T7410] RAX: ffffffffffffffda RBX: 00007facfca06270 RCX: 00007facfc78ce59
[  264.969636][ T7410] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006
[  264.969641][ T7410] RBP: 00007facfc822d6f R08: 0000000000000000 R09: 0000000000000000
[  264.969647][ T7410] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  264.969654][ T7410] R13: 00007facfca06308 R14: 00007facfca06270 R15: 00007ffc1402c948
[  264.969667][ T7410]  </TASK>
[  264.969671][ T7410] 
[  264.969674][ T7410] Allocated by task 7409:
[  264.969678][ T7410]  kasan_save_track+0x3e/0x80
[  264.969697][ T7410]  __kasan_slab_alloc+0x6c/0x80
[  264.969711][ T7410]  kmem_cache_alloc_noprof+0x33b/0x680
[  264.969725][ T7410]  ep_insert+0x512/0x1820
[  264.969737][ T7410]  do_epoll_ctl_file+0x8bb/0xed0
[  264.969753][ T7410]  __se_sys_epoll_ctl+0x14e/0x210
[  264.969761][ T7410]  do_syscall_64+0x15f/0x560
[  264.969770][ T7410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.969779][ T7410] 
[  264.969782][ T7410] Freed by task 7405:
[  264.969786][ T7410]  kasan_save_track+0x3e/0x80
[  264.969799][ T7410]  kasan_save_free_info+0x46/0x50
[  264.969810][ T7410]  __kasan_slab_free+0x5c/0x80
[  264.969818][ T7410]  kmem_cache_free+0x187/0x6c0
[  264.969826][ T7410]  eventpoll_release_file+0xc2/0x240
[  264.969838][ T7410]  __fput+0x83c/0xa70
[  264.969850][ T7410]  task_work_run+0x1d9/0x270
[  264.969860][ T7410]  get_signal+0x11eb/0x1330
[  264.969872][ T7410]  arch_do_signal_or_restart+0xbc/0x840
[  264.969881][ T7410]  exit_to_user_mode_loop+0x8c/0x4d0
[  264.969890][ T7410]  do_syscall_64+0x33e/0x560
[  264.969899][ T7410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.969907][ T7410] 
[  264.969910][ T7410] The buggy address belongs to the object at ffff8880372f91e0
[  264.969910][ T7410]  which belongs to the cache ep_head of size 16
[  264.969918][ T7410] The buggy address is located 8 bytes inside of
[  264.969918][ T7410]  freed 16-byte region [ffff8880372f91e0, ffff8880372f91f0)
[  264.969928][ T7410] 
[  264.969930][ T7410] The buggy address belongs to the physical page:
[  264.969948][ T7410] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880372f9280 pfn:0x372f9
[  264.969960][ T7410] memcg:ffff88803fe8b001
[  264.969965][ T7410] flags: 0x80000000000200(workingset|node=0|zone=1)
[  264.969976][ T7410] page_type: f5(slab)
[  264.969986][ T7410] raw: 0080000000000200 ffff88814041ec80 ffffea000089db90 ffffea0000d5be50
[  264.969995][ T7410] raw: ffff8880372f9280 000000080080002f 00000000f5000000 ffff88803fe8b001
[  264.969999][ T7410] page dumped because: kasan: bad access detected
[  264.970004][ T7410] page_owner tracks the page as allocated
[  264.970008][ T7410] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4983, tgid 4983 (udevd), ts 22671434037, free_ts 22103670382
[  264.970026][ T7410]  post_alloc_hook+0x1f9/0x250
[  264.970039][ T7410]  get_page_from_freelist+0x265c/0x26e0
[  264.970049][ T7410]  __alloc_frozen_pages_noprof+0x18d/0x380
[  264.970059][ T7410]  allocate_slab+0x74/0x5e0
[  264.970070][ T7410]  refill_objects+0x33c/0x3d0
[  264.970080][ T7410]  __pcs_replace_empty_main+0x373/0x720
[  264.970092][ T7410]  kmem_cache_alloc_noprof+0x433/0x680
[  264.970100][ T7410]  ep_insert+0x512/0x1820
[  264.970107][ T7410]  do_epoll_ctl_file+0x8bb/0xed0
[  264.970119][ T7410]  __se_sys_epoll_ctl+0x14e/0x210
[  264.970127][ T7410]  do_syscall_64+0x15f/0x560
[  264.970136][ T7410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.970144][ T7410] page last free pid 29 tgid 29 stack trace:
[  264.970149][ T7410]  __free_frozen_pages+0x10af/0x1190
[  264.970158][ T7410]  tlb_remove_table_rcu+0x85/0x100
[  264.970168][ T7410]  rcu_cpu_kthread+0x99e/0x1470
[  264.970177][ T7410]  smpboot_thread_fn+0x541/0xa50
[  264.970186][ T7410]  kthread+0x389/0x470
[  264.970194][ T7410]  ret_from_fork+0x514/0xb70
[  264.970205][ T7410]  ret_from_fork_asm+0x1a/0x30
[  264.970217][ T7410] 
[  264.970219][ T7410] Memory state around the buggy address:
[  264.970224][ T7410]  ffff8880372f9080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  264.970230][ T7410]  ffff8880372f9100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  264.970237][ T7410] >ffff8880372f9180: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[  264.970241][ T7410]                                                           ^
[  264.970246][ T7410]  ffff8880372f9200: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[  264.970252][ T7410]  ffff8880372f9280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  264.970256][ T7410] ==================================================================
[  264.986693][ T7410] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  264.986729][ T7410] CPU: 0 UID: 0 PID: 7410 Comm: syz.3.434 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  264.986756][ T7410] Tainted: [L]=SOFTLOCKUP
[  264.986763][ T7410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  264.986775][ T7410] Call Trace:
[  264.986782][ T7410]  <TASK>
[  264.986789][ T7410]  vpanic+0x56c/0xa60
[  264.986820][ T7410]  ? __pfx_vpanic+0x10/0x10
[  264.986842][ T7410]  ? __pfx___schedule+0x10/0x10
[  264.986863][ T7410]  panic+0xc5/0xd0
[  264.986884][ T7410]  ? __pfx_panic+0x10/0x10
[  264.986905][ T7410]  ? preempt_schedule_thunk+0x16/0x40
[  264.986928][ T7410]  ? clear_tfile_check_list+0x114/0x380
[  264.986946][ T7410]  check_panic_on_warn+0x89/0xb0
[  264.986967][ T7410]  ? clear_tfile_check_list+0x114/0x380
[  264.986985][ T7410]  end_report+0x73/0x170
[  264.987003][ T7410]  ? clear_tfile_check_list+0x114/0x380
[  264.987020][ T7410]  kasan_report+0x128/0x150
[  264.987039][ T7410]  ? clear_tfile_check_list+0x114/0x380
[  264.987059][ T7410]  clear_tfile_check_list+0x114/0x380
[  264.987078][ T7410]  ? clear_tfile_check_list+0x22/0x380
[  264.987096][ T7410]  do_epoll_ctl_file+0x8fd/0xed0
[  264.987122][ T7410]  ? do_epoll_ctl_file+0xac3/0xed0
[  264.987147][ T7410]  ? __pfx_do_epoll_ctl_file+0x10/0x10
[  264.987172][ T7410]  ? __fget_files+0x3a6/0x420
[  264.987195][ T7410]  ? __fget_files+0x2a/0x420
[  264.987220][ T7410]  __se_sys_epoll_ctl+0x14e/0x210
[  264.987238][ T7410]  ? __pfx___se_sys_epoll_ctl+0x10/0x10
[  264.987258][ T7410]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.987277][ T7410]  do_syscall_64+0x15f/0x560
[  264.987296][ T7410]  ? trace_irq_disable+0x3b/0x140
[  264.987314][ T7410]  ? clear_bhb_loop+0x40/0x90
[  264.987332][ T7410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.987353][ T7410] RIP: 0033:0x7facfc78ce59
[  264.987370][ T7410] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  264.987384][ T7410] RSP: 002b:00007facfa579028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  264.987404][ T7410] RAX: ffffffffffffffda RBX: 00007facfca06270 RCX: 00007facfc78ce59
[  264.987418][ T7410] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006
[  264.987430][ T7410] RBP: 00007facfc822d6f R08: 0000000000000000 R09: 0000000000000000
[  264.987441][ T7410] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  264.987453][ T7410] R13: 00007facfca06308 R14: 00007facfca06270 R15: 00007ffc1402c948
[  264.987474][ T7410]  </TASK>
[  264.987851][ T7410] Kernel Offset: disabled