last executing test programs:

7m50.707059648s ago: executing program 3 (id=58):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000400)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000100)="3b000000010001", 0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r1}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0xc4)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x200000a, 0x12, r2, 0x655dd000)
syz_emit_ethernet(0x4f, &(0x7f00000000c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="50a245d5cde0", @void, {@llc={0x4, {@snap={0x1, 0x3, "e8", "5d4bc4", 0x6004, "8084c6e9c9dfb6e5c3b9e70745a5588a40bcc6f142b34770cd7661bc25543075bde9e419e837605a8702bea4166831ecb5f99d68bdf906f3d8"}}}}}, 0x0)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup, 0xffffffffffffffff, 0x2, 0x6, 0x4000}, 0x20)
sendto$rxrpc(r4, &(0x7f0000000000)="1e73dc685dfc28017071cd5d616d2931a4ed0e5d0f6017acd220f8e45409e822379b27c6aa1e356ade19e44e5fccf1e2012e4661200d6b006ff957a1a5534550f56f3a0d067c941d4c91acd2dde55d953b2e117fab0bb3faacac9436a54ecf2be93366a96060a5f54ba496a777e41a56b99b1120d5ecae3d1e9876c17cf49971a9b85922f131c8d5e843ce50b106f125aa52df6fc63dafa36bca148dfedb42f365a3ec775760697649fc7068b71f1404f47763133940e35a657c998e", 0xbc, 0x4, 0x0, 0x0)

7m49.616440845s ago: executing program 3 (id=62):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_SET_PIN_FILE(r1, 0x4004f50d, &(0x7f0000000180)=0xfffffff9)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5})

7m48.483810613s ago: executing program 3 (id=66):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xb, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000700)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000280)={@flat=@weak_binder={0x77622a85, 0x101, 0x3}, @flat=@weak_binder={0x77622a85, 0x1001, 0x1}, @flat=@binder={0x73622a85, 0x0, 0x3}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000480)={0x2020}, 0x2020)

7m47.050441915s ago: executing program 3 (id=68):
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x10c42, &(0x7f0000000d80)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72f46e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f0374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d95539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b733597206000000000000ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7f54653b33118a4e01fcfe3a2329576bf6a45353bf9f720cea11bf481ed7ed0979416e75e6fa5f6b699749e9d4446c849ed79650b35dd0bd6e1955fe9b0c09861cf61fd57be7ba905990ed7a4c5b3793959636630d74ecc23264ea54d4d2cc4f112f49319943f00"/797], 0x1, 0x27a, &(0x7f0000000540)="$eJzs3DFrE38cx/FP0/zbNKVNhr+CgvhFF12ONj4ACdKCGFBqI+ogXO1FQ85cyYVKRGw3FwcfR3F0E9Qn0MXN3a2L4FJQjCRNTdKmitr0onm/oHff5pdP8rvkEr53kNu6+fxBqRA6BbeqWMIUk9a1LaUbVctIax1r1mPqtK7zk5/en7p+6/aVbC43t2A2n128kDGz6dOvHz5+ceZtdfLGy+lX49pM39n6mPmweXzzxNbXxfvF0IqhlYOqubYUBFV3yfdsuRiWHLNrvueGnhXLoVfpGi/4wcpKzdzy8lRypeKFobnlmpW8mlUDq1Zq5t5zi2VzHMemksLP5DcWFtxs1LNA38Qbi0ol645Kmtg3nN+IYlIAACBanf2/Bq7/b3QtP+7/1+n//wD9/zBo9P/J1ue3G/0/AAAAAAAAAAAAAAAAAAAAAAB/g+16PVWv11O7692/cUkJSbv/Rz1P9Afv/3Dr+OFeQvKfruZX85I/0lg2ZAsqypenGaX0pbk/tOzU85dzczPWlNYbf62VX1vNj3bnZ5VSund+didv3fn/lOzMZ5TS/73zmZ75MZ0725F3lNK7uwrka7m5X7fzT2bNLl3N7clPNO8HAAAAAMC/wLHveh6/O85B4zv5Xzg/sOf4Oq6T8Wi3HQAAAACAYRHWHpVc3/cq0RSfWycLIp7GgBfHJP1W/GLHVV/bQ/F9txx28SwYlJduAIuEpEN9wAn1Y6oRfikBAAAA6It20x/1TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF5HccGzA546dsSbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAETuWwAAAP//AmwlzQ==")
creat(&(0x7f0000000400)='./bus\x00', 0x2c)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1054, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xbe, 0x10002, 0x0, 0x1, 0x11, 0x0, "ef359f413bb901527f00d1ce5d29c3ee5e5c9e000f7c41499dc2aac63a01000000004600004faa2ad9c084ba00100000000000000000000000000000000800", "036c47c6780820040000549ba197fc09000000000000000100002a00ffffffffffffffff0000ecffe8f2000000100000000000000000000000000000006e00", "b7fdbd7b0c00006b1700000000000000000000000001000000000000005200", [0x80000001, 0x9]})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, 0x0)
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x441, 0x14a)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FITRIM(r1, 0xc0185879, 0x0)

7m46.628197792s ago: executing program 3 (id=69):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "e907f8f9951e76c13f64323723e7eecdf40c363423eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f8a1d34c07c3260049e4f8d3ee0878ae95bc7f52363c468b257ffb3baf7aea4fb76dcfd54f11ed2c41d078b9cf1fc8f72566153c97e4af37017ea6b16b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3c4891f9150d685a7d7c27df0355808390666e827d61dcc3a633bb0b1250b5a293e3877adc1a1b44b99c93d57fd720a170e7f5670e419dc64febf7ddc73fd4a5a0b6c281e05c541471d8d2a58f5edac665f7f46c7084e17c809268103a2584ab40a68e528329d97afc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc9c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d31ce0108dc556e597655ba11bacc032a16fbefc64776f363610a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141fa4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6fe50b892a69ec6dbecc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a361032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb67c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff4da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a73e0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847d6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aade89d0637d80a4c102a35eb027a08ef90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e988869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda417c9fafd90fb23504ab150ca0033b65ccd4e990cb2ba86ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da269560524ffa0f404b73b946edf900ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f711cdb2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aebe4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b5845ac97b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b41738b7f1a57c867d5b2ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00'})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x54, 0x0, 0xfffffffffffffd9c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7m46.145538369s ago: executing program 3 (id=73):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000cc0)={'syz1\x00', {}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffff9, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x8, 0x7f, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400]}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
readv(r0, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
ioctl$UI_DEV_DESTROY(r0, 0x5502)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)

7m45.719087116s ago: executing program 32 (id=73):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000cc0)={'syz1\x00', {}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffff9, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x8, 0x7f, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xa46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400]}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
readv(r0, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
ioctl$UI_DEV_DESTROY(r0, 0x5502)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)

27.150480945s ago: executing program 2 (id=905):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
io_setup(0x1088, &(0x7f00000001c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
socket(0x848000000015, 0x805, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
bind$xdp(r0, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x2a}, 0x10)
syz_io_uring_setup(0x2315, &(0x7f0000000100)={0x0, 0x9135, 0x1, 0x3, 0x274}, &(0x7f00000001c0), &(0x7f0000000340))

25.109496476s ago: executing program 2 (id=910):
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB])
add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
iopl(0x3)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x40000000000001, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="84010000100013070000000000000000fe880000000000000000000000000101ac1414aa00000000000000000000000000000000000000000000000033000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa00000000330000007f000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000000000000000000020000000d00000000000000480004007874732d63616d656c6c69612d6165736e692d617678320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c0014007368613100000000000008"], 0x184}, 0x1, 0x0, 0x0, 0x4}, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x10)
read$FUSE(r3, &(0x7f0000000e40)={0x2020}, 0x2020)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000600)={0x1}, 0x4)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat6\x00')
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000640)={0xffffffffffffffff, 0x7fff, 0x10}, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x6, 0xd, &(0x7f0000002e80)=@raw=[@map_idx_val={0x18, 0x5, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @jmp={0x5, 0x1, 0x3, 0x4, 0x1, 0x20, 0xffffffffffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x1, 0x2, 0x4, 0x0, 0xfffffffffffffe46, 0xffffffffffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f0000000380)='GPL\x00', 0x2, 0x43, &(0x7f0000000480)=""/67, 0x41100, 0x42, '\x00', 0x0, 0x25, r3, 0x8, &(0x7f0000000580)={0x3, 0x3}, 0x8, 0x10, &(0x7f00000005c0)={0x2, 0x6, 0x5367fe98, 0x1}, 0x10, 0x0, 0x0, 0x8, 0x0, &(0x7f00000006c0)=[{0x3, 0x1, 0x5, 0x3}, {0x1, 0x5, 0x1, 0xc}, {0x5, 0x1, 0x3, 0xc}, {0x3, 0x2, 0x9, 0x7}, {0x3, 0x2, 0xd, 0x8}, {0x5, 0x5, 0x9, 0x8}, {0x2, 0x2, 0x5, 0x5}, {0x3, 0x3, 0x42, 0xb}], 0x10, 0x4}, 0x94)
mount$overlay(0x0, 0x0, &(0x7f0000000240), 0x0, 0x0)
lstat(0x0, &(0x7f0000000780))
ioctl$FIONCLEX(r1, 0x5450)

21.534374533s ago: executing program 2 (id=916):
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x10, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x15)
writev(r4, &(0x7f0000000280)=[{&(0x7f00000001c0)}, {&(0x7f0000000380)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22b6f7c35463d4e4412c47cfb6ec9b430a303e113e45ba7557a7a50fea99aac08441939a8e86fb562126a1aae0317f2425c655738dbcd4d0ca8a58331d927719f4c273780e5c95b5be68fbd555707f69083ac73a7ee6fae316c9566901ab99747538bbf25a5cf92d4f5ce63a3161a43953c9ffd88e7ac88c09573bd2cd01", 0x9e}], 0x2)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r5, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000600)={0x80, 0x0, &(0x7f0000000500)=[@dead_binder_done, @register_looper, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000440)={@fda={0x66646185, 0x2, 0x0, 0x6}, @fd={0x66642a85, 0x0, r3}, @fda={0x66646185, 0x2, 0x2, 0x29}}, &(0x7f00000004c0)={0x0, 0x1c, 0x34}}}, @request_death, @exit_looper, @clear_death], 0x63, 0x0, &(0x7f0000000580)="a5ce513cc415ebb11210eb30c68234251373b2d39ef279c7538871a2255255013f92d59092b0811e26918babc228439702d49ece5b455324650c550a5c9a58eb027cf83bf8ec72ed866ce78216d5e5e037379f93c685c3518f033c5f65115b4592f974"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000280)={0x3}, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001200010a00818a33c843d56d96e95302b8909fbf2d0000000000000080000000"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0)
semget(0x1, 0x3, 0x319)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)

16.987809214s ago: executing program 4 (id=924):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
dup(r1)
getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e6, 0x0)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000500)="d7")
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080))

15.715311744s ago: executing program 1 (id=927):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000000085"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xe})
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000280)={r2, 0x0, 0x0, 0x0, 0x0, [<r3=>0x0], [], [], [0x0, 0x3, 0x400000006]})
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000280)={r3})
close(0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="1400000010000100edff0000000000000000000a58000000060a09040000000000000000020000002c000480280001800d00010073796e70726f787900000000140002800500020009000000080003400000000a0900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f00000003c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @generic={0x0, 0x2}]}}}}}}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket(0x2a, 0x2, 0xc00)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))

14.07962287s ago: executing program 2 (id=929):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x240, 0xd8, 0xa, 0xd0e0000, 0xd8, 0x100, 0x1a8, 0x1d8, 0x1d8, 0x1a8, 0x1d8, 0x3, 0x0, {[{{@ip={@local, @multicast2, 0xffffff00, 0xff, 'veth0\x00', 'team0\x00', {}, {}, 0x2, 0x3, 0x40}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1, 0xffff, 0x800, 0x1, 'syz1\x00', 'syz0\x00', {0x3}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x4, 0x2, 0x4, 0x3, 0x5, 0x3], 0x5, 0x5}, {0x0, [0x6, 0x6, 0x1, 0x7, 0x5, 0x5], 0x3, 0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@ipv4_delroute={0x40, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_SRC={0x8, 0x3, @multicast2}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r7 = socket(0x11, 0xa, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f00000003c0)=0x3c49, 0x4)
sendmsg$can_bcm(r7, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x0)
socket(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000140)}], 0x1)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x6, 0x0, 0x4}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_ID={0x0, 0x9, 0x1, 0x0, 0xfffffffd}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x45, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x8c}, 0x1, 0x0, 0x0, 0x40850}, 0x24044010)

14.011060041s ago: executing program 1 (id=930):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x3, 0x8000, 0x6}, 0x1c)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a", 0x3f0}, {&(0x7f00000003c0)="128b9306006d48", 0x7}], 0x3}, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
syz_clone3(&(0x7f0000000200)={0x800000, 0x0, 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0], 0x1}, 0x58)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000000c0)={0x1, @vbi={0xeb2, 0x9, 0x3, 0x32314752, [0x5, 0x3], [0x6e, 0x7fff], 0x108}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'dummy0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}, 0x1, 0x0, 0x0, 0x4000091}, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

12.569021833s ago: executing program 2 (id=933):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x42}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x5c}}, 0x0)
sysinfo(&(0x7f0000000000)=""/196)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000040000000040100"})
syz_io_uring_setup(0xd2, 0x0, &(0x7f00000002c0), &(0x7f0000000640))
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x151)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8000)
accept$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x1ff, 0x0, 0x8009}, 0x10)
write(r2, &(0x7f0000000000)="240000001a005f0214f9f407000904001f0000000002000000", 0x19)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
semop(0x0, &(0x7f00000003c0)=[{0x0, 0x7fff, 0x1000}], 0x1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r4, 0x4188aec6, &(0x7f0000000040)={0x7})
syz_open_procfs(0x0, &(0x7f0000000100)='net/nf_conntrack\x00')

12.429965415s ago: executing program 1 (id=934):
socket$netlink(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = openat$rdma_cm(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socket(0x1e, 0x4, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000400), 0x6, 0x303040)
fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f0000000440)=0x3)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0)
fsopen(&(0x7f0000000000)='gadgetfs\x00', 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff}, 0x13f, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(r1, &(0x7f0000000500)={0x6, 0x118, 0xfa00, {{0x7f, 0x4, "a6845686a9421b5f8f8879644a1e0a109de7c1b06b5c37456f86e453af80c23ef88a3fcf60856a872f014dc08afe1c2056c930ca3407e048b7302f90cd32264ea0be2ba3cf4ed9ab620f5b7b768f8e05b87f176cbd16ce71241cc647b95ac3c92b0963ac376b62f2b0390611e6b88d5a3bd3bf14f762e525ceddde5d605a131321b414bd200231b459d092aecf84ef71cba27d0d6eefda9ba4a7182fb31e1b522d09d19cb97459f665f5533c7ca3924f42bee7439f37d5df460b3a84fb9624df3f0b9ac5116ecd2ba216630b0e4233d76a1cd6804bc44c47d9d5bb3a6638e3080036ed7b918c8c4226218d73b4bfd59113f896fd5fee6c39fddbc84322eaf407", 0x1, 0x0, 0x7, 0x3, 0xf, 0x2, 0x4}, r5}}, 0x120)
write$proc_mixer(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="524144494f0a434420274d6963204374707475726520537769746368272030303030303030303030303030303030303030300a494741494e0a545245424c45202743442043617074757265205377697463682720303030b0303030103030303030303030303030300a524144494f0a535045414b455220274d696320436170747531dbd6c758726520537769746368272030303030303430303030"], 0xd3)
close_range(r4, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000100)={'caif0\x00', &(0x7f0000000200)=@ethtool_channels={0x3c, 0x8f4e, 0x5, 0x1, 0x0, 0x0, 0x0, 0x8, 0x3}})
sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRES64=r4], 0x64}}, 0x0)
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000040))
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0)

12.202629269s ago: executing program 4 (id=936):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_open_procfs$pagemap(0x0, 0x0)
setrlimit(0x0, &(0x7f0000000100)={0x4, 0xffffffffffffff01})
ioprio_set$pid(0x1, 0x0, 0x0)
pipe2(0x0, 0x800)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x60680, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x480, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x38f0c2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
pipe(&(0x7f00000007c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r6)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0xe24, @loopback}}, 0x0, 0x20000000005, 0x21, 0x0, "000000000000000000000000000000efbf47ab0485ba290000000000000000000000000100"}, 0xd8)
bind$inet(r7, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r5, 0x0, r6, 0x0, 0xfffd, 0x0)
sendfile(r1, r0, 0x0, 0x6)

12.177829279s ago: executing program 1 (id=937):
syz_emit_ethernet(0xbe, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800450000b00000000000119078000000000000000000004e22009c90780100"/167], 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x3, 0x4000043)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x9, 0x7, {0x5, 0x4, 0x0, 0x30, 0xfffa, 0x64, 0x84, 0xea, 0x32, 0x0, @private=0xa010101, @loopback}}}}}}, 0x0)
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_dev$swradio(&(0x7f0000003900), 0x1, 0x2)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6(0xa, 0x80001, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000e00)={'ip6_vti0\x00', &(0x7f0000000d80)={'syztnl1\x00', 0x0, 0x29, 0x20, 0x0, 0xf5, 0x29, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, 0x7800, 0x1, 0xff, 0x1000}})
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

10.822961371s ago: executing program 4 (id=939):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_io_uring_setup(0x497, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x110, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240))
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0x1, 0x7ffe}, 0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_begin\x00', r3}, 0x18)
ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00')
writev(r4, &(0x7f0000003740)=[{&(0x7f0000001440)='deny', 0x4}], 0x1)

9.019680578s ago: executing program 0 (id=940):
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setxattr$security_ima(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000180), 0x0, 0x0, 0x1)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x2717, 0x0, &(0x7f0000000000))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000907000/0x1000)=nil, 0x1000, 0xb)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@o_path={&(0x7f0000000000)='./file1\x00', 0x0, 0x4010, r2}, 0x14)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x20000841, 0x0, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x80040, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0xb, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000300), &(0x7f0000000140)=r5}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r6, &(0x7f0000000080)}, 0x20)
r7 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x1c9, 0x12)

7.890378716s ago: executing program 1 (id=941):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r4 = socket(0x848000000015, 0x805, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @private2, 0x3ff}, 0x1c)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
bind$xdp(r2, &(0x7f0000000080)={0x2c, 0x0, 0x0, 0x2a}, 0x10)
r6 = syz_io_uring_setup(0x2315, &(0x7f0000000100)={0x0, 0x9135, 0x1, 0x3, 0x274}, &(0x7f00000001c0), &(0x7f0000000340))
mmap$IORING_OFF_CQ_RING(&(0x7f0000881000/0x3000)=nil, 0x3000, 0x2000001, 0x10, r6, 0x8000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
ioctl$mixer_OSS_GETVERSION(r0, 0x40086602, &(0x7f0000000000))

7.888975296s ago: executing program 0 (id=949):
r0 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r0, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x48, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x4000000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$rds(0x15, 0x5, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f00000001c0), 0x0, 0x101a02)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r4 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsmount(r4, 0x0, 0x1)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0xffffff1f}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb71658bda99b49720fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
recvmsg$kcm(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x202)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "f1ff5ef2fe010017", "9e8ecc7bb5352776725e1047711330ff2bb17b5508000000000000009bc400", "c9063700", "46b0dc72b7b1d30e"}, 0x38)
r6 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r6, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x20000000, 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
mmap$snddsp_control(&(0x7f0000003000/0x2000)=nil, 0x1000, 0x1000008, 0x4010, 0xffffffffffffffff, 0x83000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

5.842578549s ago: executing program 4 (id=942):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r7, &(0x7f0000000180), 0x10)
sendmsg$can_bcm(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$can_bcm(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x800)
r8 = socket$packet(0x11, 0x3, 0x300)
r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000380), 0x109001, 0x0)
ioctl$RTC_AIE_ON(r9, 0x7001)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
socket$packet(0x11, 0x2, 0x300)

5.608138472s ago: executing program 0 (id=943):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = io_uring_setup(0x62d0, &(0x7f0000000140)={0x0, 0x49fd, 0x10003, 0x20002, 0x185})
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file0\x00', 0x20404a, &(0x7f00000003c0)=ANY=[], 0xfd, 0x1e0, &(0x7f0000000500)="$eJzslj3PEkEQx/+7dznAaEwsbSwkUQuPu0ONDYk0VhYmvhALE4mcBDklAQohMegnsLezsPcLmGjrhzBoow1W2tis2du9YyV3vIoUz/yKef53z+zs3MxmFhAEcWT5+uXXVPysfSsCOI4yCvr9d2vuww3/z8Ufzz/euN54df/tp8LULWXFFGL9/W0AH+oWhunav1eX9d/b4Km+A44LWjfA4Gr9ABx3tQ7BcE/rx4buSX/XfdSJQvdhL2pJ4UnjSxNIU13Mb/aSoWXkx4z/D0bjbjOKwv4exar6zeocNSM/s18uVLaeUT8fHL7WVTDc0voqCkltVEmM7z9tz+NbS7/fwb4rIlPZYNWpE7mtcgBslwbAduu9nb7BC31k93mGcoSFWCQd/UeRrU2c+fZ7yYO+wgf2f68q262Y2/Ti/TW1JnkjJuo59jmZE1BM1tzCwSofIKPy6XwSbxjOGfNJjZLX8VUjW1gZjMYXO0+a7bAdPg2C6hXvkuddDirxIFJ2yfwrxfPp2Dx+5p0kcZiDZ83hsO8rmz4HymZNXB7PP47zZ9WzbK6zELdoaAaIiYgBU7O3+w4sN3+CIIhDcQbst9DYidC3CYzfujcPmCNBEARBEARBEARBELvxJwAA//8Pa0t8")
socket$inet6(0xa, 0x805, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$USBDEVFS_ALLOW_SUSPEND(r4, 0x5522)
close_range(r3, 0xffffffffffffffff, 0x0)
getsockopt$bt_hci(r2, 0x84, 0x7d, &(0x7f0000000840)=""/4127, &(0x7f0000000000)=0x101f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000009c0)='kfree\x00'}, 0x10)
r9 = userfaultfd(0x1)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f0000000040))

4.055665557s ago: executing program 4 (id=944):
socket(0x1d, 0x3, 0x1)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207ec070200000028bd7000fcdbdf25"], 0x10}}, 0x4400c420)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x74}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x11, 0x3, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004600002c0000000000059078ac141400e00000010704040500000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c0000fb8f7809f1"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r5, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4, 0x3f}]}]}}]}, 0xa4}, 0x1, 0x7a00}, 0x4000000)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640200000000500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x20000000)
sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x3, 0x6, 0x801, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x5}, 0x44084)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x400c9206, &(0x7f0000000080)={0x0, 0x0})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)

3.85813358s ago: executing program 0 (id=945):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x4121, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000580)='/dev/comedi4\x00', 0x2840, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x242, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
write$binfmt_script(r2, &(0x7f0000000080)={'#! ', './file0/file0'}, 0x11)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x10001, 0x0, 0x0, 0x0, 0xf6e4}, 0x0, 0x0, 0x0, 0x0)
sendmsg$802154_raw(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000001240)={0x24, @none={0x0, 0xffff}}, 0x14, &(0x7f0000001300)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x20004880)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.83732282s ago: executing program 1 (id=946):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000480)={0x14, r2, 0x1, 0x0, 0x0, {{0x2}, {@void, @void}}}, 0x14}}, 0x4040)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, r3)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r6=>0x0})
bind$packet(r4, &(0x7f0000000300)={0x11, 0x6, r6}, 0x14)
r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000200)={0x0, 0x1, 0x0, &(0x7f0000000000)=""/24, 0x0, 0x8000000})
ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000680))
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='statm\x00')
dup3(r4, r8, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r7, 0x4008af30, &(0x7f00000000c0)={0x0, r8})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_tables_names\x00')
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00')
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
syz_open_dev$usbmon(0x0, 0x7, 0x0)

1.694959923s ago: executing program 0 (id=947):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getsockopt$MRT(0xffffffffffffffff, 0x0, 0xd0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
socket$inet6(0xa, 0x80000, 0x1ff)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r4, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x24000048, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000200)=0x4224, 0x4)
sendto$inet6(r4, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=""/81, 0x51}, 0x5}], 0x1, 0x2001, 0x0)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(r3, &(0x7f0000000180), 0x0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x8000000, @loopback, 0xffffffff}, 0x1c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x37, 0x1, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="756e695f786c6174653d312c73686f72746e616d653d77696e39352c756e695f786c6174653d312c646f733178666c6f7070792c757466383d312c757466383d302c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c756e695f786c6174653d312c009aaa21b5084a2ac75af86d4f32151f53248eb7ec539fff0bd244bb2559d414561138c259cecc8dccf4475a9e05a9b714d4939bee6cf0f1e7a889f8100c41c843380270c20100000000000000c5"], 0x0, 0x25f, &(0x7f0000000980)="$eJzs3U9rI3UYB/Cn3br9s+ymBxEUxB960cuwra8gyC6KBaVuRD0Is3aqoWNSMqESEdeD4NWrb2Hx6E1Q30Av3rx7y0XwsgcxsknjJmtExXaT3X4+UOZpfvOFZ8gQnl8gSf+rlyP2q2w/78byWorltTixPC5iaeKRpbgYkz6LFy79+tPTb7z9zqv1nZ1ruyldr994cTuldOWZ7z765Otnf+heevObK9+uxvHmu/1ftn8+fuL4yf7vNz5oVqlZpVa7m/J0s93u5jfLIu01q4MspdfLIq+K1GxVRWdqfb9sHx72Ut7au7xx2CmqKuWtXjooeqnbTt1OL+Xv581WyrIsXd4I/knj9u5uXp93F5ytTqeeX4iI9b+sNG7PpSEAYK76b3354cHk/H93pL8TsXna8//nqxHm/wVj/j8P7s7/G1M7+jHzPwAAAAAAAAAAAAAAPAzuDAa1wWBQGx/Hf6sRsRYR4//n3Sdn4/88/4OlB98vp2vig3trEeUXR42jxug4Wq/vRzPKKOJq1OK34f1wYlRff2Xn2tU0tBnfl7dO8reOGhem81tRi83Z+a1RPk3nH4uNyfx21OLx2fntmfmL8fxzE/ksavHje9FeL2NveF/fy3+6ldJLr+3cl18fngcAAACPgiz9aeb+Pcv+bn2U/w/vD9y3v16Jp1bme+0AAABwXlS9jw/ysiw6i1usxkK0oVA8EsVKRPyLk+f9ygQAAJy2e0N/zPyFQAAAAAAAAAAAAAAAAAAAAODsPYivHJv3NQIAAAAAAAAAAAAAAAAAAAAAAMCi+CMAAP//Wdcrdw==")

475.483652ms ago: executing program 0 (id=948):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_open_dev$loop(0x0, 0xceba, 0x402603)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r5, 0x40045010, &(0x7f0000000040)=0x9)
r6 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f00000014c0)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004811)
r7 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="89000000120081ae08060cdc030ec0007f0600000000400100e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32cb83c8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x0)
ioctl$FS_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000340)=0x10)
syz_read_part_table(0x1076, &(0x7f0000000440)="$eJzs0L1NxEAQBeDn898tSIjGSGmCJqiDVmiCLogJkAgQg3aPowO45PuC8Wg8zxo5XNRzS7aq2rInez5qzuuWtBzG66er8eh13XM8p27PzcN7kqqXOV9VVcuUtLq/a2P1s4+SqS8u68gtuRmB5W3N2Jl/L9lGXXrZkxx+LjhNpsfe9OyxnT7YXf/57wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf/EdAAD//4s3G3w=")
write$tcp_congestion(r8, &(0x7f0000000100)='illinois\x00', 0x9)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8040, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

379.315304ms ago: executing program 2 (id=950):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key$user(0x0, &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000140), 0x0, 0xfffffffffffffffe)
r5 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000040)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14\\//\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)={'xxhash64-generic\x00'}})
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000080)={'pcl818\x00', [0x2f00, 0x7, 0x5, 0xa, 0x12, 0x400003, 0x1, 0x9, 0x1000, 0x200001, 0xa, 0xfffffff9, 0x6, 0x4, 0x3, 0x8000, 0xfffffffd, 0x9, 0x200, 0x6, 0x3ff, 0x2, 0x7f8, 0xe2df, 0x3, 0x5, 0x4, 0x4, 0x7, 0x2, 0x4]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
dup(r1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x4b0, 0x220, 0x310, 0xffffffff, 0xf0, 0x0, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xe}}}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x510)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 4 (id=951):
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r2, 0x0, 0x0, 0x10008095, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000240)={0x0, 0xf0ffffff, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400a0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)

kernel console output (not intermixed with test programs):

igured BSSID 50:50:50:50:50:50
[   75.139835][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.149829][ T2189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.234913][ T2189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.257936][ T2189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.291389][ T2189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.321898][ T2189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.570136][   T27] audit: type=1326 audit(1753121316.950:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.1" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b61d8e9a9 code=0x0
[   75.689892][ T5906] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[   75.696749][ T5906] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   75.732457][ T5906] vhci_hcd vhci_hcd.0: Device attached
[   75.755409][ T5897] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   75.784483][ T5909] vhci_hcd: connection closed
[   75.785745][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   75.788913][   T59] vhci_hcd: stop threads
[   75.791308][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   75.855257][   T59] vhci_hcd: release socket
[   75.904680][   T59] vhci_hcd: disconnect device
[   75.971986][   T23] vhci_hcd: vhci_device speed not set
[   76.657357][ T5926] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11'.
[   76.831309][   T27] audit: type=1326 audit(1753121318.210:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5932 comm="syz.0.13" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b61d8e9a9 code=0x0
[   76.909356][ T5797] Bluetooth: hci2: command tx timeout
[   76.909449][ T5798] Bluetooth: hci3: command tx timeout
[   76.915506][   T50] Bluetooth: hci0: command tx timeout
[   76.922351][ T5793] Bluetooth: hci1: command tx timeout
[   77.944830][ T5944] fuse: Bad value for 'fd'
[   78.897449][ T5948] syz.1.18[5948]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   78.958609][ T5948] loop1: detected capacity change from 0 to 512
[   78.969805][ T5948] EXT4-fs: Ignoring removed nobh option
[   79.056090][ T5948] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   79.067634][ T5955] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   79.151793][ T5948] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.18: invalid indirect mapped block 2683928664 (level 1)
[   79.213852][ T5948] EXT4-fs (loop1): 1 truncate cleaned up
[   79.228465][ T5948] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.402769][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.648296][ T5968] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   79.688773][    T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   79.724380][ T5969] random: crng reseeded on system resumption
[   79.911997][    T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.952711][ T5975] fuse: Bad value for 'fd'
[   79.972538][    T8] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[   80.011984][    T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   80.036425][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.045607][    T8] usb 3-1: Product: syz
[   80.051161][    T8] usb 3-1: Manufacturer: syz
[   80.061393][    T8] usb 3-1: SerialNumber: syz
[   80.104507][    T8] cdc_mbim 3-1:1.0: skipping garbage
[   80.186562][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   80.636411][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   81.049101][    T8] cdc_mbim 3-1:1.0: bind() failure
[   81.077908][    T8] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[   81.116975][    T8] cdc_ncm 3-1:1.1: bind() failure
[   81.211316][    T8] usb 3-1: USB disconnect, device number 2
[   81.387662][ T5793] Bluetooth: hci2: command tx timeout
[   81.736815][ T5997] loop2: detected capacity change from 0 to 512
[   81.748877][ T5997] EXT4-fs: Ignoring removed nobh option
[   81.801390][ T5997] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[   81.829701][ T5997] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.33: invalid indirect mapped block 2683928664 (level 1)
[   81.967069][ T5997] EXT4-fs (loop2): 1 truncate cleaned up
[   81.987492][ T5997] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.118130][   T28] cfg80211: failed to load regulatory.db
[   82.964456][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.057797][ T6008] warning: `syz.3.35' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   83.468462][ T5793] Bluetooth: hci2: command tx timeout
[   83.866691][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   83.936998][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   83.944544][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   83.977078][ T6013] loop1: detected capacity change from 0 to 32768
[   83.992670][ T6013] =======================================================
[   83.992670][ T6013] WARNING: The mand mount option has been deprecated and
[   83.992670][ T6013]          and is ignored by this kernel. Remove the mand
[   83.992670][ T6013]          option from the mount to silence this warning.
[   83.992670][ T6013] =======================================================
[   84.253421][ T6031] Zero length message leads to an empty skb
[   84.419920][ T6013] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[   84.429548][ T5793] Bluetooth: hci3: command tx timeout
[   85.591373][   T27] audit: type=1800 audit(1753121326.970:4): pid=6013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.38" name="file1" dev="loop1" ino=17059 res=0 errno=0
[   85.756490][ T6013] (syz.1.38,6013,1):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options
[   85.810657][   T27] audit: type=1800 audit(1753121327.190:5): pid=6013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.38" name="file1" dev="loop1" ino=17059 res=0 errno=0
[   85.893405][ T6054] loop3: detected capacity change from 0 to 512
[   85.939575][ T6054] EXT4-fs: Ignoring removed nobh option
[   85.960276][ T6013] syz.1.38 (6013) used greatest stack depth: 20552 bytes left
[   86.029918][ T5792] ocfs2: Unmounting device (7,1) on (node local)
[   86.226099][ T6054] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   86.493041][ T6054] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.45: invalid indirect mapped block 2683928664 (level 1)
[   86.585831][ T5793] Bluetooth: hci3: command tx timeout
[   86.779707][ T6054] EXT4-fs (loop3): 1 truncate cleaned up
[   86.839768][ T6054] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.103250][ T6061] syzkaller0: entered promiscuous mode
[   87.120997][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.132933][ T6061] syzkaller0: entered allmulticast mode
[   87.269457][ T6080] loop3: detected capacity change from 0 to 256
[   87.364560][ T6080] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xc65ab44c, utbl_chksum : 0xe619d30d)
[   87.412448][ T6080] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000005)
[   87.441012][ T6080] exFAT-fs (loop3): failed to initialize root inode
[   87.594401][ T6089] loop3: detected capacity change from 0 to 256
[   87.614554][ T6089] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   87.643341][ T6089] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[   87.671949][ T6089] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   87.723059][   T28] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   87.939772][   T28] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   87.954413][   T28] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[   87.966880][   T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.996292][   T28] usb 2-1: config 0 descriptor??
[   88.013450][   T28] pwc: Askey VC010 type 2 USB webcam detected.
[   88.223116][   T28] pwc: send_video_command error -71
[   88.229195][   T28] pwc: Failed to set video mode CIF@30 fps; return code = -71
[   88.250215][   T28] Philips webcam: probe of 2-1:0.0 failed with error -71
[   88.272983][   T28] usb 2-1: USB disconnect, device number 2
[   88.858596][   T28] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   89.049247][   T28] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   89.066162][   T28] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[   89.072014][ T5793] Bluetooth: hci1: command tx timeout
[   89.083493][   T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.113331][   T28] usb 2-1: config 0 descriptor??
[   89.141209][   T28] pwc: Askey VC010 type 2 USB webcam detected.
[   89.533844][ T6080] veth1_to_bridge: entered promiscuous mode
[   89.539999][ T6080] veth1_to_bridge: entered allmulticast mode
[   89.553544][ T6080] bridge0: port 3(veth1_to_bridge) entered blocking state
[   89.578374][ T6080] bridge0: port 3(veth1_to_bridge) entered disabled state
[   89.588086][ T6080] bridge0: adding interface veth1_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[   89.592112][   T28] pwc: recv_control_msg error -32 req 02 val 2b00
[   89.628448][   T28] pwc: recv_control_msg error -32 req 02 val 2700
[   89.636096][ T2983] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.680831][   T28] pwc: recv_control_msg error -32 req 02 val 2c00
[   89.698414][   T28] pwc: recv_control_msg error -32 req 04 val 1000
[   89.719707][   T28] pwc: recv_control_msg error -32 req 04 val 1300
[   89.737674][   T28] pwc: recv_control_msg error -32 req 04 val 1400
[   89.763038][   T28] pwc: recv_control_msg error -32 req 02 val 2000
[   90.008286][   T28] pwc: recv_control_msg error -71 req 04 val 1500
[   90.033834][   T28] pwc: recv_control_msg error -71 req 02 val 2500
[   90.051839][   T28] pwc: recv_control_msg error -71 req 02 val 2400
[   90.069596][   T28] pwc: recv_control_msg error -71 req 02 val 2600
[   90.101914][   T28] pwc: recv_control_msg error -71 req 02 val 2900
[   90.121593][   T28] pwc: recv_control_msg error -71 req 02 val 2800
[   90.142508][   T28] pwc: recv_control_msg error -71 req 04 val 1100
[   90.159082][   T28] pwc: recv_control_msg error -71 req 04 val 1200
[   90.183426][   T28] pwc: Registered as video103.
[   90.214268][   T28] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5
[   90.277433][   T28] usb 2-1: USB disconnect, device number 3
[   90.808462][ T6152] Bluetooth: MGMT ver 1.22
[   90.824731][ T6152] netlink: 'syz.3.58': attribute type 10 has an invalid length.
[   91.146676][ T5793] Bluetooth: hci1: command tx timeout
[   91.421999][ T6152] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   91.965612][ T6168] loop3: detected capacity change from 0 to 40427
[   92.031722][ T6168] F2FS-fs (loop3): invalid crc value
[   92.068141][ T6168] F2FS-fs (loop3): Found nat_bits in checkpoint
[   92.109545][ T6168] F2FS-fs (loop3): Start checkpoint disabled!
[   92.126469][ T5837] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   92.162146][ T6168] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[   92.402684][ T5837] usb 2-1: Using ep0 maxpacket: 16
[   92.598507][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   92.611004][ T5837] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   92.620350][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.636431][ T5837] usb 2-1: Product: syz
[   92.640646][ T5837] usb 2-1: Manufacturer: syz
[   92.645266][ T5837] usb 2-1: SerialNumber: syz
[   92.660857][ T5837] usb 2-1: config 0 descriptor??
[   92.681118][ T5837] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   92.722484][ T5837] em28xx 2-1:0.0: DVB interface 0 found: bulk
[   93.402049][   T79] kworker/u4:5: attempt to access beyond end of device
[   93.402049][   T79] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   93.443469][   T79] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   93.461977][   T79] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   93.528984][ T5837] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[   93.978454][ T5837] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   94.026866][ T5837] em28xx 2-1:0.0: board has no eeprom
[   94.103833][ T6198] binder: 6197:6198 ioctl c0306201 200000000080 returned -14
[   94.116493][ T5837] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[   94.125798][ T5837] em28xx 2-1:0.0: dvb set to bulk mode.
[   94.136271][    T9] em28xx 2-1:0.0: Binding DVB extension
[   94.193373][ T5837] usb 2-1: USB disconnect, device number 4
[   94.239426][ T5837] em28xx 2-1:0.0: Disconnecting em28xx
[   94.259242][ T6202] loop3: detected capacity change from 0 to 128
[   94.274827][    T9] em28xx 2-1:0.0: Registering input extension
[   94.282571][ T5837] em28xx 2-1:0.0: Closing input extension
[   94.310158][ T5837] em28xx 2-1:0.0: Freeing device
[   94.408998][ T6202] support for the xor transformation has been removed.
[   95.231231][   T42] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.283571][ T6216] netlink: 60 bytes leftover after parsing attributes in process `syz.1.74'.
[   95.371803][   T42] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.500602][   T42] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.633459][   T42] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.748897][ T6226] loop0: detected capacity change from 0 to 256
[   96.328873][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   96.341201][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   96.358189][   T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   96.380122][   T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   96.400957][   T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   96.420026][   T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   96.986651][ T5793] Bluetooth: hci0: command 0x0406 tx timeout
[   97.316848][ T6266] loop0: detected capacity change from 0 to 512
[   97.331567][ T6266] EXT4-fs: Ignoring removed bh option
[   97.496920][ T6266] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.85: corrupted in-inode xattr: invalid ea_ino
[   98.276285][ T6266] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.85: couldn't read orphan inode 15 (err -117)
[   98.404488][ T6266] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.506683][ T5798] Bluetooth: hci1: command tx timeout
[   98.527673][ T6278] binder_alloc: 6277: binder_alloc_buf size 12280 failed, no address space
[   98.570913][ T6278] binder_alloc: allocated: 72 (num: 1 largest: 72), free: 12216 (num: 1 largest: 12216)
[   98.921741][ T6276] loop1: detected capacity change from 0 to 65536
[   98.947365][ T6232] chnl_net:caif_netlink_parms(): no params data found
[   99.007462][ T6276] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[   99.103889][ T6283] syz.2.90 uses obsolete (PF_INET,SOCK_PACKET)
[   99.117582][ T6276] XFS (loop1): Ending clean mount
[   99.143381][ T5787] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[   99.935372][ T5792] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  100.312808][   T42] hsr_slave_0: left promiscuous mode
[  100.381626][   T42] hsr_slave_1: left promiscuous mode
[  100.404192][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.463950][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[  100.468151][ T6314] dccp_close: ABORT with 32 bytes unread
[  100.499436][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  100.516734][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[  100.533786][   T42] bridge0: port 3(veth1_to_bridge) entered disabled state
[  100.564726][   T42] bridge_slave_1: left allmulticast mode
[  100.577559][   T42] bridge_slave_1: left promiscuous mode
[  100.586424][ T5798] Bluetooth: hci1: command tx timeout
[  100.606588][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.632337][   T42] bridge_slave_0: left allmulticast mode
[  100.678742][   T42] bridge_slave_0: left promiscuous mode
[  100.696639][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.785715][   T42] veth1_macvtap: left promiscuous mode
[  100.810483][ T6320] loop2: detected capacity change from 0 to 256
[  100.812911][   T42] veth0_macvtap: left promiscuous mode
[  100.837177][   T42] veth1_vlan: left promiscuous mode
[  100.843976][   T42] veth0_vlan: left promiscuous mode
[  100.891511][ T6320] loop2: detected capacity change from 0 to 512
[  100.932741][ T6320] ext2: Unknown parameter 'smackfsroot'
[  102.679163][ T5798] Bluetooth: hci1: command tx timeout
[  103.447255][   T42] team0 (unregistering): Port device team_slave_1 removed
[  104.336070][   T42] team0 (unregistering): Port device team_slave_0 removed
[  104.746401][ T5798] Bluetooth: hci1: command tx timeout
[  105.336708][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  105.469599][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.802832][   T42] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  107.330411][   T42] bond0 (unregistering): Released all slaves
[  107.579596][ T6232] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.606793][ T6232] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.632004][ T6232] bridge_slave_0: entered allmulticast mode
[  107.649994][ T6232] bridge_slave_0: entered promiscuous mode
[  107.703646][ T6232] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.745645][ T6232] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.795850][ T6232] bridge_slave_1: entered allmulticast mode
[  107.811156][ T6232] bridge_slave_1: entered promiscuous mode
[  107.915570][ T6232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.945175][ T6232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.041670][ T6232] team0: Port device team_slave_0 added
[  108.095962][ T6232] team0: Port device team_slave_1 added
[  108.231630][ T6232] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.239022][ T6232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.265599][ T6232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.279428][ T6232] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.286932][ T6232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.313591][ T6232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.440474][ T6232] hsr_slave_0: entered promiscuous mode
[  108.457978][ T6232] hsr_slave_1: entered promiscuous mode
[  108.465910][ T6232] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  108.496227][ T6232] Cannot create hsr debugfs directory
[  109.465455][ T6232] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  109.504725][ T6232] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  109.526143][ T6232] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  109.542606][ T6232] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  109.667353][    T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  109.785659][ T6232] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.830552][ T6232] 8021q: adding VLAN 0 to HW filter on device team0
[  109.840204][ T6387] loop1: detected capacity change from 0 to 32768
[  109.857423][ T6387] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop1 scanned by syz.1.112 (6387)
[  109.878145][    T9] usb 1-1: config 0 has no interfaces?
[  109.899291][ T2189] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.906553][ T2189] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.937042][    T9] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  109.946223][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.971586][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.978817][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.988734][ T6387] BTRFS info (device loop1): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  110.005143][    T9] usb 1-1: Product: syz
[  110.012189][ T6387] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  110.023229][    T9] usb 1-1: Manufacturer: syz
[  110.042701][    T9] usb 1-1: SerialNumber: syz
[  110.051337][ T6387] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8)
[  110.073665][    T9] usb 1-1: config 0 descriptor??
[  110.116242][ T6387] BTRFS info (device loop1): use lzo compression, level 0
[  110.143644][ T6387] BTRFS info (device loop1): using free space tree
[  110.149589][ T6232] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  110.361746][ T6387] BTRFS info (device loop1): enabling ssd optimizations
[  110.368048][    T9] usb 1-1: USB disconnect, device number 2
[  110.369281][ T5798] Bluetooth: hci0: unexpected subevent 0x0c length: 244 > 5
[  110.389259][ T6387] BTRFS info (device loop1): auto enabling async discard
[  110.758191][ T6232] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.040862][ T5792] BTRFS info (device loop1): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  111.584285][ T6232] veth0_vlan: entered promiscuous mode
[  111.616184][   T55] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  111.769147][ T6232] veth1_vlan: entered promiscuous mode
[  112.015109][   T55] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.102363][ T6232] veth0_macvtap: entered promiscuous mode
[  112.165237][   T55] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  112.171407][ T6232] veth1_macvtap: entered promiscuous mode
[  112.273567][   T55] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  112.295270][ T6232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.376157][ T6232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.424898][   T55] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  112.471446][ T6232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.492117][   T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.039995][ T6232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.236479][   T55] usb 1-1: Product: syz
[  114.240715][   T55] usb 1-1: Manufacturer: syz
[  114.245716][ T6232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.267915][ T6232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.278461][   T55] usb 1-1: SerialNumber: syz
[  114.297610][   T55] usb 1-1: config 0 descriptor??
[  114.322765][ T6232] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.427924][   T55] usb 1-1: can't set config #0, error -71
[  114.460015][ T6232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.476482][   T55] usb 1-1: USB disconnect, device number 3
[  114.496385][ T6232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.556521][ T6232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.595282][ T6232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.621463][ T6232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.641631][ T6232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.671731][ T6232] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.920602][ T6232] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.934485][ T6232] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.985647][ T6232] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.093237][ T6232] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.167170][   T55] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  115.487418][   T55] usb 1-1: Using ep0 maxpacket: 32
[  115.506177][   T55] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  115.540455][   T55] usb 1-1: config 0 has no interface number 0
[  115.555463][   T55] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  115.565255][   T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.587215][   T55] usb 1-1: Product: syz
[  115.599594][   T55] usb 1-1: Manufacturer: syz
[  115.627484][   T55] usb 1-1: SerialNumber: syz
[  115.639398][   T55] usb 1-1: config 0 descriptor??
[  115.659486][   T55] smsc95xx v2.0.0
[  116.074309][ T6491] loop1: detected capacity change from 0 to 32768
[  116.118888][ T6491] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  116.150420][   T55] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  116.186990][   T55] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  116.204836][ T2189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.230337][ T2189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.299186][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.301767][ T6491] XFS (loop1): Ending clean mount
[  116.343813][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.345402][ T6491] XFS (loop1): Quotacheck needed: Please wait.
[  116.544754][ T6491] XFS (loop1): Quotacheck: Done.
[  117.287853][ T6494] loop2: detected capacity change from 0 to 32768
[  117.306953][ T6494] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop2 scanned by syz.2.124 (6494)
[  117.400698][ T6494] BTRFS info (device loop2): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  117.442984][ T6494] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  117.479553][ T5792] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  117.486210][ T6494] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8)
[  117.523700][ T6494] BTRFS info (device loop2): use lzo compression, level 0
[  117.542497][ T6494] BTRFS info (device loop2): using free space tree
[  117.684496][ T6494] BTRFS info (device loop2): enabling ssd optimizations
[  117.723069][ T6494] BTRFS info (device loop2): auto enabling async discard
[  118.329611][   T55] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000006c: -71
[  118.469394][   T55] smsc95xx: probe of 1-1:0.67 failed with error -71
[  118.828169][   T55] usb 1-1: USB disconnect, device number 4
[  119.053411][ T5795] BTRFS info (device loop2): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[  119.353325][ T6546] netlink: 8 bytes leftover after parsing attributes in process `syz.0.129'.
[  119.374004][   T27] audit: type=1326 audit(1753121360.740:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  119.376627][ T6546] netlink: 8 bytes leftover after parsing attributes in process `syz.0.129'.
[  119.420133][ T5876] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  119.477918][ T6546] team0: entered promiscuous mode
[  119.483267][   T27] audit: type=1326 audit(1753121360.780:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  119.496153][ T6546] team_slave_0: entered promiscuous mode
[  119.545056][ T6546] team_slave_1: entered promiscuous mode
[  119.568868][   T27] audit: type=1326 audit(1753121360.790:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  119.574452][ T6546] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  119.635289][   T27] audit: type=1326 audit(1753121360.790:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  119.702454][ T5876] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.728842][   T27] audit: type=1326 audit(1753121360.790:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  119.751639][   T55] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  119.764118][ T5876] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  119.786956][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.815770][ T5876] usb 5-1: config 0 descriptor??
[  119.830899][   T27] audit: type=1326 audit(1753121360.790:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  119.882727][ T5876] pwc: Askey VC010 type 2 USB webcam detected.
[  119.892115][   T27] audit: type=1326 audit(1753121360.790:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  119.943753][ T6558] loop0: detected capacity change from 0 to 512
[  119.978145][   T27] audit: type=1326 audit(1753121360.790:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  120.000600][   T55] usb 3-1: Using ep0 maxpacket: 32
[  120.038814][   T55] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  120.084828][   T55] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  120.118090][ T6558] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.130: casefold flag without casefold feature
[  120.157768][ T5876] pwc: send_video_command error -71
[  120.177110][   T27] audit: type=1326 audit(1753121360.790:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  120.246263][ T5876] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  120.246648][ T5876] Philips webcam: probe of 5-1:0.0 failed with error -71
[  120.272996][   T55] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  120.332620][ T6558] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.130: couldn't read orphan inode 15 (err -117)
[  120.569776][   T27] audit: type=1326 audit(1753121360.790:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6548 comm="syz.2.127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa4fdb8e9a9 code=0x7ffc0000
[  120.637884][ T5876] usb 5-1: USB disconnect, device number 2
[  120.652340][ T6558] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.722587][   T55] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  120.849365][   T55] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  121.015719][   T55] usb 3-1: Product: syz
[  121.076470][   T55] usb 3-1: Manufacturer: syz
[  121.081134][   T55] usb 3-1: SerialNumber: syz
[  121.179831][   T55] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input7
[  121.271216][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.556423][ T5876] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  121.824157][ T5876] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  122.120863][ T5876] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  122.130349][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.182038][ T5876] usb 5-1: config 0 descriptor??
[  122.199985][ T5858] usb 3-1: USB disconnect, device number 3
[  122.352917][ T5858] appletouch 3-1:1.0: input: appletouch disconnected
[  122.489850][ T5876] usb 5-1: can't set config #0, error -71
[  122.499683][ T5876] usb 5-1: USB disconnect, device number 3
[  123.330373][ T5798] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11
[  124.583774][ T6602] syzkaller0: entered promiscuous mode
[  124.607489][ T6602] syzkaller0: entered allmulticast mode
[  124.996634][   T28] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  125.256897][   T28] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  125.355290][   T28] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  125.623708][   T28] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  125.634586][   T28] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  125.661076][   T28] usb 5-1: SerialNumber: syz
[  125.966844][   T28] usb 5-1: 0:2 : does not exist
[  126.126985][   T28] usb 5-1: USB disconnect, device number 4
[  126.739959][ T6492] udevd[6492]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  128.362595][   T55] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  128.561559][   T55] usb 2-1: Using ep0 maxpacket: 16
[  128.578793][   T55] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  128.590487][   T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.607327][   T55] usb 2-1: config 0 descriptor??
[  128.633461][   T55] gspca_main: sonixj-2.14.0 probing 0471:0327
[  131.338121][ T6654] loop2: detected capacity change from 0 to 40427
[  133.305173][ T6653] sched: RT throttling activated
[  133.318137][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  133.324458][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  133.854634][ T6654] F2FS-fs (loop2): Image doesn't support compression
[  133.870750][ T6654] F2FS-fs (loop2): invalid crc value
[  133.876408][ T6654] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-4)
[  134.104120][   T55] gspca_sonixj: reg_r err -71
[  134.109138][   T55] sonixj: probe of 2-1:0.0 failed with error -71
[  134.120107][   T55] usb 2-1: USB disconnect, device number 5
[  134.575239][ T6672] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  134.603631][ T6672] CIFS mount error: No usable UNC path provided in device string!
[  134.603631][ T6672] 
[  134.614507][ T6672] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  134.806153][ T6668] process 'syz.1.155' launched './file0' with NULL argv: empty string added
[  136.696125][ T6692] loop4: detected capacity change from 0 to 512
[  136.778827][ T6692] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  136.866866][ T6692] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e02c, mo2=0002]
[  136.934235][ T6692] System zones: 1-12
[  136.946800][ T6692] EXT4-fs (loop4): orphan cleanup on readonly fs
[  136.991717][ T6692] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.159: bg 0: block 361: padding at end of block bitmap is not set
[  137.017993][ T6692] EXT4-fs (loop4): Remounting filesystem read-only
[  137.096736][ T6692] EXT4-fs (loop4): 1 truncate cleaned up
[  137.103784][ T6692] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  137.297940][ T6692] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  138.046952][ T6692] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  138.065122][ T6692] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  138.178223][ T6692] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  138.328477][ T6709] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  138.608734][ T6712] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  138.805164][ T6692] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  139.083663][ T6692] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  139.267306][ T6709] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  139.439833][ T6692] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.159: error -117 reading directory block
[  139.565589][ T6232] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  142.034824][ T6740] loop1: detected capacity change from 0 to 512
[  142.052099][ T6740] ext4: Unknown parameter 'fsuuid'
[  143.369629][ T6756] netlink: 'syz.4.172': attribute type 10 has an invalid length.
[  143.431744][ T6756] 8021q: adding VLAN 0 to HW filter on device team0
[  143.453531][ T6756] bond0: (slave team0): Enslaving as an active interface with an up link
[  143.518760][ T5798] Bluetooth: Wrong link type (-57)
[  143.700210][   T28] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  144.057763][   T28] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  144.171896][   T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.202874][   T28] usb 2-1: Product: syz
[  144.226728][   T28] usb 2-1: Manufacturer: syz
[  144.288369][   T28] usb 2-1: SerialNumber: syz
[  144.492589][ T6770] loop2: detected capacity change from 0 to 16
[  144.511052][   T28] usb 2-1: config 0 descriptor??
[  144.517693][ T6770] erofs: (device loop2): mounted with root inode @ nid 36.
[  144.535319][ T6770] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36
[  144.586524][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36
[  144.597626][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36
[  144.608480][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 42 @ nid 36
[  144.617989][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36
[  144.628537][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 41 @ nid 36
[  144.637799][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 774 @ lcn 40 of nid 36
[  144.648317][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 40 @ nid 36
[  144.657767][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 39 @ nid 36
[  144.666970][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 38 @ nid 36
[  144.676427][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 36 @ nid 36
[  144.685670][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1468 @ lcn 31 of nid 36
[  144.696401][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 31 @ nid 36
[  144.705793][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 25 @ nid 36
[  144.714981][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 24 @ nid 36
[  144.724243][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 19 @ nid 36
[  144.733990][ T6773] syz.2.175: attempt to access beyond end of device
[  144.733990][ T6773] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16
[  144.748106][ T6773] syz.2.175: attempt to access beyond end of device
[  144.748106][ T6773] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  144.762394][ T6773] syz.2.175: attempt to access beyond end of device
[  144.762394][ T6773] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  144.777949][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 87 @ nid 36
[  144.787122][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 86 @ nid 36
[  144.796564][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 363 @ lcn 82 of nid 36
[  144.807255][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 83 @ nid 36
[  144.816418][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 363 @ lcn 82 of nid 36
[  144.827306][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 82 @ nid 36
[  144.836570][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 79 @ nid 36
[  144.845763][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 78 @ nid 36
[  144.854926][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1485 @ lcn 75 of nid 36
[  144.865664][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 76 @ nid 36
[  144.874830][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1485 @ lcn 75 of nid 36
[  144.885486][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 75 @ nid 36
[  144.894693][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 74 @ nid 36
[  144.903872][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 72 @ nid 36
[  144.913282][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 71 @ nid 36
[  144.922448][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 70 @ nid 36
[  144.931859][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 63 @ nid 36
[  144.941105][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 61 @ nid 36
[  144.950308][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1024 @ lcn 58 of nid 36
[  144.960941][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 59 @ nid 36
[  144.970103][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1024 @ lcn 58 of nid 36
[  144.980737][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 58 @ nid 36
[  144.989920][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 56 @ nid 36
[  144.999176][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36
[  145.009921][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 47 @ nid 36
[  145.019073][ T6773] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1586 @ lcn 46 of nid 36
[  145.029670][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 46 @ nid 36
[  145.038817][ T6773] erofs: (device loop2): z_erofs_readahead: readahead error at folio 45 @ nid 36
[  145.048269][ T6773] syz.2.175: attempt to access beyond end of device
[  145.048269][ T6773] loop2: rw=524288, sector=32, nr_sectors = 64 limit=16
[  145.062004][ T6773] syz.2.175: attempt to access beyond end of device
[  145.062004][ T6773] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16
[  145.075738][ T6773] syz.2.175: attempt to access beyond end of device
[  145.075738][ T6773] loop2: rw=524288, sector=14425508768, nr_sectors = 8 limit=16
[  145.470284][ T6770] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -3 in[47, 4049] out[5297]
[  145.483173][ T6770] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 43 of nid 36
[  145.595803][   T28] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  146.156194][   T27] kauditd_printk_skb: 49 callbacks suppressed
[  146.156212][   T27] audit: type=1804 audit(1753121387.530:65): pid=6783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.179" name="/newroot/13/file1" dev="fuse" ino=1 res=1 errno=0
[  146.254007][   T27] audit: type=1800 audit(1753121387.540:66): pid=6783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.179" name="/" dev="fuse" ino=1 res=0 errno=0
[  146.422363][   T27] audit: type=1804 audit(1753121387.550:67): pid=6782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.179" name="/newroot/13/file1" dev="fuse" ino=1 res=1 errno=0
[  146.546986][   T27] audit: type=1804 audit(1753121387.550:68): pid=6782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.179" name="/newroot/13/file1" dev="fuse" ino=1 res=1 errno=0
[  146.576583][   T27] audit: type=1800 audit(1753121387.550:69): pid=6782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.179" name="/" dev="fuse" ino=1 res=0 errno=0
[  147.030360][   T28] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71
[  147.084558][   T28] usb 2-1: USB disconnect, device number 6
[  151.760847][ T6851] loop4: detected capacity change from 0 to 2048
[  151.872194][ T6851]  loop4: p1 < > p3
[  151.921360][ T6851] loop4: p3 size 134217728 extends beyond EOD, truncated
[  152.322030][ T6851] kvm: emulating exchange as write
[  153.407662][ T6882] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  154.211759][ T6884] netlink: 'syz.1.197': attribute type 1 has an invalid length.
[  154.509869][ T5798] Bluetooth: hci3: command 0x0406 tx timeout
[  154.618951][ T6884] 8021q: adding VLAN 0 to HW filter on device bond1
[  154.736064][ T6888] 8021q: adding VLAN 0 to HW filter on device bond1
[  154.800253][ T6888] bond1: (slave ipip0): The slave device specified does not support setting the MAC address
[  154.878527][ T6888] bond1: (slave ipip0): Error -95 calling set_mac_address
[  156.588421][ T6900] loop2: detected capacity change from 0 to 512
[  156.634958][ T6915] loop1: detected capacity change from 0 to 128
[  156.724512][ T6915] FAT-fs (loop1): Directory bread(block 414) failed
[  156.746439][ T5912] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  156.786509][ T6900] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  156.796616][ T6900] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  156.819970][ T6915] FAT-fs (loop1): Directory bread(block 415) failed
[  156.886535][ T6915] FAT-fs (loop1): Directory bread(block 416) failed
[  156.924041][ T6915] FAT-fs (loop1): Directory bread(block 417) failed
[  156.948072][ T6917] loop4: detected capacity change from 0 to 512
[  156.980191][ T6915] FAT-fs (loop1): Directory bread(block 418) failed
[  157.006524][ T6900] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  157.014548][ T6900] [EXT4 FS bs=4096, gc=2, bpg=35, ipg=32, mo=e040e01c, mo2=0000]
[  157.022426][ T6900] EXT4-fs (loop2): failed to initialize system zone (-117)
[  157.029729][ T6900] EXT4-fs (loop2): mount failed
[  157.045301][ T5912] usb 1-1: Using ep0 maxpacket: 32
[  157.063391][ T6915] FAT-fs (loop1): Directory bread(block 419) failed
[  157.093416][ T5912] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  157.111550][ T6917] EXT4-fs warning (device loop4): ext4_multi_mount_protect:329: MMP interval 2680 higher than expected, please wait.
[  157.111550][ T6917] 
[  157.151463][ T6915] FAT-fs (loop1): Directory bread(block 420) failed
[  157.168552][ T5912] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  157.198933][ T6915] FAT-fs (loop1): Directory bread(block 421) failed
[  157.227331][ T6917] EXT4-fs warning (device loop4): ext4_multi_mount_protect:332: MMP startup interrupted, failing mount
[  157.227331][ T6917] 
[  157.244634][ T5912] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.519055][ T5912] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 81
[  157.532170][ T5912] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  157.542506][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.664741][ T6924] FAT-fs (loop1): Directory bread(block 414) failed
[  157.672857][ T6924] FAT-fs (loop1): Directory bread(block 415) failed
[  157.725495][ T6924] syz.1.202: attempt to access beyond end of device
[  157.725495][ T6924] loop1: rw=3, sector=478, nr_sectors = 2 limit=128
[  157.740288][ T6924] syz.1.202: attempt to access beyond end of device
[  157.740288][ T6924] loop1: rw=2051, sector=480, nr_sectors = 6 limit=128
[  157.814651][ T5912] usb 1-1: config 0 descriptor??
[  158.746793][ T6938] netlink: 'syz.2.204': attribute type 3 has an invalid length.
[  159.655296][ T6937] loop1: detected capacity change from 0 to 32768
[  159.662514][ T6937] XFS: ikeep mount option is deprecated.
[  159.994985][ T6937] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.222834][ T6937] XFS (loop1): Ending clean mount
[  160.237654][ T6937] XFS (loop1): Quotacheck needed: Please wait.
[  160.344365][    T8] usb 1-1: USB disconnect, device number 5
[  160.405084][ T6937] XFS (loop1): Quotacheck: Done.
[  162.222859][ T5792] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  162.869693][ T6979] netlink: 4 bytes leftover after parsing attributes in process `syz.4.212'.
[  164.387196][ T7002] loop1: detected capacity change from 0 to 40427
[  164.406489][ T7002] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  164.414357][ T7002] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  164.426928][ T7002] F2FS-fs (loop1): invalid crc value
[  164.463547][ T7002] F2FS-fs (loop1): Found nat_bits in checkpoint
[  164.524422][ T7002] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  164.531685][ T7002] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  166.178049][ T7022] loop2: detected capacity change from 0 to 32768
[  166.185723][ T7022] XFS: ikeep mount option is deprecated.
[  166.248936][ T7022] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.513688][ T7022] XFS (loop2): Ending clean mount
[  166.526202][ T7022] XFS (loop2): Quotacheck needed: Please wait.
[  166.655556][ T7022] XFS (loop2): Quotacheck: Done.
[  168.077729][ T5795] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  168.210748][ T7054] loop4: detected capacity change from 0 to 8192
[  168.376478][ T5830] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  168.583533][ T5830] usb 2-1: config 0 has no interfaces?
[  168.800266][ T5830] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  169.002301][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.017688][ T5830] usb 2-1: Product: syz
[  169.029147][ T5830] usb 2-1: Manufacturer: syz
[  169.053416][ T5830] usb 2-1: SerialNumber: syz
[  169.861980][ T5830] usb 2-1: config 0 descriptor??
[  171.074385][ T7095] binder: 7094:7095 ioctl c0306201 2000000003c0 returned -14
[  171.356430][   T55] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  171.766412][   T55] usb 3-1: Using ep0 maxpacket: 32
[  171.774167][   T55] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  172.435929][   T55] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  172.531642][   T55] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  172.556373][   T55] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  172.600208][   T55] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.628460][ T7110] loop4: detected capacity change from 0 to 512
[  172.647314][   T55] usb 3-1: config 0 descriptor??
[  172.676430][ T7110] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  172.736392][ T7110] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  172.919250][    T8] usb 2-1: USB disconnect, device number 7
[  172.995132][ T7110] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  173.032897][ T7110] EXT4-fs (loop4): 1 truncate cleaned up
[  173.105816][ T7110] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.308492][ T5798] Bluetooth: hci1: command tx timeout
[  173.620961][   T55] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0001/input/input8
[  173.660433][ T7119] loop1: detected capacity change from 0 to 164
[  173.760312][ T7119] isofs_fill_super: bread failed, dev=loop1, iso_blknum=41, block=164
[  173.963943][   T55] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0001/input/input9
[  174.554920][   T55] kye 0003:0458:5011.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5011] on usb-dummy_hcd.2-1/input0
[  174.661269][ T6232] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.801518][   T55] usb 3-1: USB disconnect, device number 4
[  174.956133][ T7131] fido_id[7131]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  175.203857][ T7139] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  175.696528][ T5798] Bluetooth: hci1: command tx timeout
[  176.172949][ T7141] kvm: pic: non byte read
[  180.505093][ T7178] loop4: detected capacity change from 0 to 40427
[  180.522737][ T7178] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  180.546104][ T7178] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  180.571289][   T27] audit: type=1326 audit(1753121421.950:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7191 comm="syz.0.262" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b61d8e9a9 code=0x0
[  180.632850][ T7178] F2FS-fs (loop4): invalid crc value
[  180.741603][ T7178] F2FS-fs (loop4): Found nat_bits in checkpoint
[  181.691228][ T7178] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  181.730871][ T7178] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  182.249051][   T28] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  182.660025][ T7190] syz.2.254 (7190) used greatest stack depth: 20200 bytes left
[  182.913293][   T28] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.929318][   T28] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  182.960557][   T28] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  182.998336][   T28] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  183.026505][   T28] usb 1-1: SerialNumber: syz
[  183.601882][   T28] usb 1-1: 0:2 : does not exist
[  183.631868][   T28] usb 1-1: unit 255 not found!
[  183.717345][   T28] usb 1-1: 5:0: cannot get min/max values for control 1 (id 5)
[  183.802138][   T28] usb 1-1: 5:0: cannot get min/max values for control 2 (id 5)
[  183.814425][ T7222] loop2: detected capacity change from 0 to 8
[  183.825165][   T28] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5)
[  183.837929][ T7222] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  183.855603][ T5805] udevd[5805]: incorrect cramfs checksum on /dev/loop2
[  183.888611][   T28] usb 1-1: USB disconnect, device number 6
[  184.000239][ T7225] cramfs: Error -5 while decompressing!
[  184.006370][ T7225] cramfs: ffffffff96fd7308(26)->ffff88805b2ad000(4096)
[  184.013604][ T7225] cramfs: Error -3 while decompressing!
[  184.019298][ T7225] cramfs: ffffffff96fd7322(26)->ffff88805b2af000(4096)
[  184.028667][ T7225] cramfs: Error -3 while decompressing!
[  184.034309][ T7225] cramfs: ffffffff96fd733c(16)->ffff88806b330000(4096)
[  184.042014][ T7225] cramfs: Error -5 while decompressing!
[  184.047678][ T7225] cramfs: ffffffff96fd7308(26)->ffff88805b2ad000(4096)
[  184.850538][ T6492] udevd[6492]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  185.273784][ T7228] tipc: Started in network mode
[  185.326498][ T7228] tipc: Node identity 66f402fd2444, cluster identity 4711
[  185.334464][ T7228] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  185.380345][ T7232] syzkaller0: entered promiscuous mode
[  185.385893][ T7232] syzkaller0: entered allmulticast mode
[  186.307211][ T7237] loop2: detected capacity change from 0 to 32768
[  186.317355][ T7240] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  186.367768][ T7228] tipc: Resetting bearer <eth:syzkaller0>
[  186.406632][ T7237] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.268 (7237)
[  186.434514][ T7237] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  186.445027][ T7237] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  186.455073][ T7237] BTRFS info (device loop2): turning on sync discard
[  186.461862][ T7237] BTRFS info (device loop2): setting nodatacow, compression disabled
[  186.470129][ T7237] BTRFS info (device loop2): turning off barriers
[  186.477003][ T7237] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  186.488115][ T7237] BTRFS info (device loop2): trying to use backup root at mount time
[  186.496448][ T7237] BTRFS info (device loop2): metadata ratio 3
[  186.502542][ T7237] BTRFS info (device loop2): enabling auto defrag
[  186.509308][ T7237] BTRFS info (device loop2): max_inline at 0
[  186.515322][ T7237] BTRFS info (device loop2): using free space tree
[  186.522944][   T55] tipc: Node number set to 1118831357
[  186.618776][ T2967] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  186.625917][ T7227] tipc: Resetting bearer <eth:syzkaller0>
[  186.639662][ T7237] BTRFS error (device loop2): failed to load root extent
[  186.647009][ T7237] BTRFS warning (device loop2): try to load backup roots slot 1
[  186.661112][ T2967] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  186.683309][ T7237] BTRFS warning (device loop2): couldn't read tree root
[  186.690952][ T7237] BTRFS warning (device loop2): try to load backup roots slot 2
[  186.699345][ T2967] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  186.727143][ T7237] BTRFS warning (device loop2): couldn't read tree root
[  186.734186][ T7237] BTRFS warning (device loop2): try to load backup roots slot 3
[  186.767322][ T7227] tipc: Disabling bearer <eth:syzkaller0>
[  186.781575][ T7237] BTRFS info (device loop2): enabling ssd optimizations
[  186.790174][ T7237] BTRFS info (device loop2): rebuilding free space tree
[  186.833201][ T7237] BTRFS info (device loop2): checking UUID tree
[  187.133471][ T7269] netlink: 'syz.4.272': attribute type 1 has an invalid length.
[  187.203168][ T5795] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  187.249161][ T7269] 8021q: adding VLAN 0 to HW filter on device bond1
[  187.303373][ T7271] bond1: (slave geneve2): making interface the new active one
[  187.374546][ T7271] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  187.502946][ T7274] bond1: entered promiscuous mode
[  187.569589][ T6492] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop2 scanned by udevd (6492)
[  187.577256][ T7274] geneve2: entered promiscuous mode
[  187.775840][ T7280] kvm: kvm [7279]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x80
[  188.033346][ T7287] loop4: detected capacity change from 0 to 1024
[  188.125392][ T7287] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.288970][ T7287] netlink: 4 bytes leftover after parsing attributes in process `syz.4.278'.
[  188.496081][ T6232] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.051461][ T7299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.280'.
[  189.898022][ T7309] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  190.621271][ T7318] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  190.653367][ T7318] syzkaller0: entered promiscuous mode
[  190.659671][ T7318] syzkaller0: entered allmulticast mode
[  190.710525][ T7318] tipc: Resetting bearer <eth:syzkaller0>
[  190.722563][ T7312] tipc: Resetting bearer <eth:syzkaller0>
[  190.937513][ T7312] tipc: Disabling bearer <eth:syzkaller0>
[  191.804729][ T5798] Bluetooth: hci3: command 0x0406 tx timeout
[  191.811063][ T5798] Bluetooth: hci2: command 0x0406 tx timeout
[  193.872752][   T27] audit: type=1326 audit(1753121435.240:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2333f8e9a9 code=0x7ffc0000
[  193.942682][   T27] audit: type=1326 audit(1753121435.240:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2333f8e9a9 code=0x7ffc0000
[  194.046133][   T27] audit: type=1326 audit(1753121435.270:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2333f2ab89 code=0x7ffc0000
[  194.464545][   T27] audit: type=1326 audit(1753121435.270:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2333f8e9a9 code=0x7ffc0000
[  194.529738][   T27] audit: type=1326 audit(1753121435.270:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2333f2ab89 code=0x7ffc0000
[  194.619933][   T27] audit: type=1326 audit(1753121435.270:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2333f2ab89 code=0x7ffc0000
[  194.662810][   T27] audit: type=1326 audit(1753121435.270:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2333f2ab89 code=0x7ffc0000
[  194.697143][   T27] audit: type=1326 audit(1753121435.280:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2333f2ab89 code=0x7ffc0000
[  194.740348][   T27] audit: type=1326 audit(1753121435.290:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2333f2ab89 code=0x7ffc0000
[  194.769895][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  194.779531][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  194.790666][   T27] audit: type=1326 audit(1753121435.290:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.4.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2333f2ab89 code=0x7ffc0000
[  199.497302][ T7387] dvmrp8: entered allmulticast mode
[  200.220909][ T5793] Bluetooth: hci2: unexpected event for opcode 0x0804
[  200.228442][ T5793] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  200.234584][   T27] kauditd_printk_skb: 106 callbacks suppressed
[  200.234601][   T27] audit: type=1326 audit(1753121441.610:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.2.306" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa4fdb8e9a9 code=0x0
[  201.933936][ T7405] tipc: Started in network mode
[  201.939217][ T7405] tipc: Node identity 7, cluster identity 4711
[  201.945898][ T7405] tipc: Node number set to 7
[  202.039469][ T5876] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  202.151746][ T5876] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  202.281940][ T5876] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  202.670453][ T5876] hid-generic 0003:0004:0000.0002: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  203.203205][ T7417] netlink: 'syz.2.314': attribute type 3 has an invalid length.
[  203.211719][ T7417] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.314'.
[  203.439093][ T7419] fido_id[7419]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  203.443176][ T7422] netlink: 'syz.4.316': attribute type 10 has an invalid length.
[  203.658620][ T7422] syz_tun: entered promiscuous mode
[  203.714641][ T7422] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  204.280303][ T5793] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  204.290662][ T5793] Bluetooth: hci2: Injecting HCI hardware error event
[  204.301139][ T5797] Bluetooth: hci2: hardware error 0x00
[  205.465931][ T7448] loop2: detected capacity change from 0 to 4096
[  206.618370][ T5797] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  208.332535][ T7484] dummy0 speed is unknown, defaulting to 1000
[  208.369780][ T7484] dummy0 speed is unknown, defaulting to 1000
[  208.746639][ T5797] Bluetooth: hci2: Opcode 0x206c failed: -110
[  209.164013][ T7484] dummy0 speed is unknown, defaulting to 1000
[  209.172962][ T7481] kvm: kvm [7480]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xd11b
[  209.211764][ T7484] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  209.274082][ T7484] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  209.369604][ T7484] dummy0 speed is unknown, defaulting to 1000
[  209.391233][ T7484] dummy0 speed is unknown, defaulting to 1000
[  209.401945][ T7484] dummy0 speed is unknown, defaulting to 1000
[  209.410412][ T7484] dummy0 speed is unknown, defaulting to 1000
[  209.740337][ T5858] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  210.494819][ T7497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.336'.
[  210.646338][ T5858] usb 5-1: Using ep0 maxpacket: 8
[  210.657893][ T5858] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  210.710617][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.722104][ T7507] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  210.728650][ T7507] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  210.739649][ T7507] vhci_hcd vhci_hcd.0: Device attached
[  210.800192][ T5858] usb 5-1: Product: syz
[  210.804516][ T5858] usb 5-1: Manufacturer: syz
[  210.809275][ T5858] usb 5-1: SerialNumber: syz
[  210.819519][ T5858] usb 5-1: config 0 descriptor??
[  210.837548][ T5797] Bluetooth: hci2: Opcode 0x2046 failed: -110
[  210.848476][ T5858] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  210.857404][ T5858] usb 5-1: setting power ON
[  210.862650][ T5858] dvb-usb: bulk message failed: -22 (2/0)
[  210.875658][ T5858] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  210.886113][ T5858] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  210.895325][ T5858] usb 5-1: media controller created
[  210.917732][ T5858] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  210.941286][ T5858] usb 5-1: selecting invalid altsetting 6
[  210.948077][ T5858] usb 5-1: digital interface selection failed (-22)
[  210.954922][ T5858] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  210.964775][ T5858] usb 5-1: setting power OFF
[  210.970194][ T5858] dvb-usb: bulk message failed: -22 (2/0)
[  210.978196][ T5858] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  210.987728][ T5858] (NULL device *): no alternate interface
[  211.016509][ T5830] usb 37-1: new high-speed USB device number 2 using vhci_hcd
[  211.017511][ T5858] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  212.104331][ T7508] vhci_hcd: connection reset by peer
[  212.113150][   T59] vhci_hcd: stop threads
[  212.121653][   T59] vhci_hcd: release socket
[  212.129226][   T59] vhci_hcd: disconnect device
[  213.567428][ T5912] usb 5-1: USB disconnect, device number 5
[  213.938407][ T7517] loop2: detected capacity change from 0 to 16
[  213.975420][ T7517] erofs: Unknown parameter 'ÿÿÿÿvΡeçú1ûì'
[  214.813393][ T7524] loop4: detected capacity change from 0 to 32768
[  214.837618][ T7524] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9
[  215.206064][ T7517] loop2: detected capacity change from 0 to 4096
[  215.219109][ T7528] tipc: Started in network mode
[  215.248355][ T5805] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9
[  215.287737][ T7517] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.341: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0)
[  215.343795][ T7528] tipc: Node identity da22829e6872, cluster identity 4711
[  215.382874][ T7528] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  215.413049][ T7517] EXT4-fs (loop2): get root inode failed
[  215.436535][ T7533] syzkaller0: entered promiscuous mode
[  215.442064][ T7533] syzkaller0: entered allmulticast mode
[  215.457307][ T7517] EXT4-fs (loop2): mount failed
[  215.665778][ T7527] tipc: Resetting bearer <eth:syzkaller0>
[  216.218560][ T7527] tipc: Disabling bearer <eth:syzkaller0>
[  216.516764][ T5830] vhci_hcd: vhci_device speed not set
[  216.609625][ T7550] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  219.031386][ T7567] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  221.322522][ T7600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.366'.
[  221.361727][ T7600] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.371206][ T7600] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.084310][ T7625] netlink: 892 bytes leftover after parsing attributes in process `syz.2.370'.
[  228.111620][ T7655] netlink: 12 bytes leftover after parsing attributes in process `syz.2.378'.
[  228.121778][ T7655] netlink: 12 bytes leftover after parsing attributes in process `syz.2.378'.
[  228.267270][ T7653] netlink: 4 bytes leftover after parsing attributes in process `syz.4.374'.
[  230.591791][ T7677] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  230.600102][ T7664] kvm: kvm [7660]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x80
[  230.613128][ T7678] loop2: detected capacity change from 0 to 1024
[  231.239397][ T7686] loop4: detected capacity change from 0 to 4096
[  233.237971][ T7698] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  233.315602][ T7698] syzkaller0: entered promiscuous mode
[  233.321998][ T7698] syzkaller0: entered allmulticast mode
[  233.739153][ T7698] tipc: Resetting bearer <eth:syzkaller0>
[  233.751677][ T7696] tipc: Resetting bearer <eth:syzkaller0>
[  233.777271][ T7696] tipc: Disabling bearer <eth:syzkaller0>
[  233.787181][ T5876] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  233.904023][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.393'.
[  233.920370][ T7706] batadv0: entered promiscuous mode
[  233.927609][ T7706] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  233.954979][ T7706] batadv0: left promiscuous mode
[  234.043198][ T5876] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  234.064313][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.073184][ T5876] usb 5-1: Product: syz
[  234.078367][ T5876] usb 5-1: Manufacturer: syz
[  234.083010][ T5876] usb 5-1: SerialNumber: syz
[  234.112644][ T5876] usb 5-1: config 0 descriptor??
[  234.349637][ T5876] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  236.158121][ T5876] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71
[  236.169959][ T5876] usb 5-1: USB disconnect, device number 6
[  238.017843][ T7740] syz.0.401[7740] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.018194][ T7740] syz.0.401[7740] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  244.062811][   T27] audit: type=1800 audit(1753121485.430:188): pid=7778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.412" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  247.256781][ T7811] xt_policy: output policy not valid in PREROUTING and INPUT
[  251.593927][ T5912] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  252.357206][ T5912] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  252.391990][ T5912] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  252.431682][ T5912] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  252.448787][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  252.457970][ T5912] usb 3-1: SerialNumber: syz
[  252.736698][ T5858] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  252.970312][ T5912] usb 3-1: 0:2 : does not exist
[  253.039564][ T5858] usb 5-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  253.173738][ T5858] usb 5-1: config 0 interface 0 has no altsetting 0
[  253.188797][ T5912] usb 3-1: USB disconnect, device number 5
[  253.199269][ T5858] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  253.209254][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  253.594862][ T5858] usb 5-1: Product: syz
[  253.696947][ T5858] usb 5-1: Manufacturer: syz
[  253.778410][ T6492] udevd[6492]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  253.799270][ T5858] usb 5-1: SerialNumber: syz
[  253.912164][ T5858] usb 5-1: config 0 descriptor??
[  254.016921][ T7864] netlink: 4 bytes leftover after parsing attributes in process `syz.1.438'.
[  254.059044][ T7864] ip6gretap0: entered promiscuous mode
[  254.079692][ T7864] macvtap1: entered promiscuous mode
[  254.090567][ T7864] macvtap1: entered allmulticast mode
[  254.096019][ T7864] ip6gretap0: entered allmulticast mode
[  254.107594][ T5858] snd-usb-audio: probe of 5-1:0.0 failed with error -22
[  254.164986][ T6492] udevd[6492]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  256.947295][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  256.953966][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  257.073002][ T5779] usb 5-1: USB disconnect, device number 7
[  260.865097][ T7921] loop4: detected capacity change from 0 to 64
[  263.729296][ T7937] capability: warning: `syz.0.455' uses deprecated v2 capabilities in a way that may be insecure
[  265.191777][ T7949] loop4: detected capacity change from 0 to 2048
[  265.522238][ T6492] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  265.686613][ T7949] loop4: detected capacity change from 0 to 256
[  265.757285][ T7949] exfat: Unknown parameter 'ÿÿ00000000000000000000'
[  266.306925][ T7955] loop4: detected capacity change from 0 to 512
[  267.057000][ T7955] EXT4-fs error (device loop4): ext4_orphan_get:1425: comm syz.4.459: bad orphan inode 15
[  267.067836][ T7955] ext4_test_bit(bit=14, block=5) = 0
[  267.074793][ T7955] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  267.602414][ T6232] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.749942][ T7971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.463'.
[  268.929911][ T7967] netlink: 4 bytes leftover after parsing attributes in process `syz.4.462'.
[  269.516461][ T7989] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  269.523903][ T7989] overlayfs: failed to set xattr on upper
[  269.530099][ T7989] overlayfs: ...falling back to redirect_dir=nofollow.
[  269.537055][ T7989] overlayfs: ...falling back to index=off.
[  269.542868][ T7989] overlayfs: ...falling back to uuid=null.
[  269.548768][ T7989] overlayfs: maximum fs stacking depth exceeded
[  270.525568][ T7998] loop2: detected capacity change from 0 to 512
[  270.587679][ T7998] EXT4-fs: Ignoring removed bh option
[  270.619161][ T7998] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  271.363495][ T7998] EXT4-fs (loop2): 1 truncate cleaned up
[  271.395519][ T7998] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  273.847747][ T8008] kernel profiling enabled (shift: 9)
[  273.894664][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.688024][ T8067] syz.2.486: attempt to access beyond end of device
[  281.688024][ T8067] nbd2: rw=4096, sector=128, nr_sectors = 8 limit=0
[  281.701858][ T8067] gfs2: error 10 reading superblock
[  284.910375][ T8060] qnx4: no qnx4 filesystem (no root dir).
[  285.227503][ T8090] netlink: 'syz.0.494': attribute type 10 has an invalid length.
[  285.318308][ T8090] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.326307][ T8090] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.074190][ T8098] tty tty3: ldisc open failed (-12), clearing slot 2
[  286.143044][ T8090] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.150419][ T8090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  286.158100][ T8090] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.165336][ T8090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  286.176866][ T8090] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  286.436632][ T8105] loop4: detected capacity change from 0 to 128
[  286.888957][ T8105] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  286.973784][ T8090] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  288.202052][ T8090] qnx6: wrong signature (magic) in superblock #1.
[  288.223426][ T8090] qnx6: unable to read the first superblock
[  288.631304][ T8109] fuse: Bad value for 'fd'
[  291.049079][ T8130] batman_adv: batadv0: Adding interface: dummy0
[  291.055482][ T8130] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  291.081397][ T8130] batman_adv: batadv0: Interface activated: dummy0
[  291.111920][ T8131] batadv0: mtu less than device minimum
[  291.119930][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.133087][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.145878][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.158385][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.170846][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.183514][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.196041][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.208624][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  291.221124][ T8131] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  293.792796][ T8149] overlay: ./file1 is not a directory
[  296.984050][ T8183] netlink: 12 bytes leftover after parsing attributes in process `syz.4.519'.
[  297.039035][ T8183] vlan2: entered promiscuous mode
[  297.044123][ T8183] batadv0: entered promiscuous mode
[  297.087627][ T8183] team0: Device vlan2 is up. Set it down before adding it as a team port
[  298.401298][ T8192] 9pnet: Unknown protocol version 9p200
[  298.955821][ T8201] syz.0.523: attempt to access beyond end of device
[  298.955821][ T8201] nbd0: rw=4096, sector=128, nr_sectors = 8 limit=0
[  298.969397][ T8201] gfs2: error 10 reading superblock
[  299.573970][ T8203] loop2: detected capacity change from 0 to 16
[  300.051450][ T8203] erofs: (device loop2): mounted with root inode @ nid 36.
[  300.169680][ T8212] syz.1.527: attempt to access beyond end of device
[  300.169680][ T8212] loop3: rw=0, sector=0, nr_sectors = 8 limit=0
[  300.373980][ T8212] F2FS-fs (loop3): Unable to read 1th superblock
[  300.381691][ T8212] syz.1.527: attempt to access beyond end of device
[  300.381691][ T8212] loop3: rw=0, sector=8, nr_sectors = 8 limit=0
[  300.452602][ T8215] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  301.105064][ T8212] F2FS-fs (loop3): Unable to read 2th superblock
[  302.578051][ T8232] netlink: 'syz.1.533': attribute type 2 has an invalid length.
[  304.044035][ T5797] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  304.053290][ T5797] Bluetooth: hci1: Injecting HCI hardware error event
[  304.063918][ T5797] Bluetooth: hci1: hardware error 0x00
[  306.361194][ T5797] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  308.594363][ T8273] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  309.663701][   T27] audit: type=1326 audit(1753121551.030:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  309.693770][   T27] audit: type=1326 audit(1753121551.030:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  309.722092][   T27] audit: type=1326 audit(1753121551.030:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  309.747647][   T27] audit: type=1326 audit(1753121551.040:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  309.770723][   T27] audit: type=1326 audit(1753121551.040:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  309.793355][   T27] audit: type=1326 audit(1753121551.040:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  309.821441][   T27] audit: type=1326 audit(1753121551.040:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  309.866745][   T27] audit: type=1326 audit(1753121551.040:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[  310.053398][   T27] audit: type=1326 audit(1753121551.040:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  310.085301][   T27] audit: type=1326 audit(1753121551.040:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8278 comm="syz.1.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc22818e9a9 code=0x7ffc0000
[  311.222157][ T8277] loop4: detected capacity change from 0 to 32768
[  311.230943][ T8277] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9
[  311.392316][ T6492] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 9
[  311.654079][ T8302] loop2: detected capacity change from 0 to 128
[  312.693531][ T8302] EXT4-fs (loop2): Test dummy encryption mode enabled
[  314.009492][ T8302] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  314.024663][ T8302] ext4 filesystem being mounted at /131/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  314.837919][ T5795] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  315.318080][ T8322] loop4: detected capacity change from 0 to 512
[  317.656636][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  317.663024][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  318.555689][ T8325] loop2: detected capacity change from 0 to 8192
[  319.647514][ T5912] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  320.122259][ T8322] EXT4-fs: error -4 creating inode table initialization thread
[  320.184615][ T8322] EXT4-fs (loop4): mount failed
[  321.480393][ T8344] loop2: detected capacity change from 0 to 512
[  321.613932][ T8344] ext4: Unknown parameter 'func'
[  321.675942][ T6492] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  324.664233][ T8353] sctp: [Deprecated]: syz.4.563 (pid 8353) Use of int in max_burst socket option.
[  324.664233][ T8353] Use struct sctp_assoc_value instead
[  325.908576][ T8364] loop2: detected capacity change from 0 to 128
[  326.051404][ T8364] EXT4-fs: Ignoring removed nomblk_io_submit option
[  326.125124][ T8364] EXT4-fs: Ignoring removed nomblk_io_submit option
[  326.195619][ T8364] EXT4-fs (loop2): Test dummy encryption mode enabled
[  326.233588][ T8364] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  326.276778][ T8364] ext4 filesystem being mounted at /134/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  329.830513][ T8371] loop4: detected capacity change from 0 to 64
[  329.994127][ T5795] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  336.383588][ T8435] binder: BINDER_SET_CONTEXT_MGR already set
[  336.390501][ T8435] binder: 8431:8435 ioctl 4018620d 200000000040 returned -16
[  336.407195][ T8435] binder: 8431:8435 ioctl c0306201 200000001440 returned -11
[  337.427169][ T8443] vivid-007: =================  START STATUS  =================
[  337.437771][ T8443] vivid-007: Enable Output Cropping: true
[  337.444288][ T8443] vivid-007: Enable Output Composing: true
[  337.450667][ T8443] vivid-007: Enable Output Scaler: true
[  337.456558][ T8443] vivid-007: Tx RGB Quantization Range: Automatic
[  337.463178][ T8443] vivid-007: Transmit Mode: HDMI
[  337.468732][ T8443] vivid-007: Display Present: true inactive
[  337.474861][ T8443] vivid-007: Hotplug Present: 0x00000001
[  337.490228][ T8443] vivid-007: RxSense Present: 0x00000001
[  337.496282][ T8443] vivid-007: EDID Present: 0x00000001
[  337.502075][ T8443] vivid-007: ==================  END STATUS  ==================
[  343.308302][ T8484] capability: warning: `syz.1.596' uses 32-bit capabilities (legacy support in use)
[  347.846728][ T5830] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  348.038592][ T5830] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  348.124063][ T5830] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  348.171546][ T5830] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  348.206274][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.235883][ T5830] usb 3-1: config 0 descriptor??
[  348.252611][ T5830] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  349.196859][ T8539] loop4: detected capacity change from 0 to 512
[  349.304813][ T8539] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.409055][ T8539] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  349.698755][ T8547] netlink: 36 bytes leftover after parsing attributes in process `syz.4.612'.
[  350.824817][ T6232] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  351.071569][ T5830] usb 3-1: USB disconnect, device number 7
[  352.217914][ T8560] rtc_cmos 00:00: Alarms can be up to one day in the future
[  352.386240][ T8563] netlink: 4 bytes leftover after parsing attributes in process `syz.0.616'.
[  355.885845][ T8579] ksmbd: Unknown IPC event: 0, ignore.
[  356.664611][ T8579] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  361.032834][ T8616] can0: slcan on ttyS3.
[  361.728228][ T8616] can0 (unregistered): slcan off ttyS3.
[  365.504975][ T8652] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  366.709514][ T8666] vivid-007: =================  START STATUS  =================
[  366.709762][ T8666] vivid-007: Enable Output Cropping: true
[  366.709984][ T8666] vivid-007: Enable Output Composing: true
[  366.710122][ T8666] vivid-007: Enable Output Scaler: true
[  366.710308][ T8666] vivid-007: Tx RGB Quantization Range: Automatic
[  366.710413][ T8666] vivid-007: Transmit Mode: HDMI
[  366.710571][ T8666] vivid-007: Display Present: true inactive
[  366.710799][ T8666] vivid-007: Hotplug Present: 0x00000001
[  366.710933][ T8666] vivid-007: RxSense Present: 0x00000001
[  366.711095][ T8666] vivid-007: EDID Present: 0x00000001
[  366.711309][ T8666] vivid-007: ==================  END STATUS  ==================
[  370.774195][ T8659] affs: No valid root block on device nullb0
[  370.856721][ T8485] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  371.370810][ T8485] usb 3-1: Using ep0 maxpacket: 8
[  371.405630][ T8485] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  371.434977][ T8485] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.452392][ T8485] usb 3-1: Product: syz
[  371.460790][ T8485] usb 3-1: Manufacturer: syz
[  371.465413][ T8485] usb 3-1: SerialNumber: syz
[  372.201355][ T8485] usb 3-1: config 0 descriptor??
[  372.212909][ T8485] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  372.221671][ T8485] usb 3-1: setting power ON
[  372.226439][ T8485] dvb-usb: bulk message failed: -22 (2/0)
[  372.237598][ T8485] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  372.247810][ T8485] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  372.333976][ T8485] usb 3-1: media controller created
[  372.358425][ T8485] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  372.519982][ T8485] usb 3-1: selecting invalid altsetting 6
[  372.527897][ T8485] usb 3-1: digital interface selection failed (-22)
[  372.534532][ T8485] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  372.544346][ T8485] usb 3-1: setting power OFF
[  372.549161][ T8485] dvb-usb: bulk message failed: -22 (2/0)
[  372.554917][ T8485] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  372.724651][ T8688] ubi31: attaching mtd0
[  372.743722][ T8688] ubi31: scanning is finished
[  372.748940][ T8688] ubi31: empty MTD device detected
[  373.244113][ T8485] (NULL device *): no alternate interface
[  373.386106][ T8688] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  375.250885][ T8485] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  375.472783][ T5858] usb 3-1: USB disconnect, device number 8
[  376.871776][ T8716] netlink: 'syz.1.651': attribute type 10 has an invalid length.
[  377.024935][ T8716] team0: Device ipvlan1 failed to register rx_handler
[  377.820385][ T8712] loop2: detected capacity change from 0 to 4096
[  377.887080][ T8410] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  377.958760][ T8716] syz.1.651 (8716) used greatest stack depth: 19816 bytes left
[  379.911430][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  379.926661][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  379.962392][ T5797] Bluetooth: Wrong link type (-71)
[  382.207658][ T8748] loop2: detected capacity change from 0 to 8
[  382.214940][ T8748] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  382.261209][ T8410] udevd[8410]: incorrect cramfs checksum on /dev/loop2
[  382.788997][ T8410] udevd[8410]: incorrect cramfs checksum on /dev/loop2
[  384.085243][ T8762] loop2: detected capacity change from 0 to 1024
[  384.147056][ T8762] EXT4-fs: quotafile must be on filesystem root
[  387.667394][ T8771] netlink: 892 bytes leftover after parsing attributes in process `syz.4.667'.
[  389.829491][ T8780] netlink: 14528 bytes leftover after parsing attributes in process `syz.0.671'.
[  391.988776][ T8791] syzkaller0: entered promiscuous mode
[  391.996699][ T8791] syzkaller0: entered allmulticast mode
[  393.667366][ T8806] loop4: detected capacity change from 0 to 8
[  393.675406][ T8806] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  393.706056][ T8410] udevd[8410]: incorrect cramfs checksum on /dev/loop4
[  394.877907][ T8812] ptrace attach of "./syz-executor exec"[5795] was attempted by ""[8812]
[  395.550991][ T8814] sctp: [Deprecated]: syz.1.678 (pid 8814) Use of int in max_burst socket option deprecated.
[  395.550991][ T8814] Use struct sctp_assoc_value instead
[  397.954264][ T8825] loop2: detected capacity change from 0 to 4096
[  398.890237][ T8843] loop4: detected capacity change from 0 to 128
[  398.911383][ T8843] befs: (loop4): No write support. Marking filesystem read-only
[  400.566628][ T8844] net_ratelimit: 10 callbacks suppressed
[  400.566667][ T8844] netlink: zone id is out of range
[  400.577783][ T8844] netlink: zone id is out of range
[  400.582979][ T8844] netlink: zone id is out of range
[  400.588247][ T8844] netlink: zone id is out of range
[  400.593446][ T8844] netlink: zone id is out of range
[  400.598925][ T8844] netlink: zone id is out of range
[  400.604124][ T8844] netlink: zone id is out of range
[  400.609407][ T8844] netlink: zone id is out of range
[  400.614576][ T8844] netlink: zone id is out of range
[  400.689597][ T8825] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  400.690303][ T8825] EXT4-fs: failed to create workqueue
[  400.706910][ T8825] EXT4-fs (loop2): mount failed
[  400.712288][ T8843] befs: (loop4): invalid magic header
[  400.818800][ T8844] netlink: zone id is out of range
[  401.357146][ T8854] siw: device registration error -23
[  412.724863][ T8903] loop4: detected capacity change from 0 to 40427
[  412.771343][ T8903] F2FS-fs (loop4): Found nat_bits in checkpoint
[  412.829824][ T8903] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  413.189412][ T8915] syz.4.702: attempt to access beyond end of device
[  413.189412][ T8915] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  414.712273][ T6232] syz-executor: attempt to access beyond end of device
[  414.712273][ T6232] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  414.847044][ T6232] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  419.281548][ T8942] loop2: detected capacity change from 0 to 65
[  419.379733][ T8942] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway
[  420.758279][ T8948] loop2: detected capacity change from 0 to 128
[  420.794813][ T8948] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  420.885252][ T8948] ext4 filesystem being mounted at /166/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  422.695239][ T8961] netlink: 'syz.4.715': attribute type 10 has an invalid length.
[  422.715432][ T8961] team0: Device ipvlan1 failed to register rx_handler
[  423.030442][ T5795] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  423.300593][ T8969] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  423.307186][ T8969] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  423.315247][ T8969] vhci_hcd vhci_hcd.0: Device attached
[  423.346928][ T8969] 9pnet_fd: Insufficient options for proto=fd
[  424.656358][   T23] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[  424.668807][ T8970] vhci_hcd: connection closed
[  424.671671][ T2967] vhci_hcd: stop threads
[  424.757182][ T2967] vhci_hcd: release socket
[  424.775051][ T2967] vhci_hcd: disconnect device
[  427.053335][ T9000] loop4: detected capacity change from 0 to 40427
[  427.209024][ T9004] overlayfs: failed to clone lowerpath
[  428.759497][ T9000] F2FS-fs (loop4): invalid crc value
[  428.834978][ T9000] F2FS-fs (loop4): Found nat_bits in checkpoint
[  428.880184][ T9000] F2FS-fs (loop4): Start checkpoint disabled!
[  428.892736][ T9000] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  430.646299][   T23] vhci_hcd: vhci_device speed not set
[  431.242081][   T79] kworker/u4:5: attempt to access beyond end of device
[  431.242081][   T79] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  431.298829][   T79] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  431.348761][   T79] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  431.404170][   T79] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  432.319100][ T9034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.733'.
[  432.368711][ T9034] macvtap2: entered promiscuous mode
[  432.399397][ T9034] bridge0: entered promiscuous mode
[  432.404861][ T9034] macvtap2: entered allmulticast mode
[  432.459217][ T9034] bridge0: entered allmulticast mode
[  432.658552][ T9036] bridge0: left allmulticast mode
[  432.747048][ T9040] loop2: detected capacity change from 0 to 128
[  432.777678][ T9036] bridge0: left promiscuous mode
[  432.846988][ T9040] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  433.128510][ T9040] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  434.236508][ T9043] netlink: 'syz.0.735': attribute type 10 has an invalid length.
[  434.989685][   T79] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  438.036518][ T9073] lo speed is unknown, defaulting to 1000
[  438.042343][ T9073] lo speed is unknown, defaulting to 1000
[  438.048803][ T9073] lo speed is unknown, defaulting to 1000
[  438.060888][ T9073] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  438.264619][ T9073] lo speed is unknown, defaulting to 1000
[  438.271412][ T9073] lo speed is unknown, defaulting to 1000
[  438.277996][ T9073] lo speed is unknown, defaulting to 1000
[  438.286628][ T9073] lo speed is unknown, defaulting to 1000
[  438.883891][ T9078] batman_adv: batadv0: Interface deactivated: dummy0
[  438.898385][ T9078] batman_adv: batadv0: Removing interface: dummy0
[  438.911955][ T9078] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  438.923141][ T9078] batman_adv: batadv0: Removing interface: batadv_slave_0
[  438.977979][ T9078] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  439.001911][ T9078] batman_adv: batadv0: Removing interface: batadv_slave_1
[  439.768484][ T9088] block nbd2: shutting down sockets
[  439.792378][ T9081] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  439.837320][ T9092] kAFS: No cell specified
[  440.509067][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  440.515465][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  440.829005][ T9095] sctp: [Deprecated]: syz.0.748 (pid 9095) Use of int in max_burst socket option deprecated.
[  440.829005][ T9095] Use struct sctp_assoc_value instead
[  441.119470][ T9099] ubi0: attaching mtd0
[  441.133254][ T9099] ubi0: scanning is finished
[  442.950244][ T9099] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  442.961798][ T9099] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  442.969824][ T9099] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  442.979163][ T9099] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  442.993107][ T9099] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  443.000987][ T9099] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  443.009414][ T9099] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3284591486
[  443.029423][ T9099] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  443.045386][ T9112] ubi0: background thread "ubi_bgt0d" started, PID 9112
[  443.065077][ T9104] ubi0: detaching mtd0
[  443.088011][ T9104] ubi0: mtd0 is detached
[  446.103640][ T9132] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  446.270464][ T9132] sp0: Synchronizing with TNC
[  449.619483][ T9154] batman_adv: batadv0: Adding interface: dummy0
[  449.625772][ T9154] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  449.651304][ T9154] batman_adv: batadv0: Interface activated: dummy0
[  449.664481][ T9154] net_ratelimit: 10 callbacks suppressed
[  449.664497][ T9154] batadv0: mtu less than device minimum
[  449.677032][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  449.688506][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  449.700088][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  449.711582][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  449.723330][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  449.734989][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  449.746821][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  449.758624][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  449.770151][ T9154] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  450.702267][ T9162] delete_channel: no stack
[  450.720448][ T9162] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  450.721751][ T9164] dummy0 speed is unknown, defaulting to 1000
[  450.739064][ T9164] lo speed is unknown, defaulting to 1000
[  450.749060][ T9162] loop2: detected capacity change from 0 to 64
[  450.910016][ T9164] loop4: detected capacity change from 0 to 512
[  450.917420][ T9164] EXT4-fs: Ignoring removed mblk_io_submit option
[  450.923894][ T9164] EXT4-fs: Ignoring removed bh option
[  451.639256][ T9164] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  451.650800][ T9164] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  451.716944][ T9164] EXT4-fs (loop4): 1 truncate cleaned up
[  451.724241][ T9164] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  453.547836][ T6232] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.902353][ T9182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.771'.
[  455.061932][ T9193] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  458.546217][ T9217] loop4: detected capacity change from 0 to 128
[  459.074278][ T9219] net_ratelimit: 10 callbacks suppressed
[  459.074322][ T9219] netlink: set zone limit has 8 unknown bytes
[  459.853414][ T9221] loop2: detected capacity change from 0 to 1024
[  459.936601][ T9221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  459.964004][ T9229] overlayfs: failed to clone upperpath
[  460.553022][   T27] kauditd_printk_skb: 7 callbacks suppressed
[  460.553039][   T27] audit: type=1800 audit(2000000036.610:206): pid=9212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.781" name="file1" dev="loop2" ino=15 res=0 errno=0
[  460.982479][ T9241] dns_resolver: Unsupported server list version (0)
[  461.620861][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  461.709952][ T9244] loop4: detected capacity change from 0 to 256
[  461.732023][ T9244] exfat: Deprecated parameter 'utf8'
[  461.757250][ T9244] exfat: Deprecated parameter 'namecase'
[  461.763066][ T9244] exfat: Deprecated parameter 'utf8'
[  462.749258][ T9244] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  462.854035][ T9249] loop2: detected capacity change from 0 to 40427
[  462.866918][ T9249] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  462.873926][ T9249] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  462.887028][ T9249] F2FS-fs (loop2): Unrecognized mount option "ÏÝÙž¼?c¦Yõ—tð·<SsÊBýñÞpßûLä-ý¡…À<õSiÍÀ°¹4ð`o+éÚT©2À¡zÈoýÿ¢Œõ}KÍÍì¤Ë0 l™šCG­róš¿>rÉ7X•¼Ò7ÐÄ—æÖ}·Ÿªë%" or missing value
[  470.263283][ T9285] loop2: detected capacity change from 0 to 40427
[  470.334546][ T9285] F2FS-fs (loop2): invalid crc value
[  470.347159][ T9291] netlink: 24 bytes leftover after parsing attributes in process `syz.0.795'.
[  470.390752][ T9285] F2FS-fs (loop2): Found nat_bits in checkpoint
[  470.449230][ T9285] F2FS-fs (loop2): Start checkpoint disabled!
[  470.457719][ T9285] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  472.888735][ T3005] kworker/u4:11: attempt to access beyond end of device
[  472.888735][ T3005] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  472.974721][ T3005] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  473.859842][ T9310] loop4: detected capacity change from 0 to 4096
[  474.565573][ T9310] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  474.578491][ T9310] ntfs3: loop4: Failed to load $Extend (-22).
[  474.585076][ T9310] ntfs3: loop4: Failed to initialize $Extend.
[  474.897347][ T9317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  474.946831][ T9315] random: crng reseeded on system resumption
[  476.862452][ T9325] syz.1.804 (9325) used greatest stack depth: 17160 bytes left
[  477.306487][ T9330] program syz.4.805 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  477.318542][ T9330] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  482.295029][ T9364] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  482.362328][ T9364] sp0: Synchronizing with TNC
[  483.911204][ T9363] netlink: 24 bytes leftover after parsing attributes in process `syz.0.814'.
[  486.202062][ T9386] syz.4.821: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1
[  486.218890][ T9386] CPU: 1 PID: 9386 Comm: syz.4.821 Not tainted 6.6.99-syzkaller #0
[  486.227004][ T9386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  486.237282][ T9386] Call Trace:
[  486.240586][ T9386]  <TASK>
[  486.243569][ T9386]  dump_stack_lvl+0x16c/0x230
[  486.248288][ T9386]  ? show_regs_print_info+0x20/0x20
[  486.253506][ T9386]  ? load_image+0x3b0/0x3b0
[  486.258040][ T9386]  ? __rcu_read_unlock+0x7c/0xd0
[  486.263087][ T9386]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  486.269528][ T9386]  ? cpuset_print_current_mems_allowed+0x2e3/0x360
[  486.276055][ T9386]  warn_alloc+0x210/0x300
[  486.280514][ T9386]  ? stack_trace_save+0x9c/0xe0
[  486.285387][ T9386]  ? zone_watermark_ok_safe+0x230/0x230
[  486.291147][ T9386]  ? kasan_set_track+0x5f/0x70
[  486.296015][ T9386]  ? kasan_set_track+0x4e/0x70
[  486.300800][ T9386]  ? __kasan_kmalloc+0x8f/0xa0
[  486.305579][ T9386]  ? xsk_init_queue+0xb0/0x110
[  486.310478][ T9386]  ? xsk_setsockopt+0x43c/0x6f0
[  486.315362][ T9386]  ? do_sock_setsockopt+0x175/0x1a0
[  486.320585][ T9386]  ? __x64_sys_setsockopt+0x184/0x200
[  486.326003][ T9386]  __vmalloc_node_range+0x126/0x1320
[  486.331364][ T9386]  ? free_vm_area+0x50/0x50
[  486.336009][ T9386]  vmalloc_user+0x74/0x80
[  486.340378][ T9386]  ? xskq_create+0xbf/0x170
[  486.344907][ T9386]  xskq_create+0xbf/0x170
[  486.349265][ T9386]  xsk_init_queue+0xb0/0x110
[  486.353891][ T9386]  xsk_setsockopt+0x43c/0x6f0
[  486.358607][ T9386]  ? xsk_poll+0x670/0x670
[  486.362979][ T9386]  ? __fget_files+0x28/0x4d0
[  486.367624][ T9386]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  486.373201][ T9386]  ? security_socket_setsockopt+0x7e/0xa0
[  486.378943][ T9386]  ? xsk_poll+0x670/0x670
[  486.383306][ T9386]  do_sock_setsockopt+0x175/0x1a0
[  486.388369][ T9386]  ? __fdget+0x180/0x210
[  486.392653][ T9386]  __x64_sys_setsockopt+0x184/0x200
[  486.397898][ T9386]  do_syscall_64+0x55/0xb0
[  486.402355][ T9386]  ? clear_bhb_loop+0x40/0x90
[  486.407050][ T9386]  ? clear_bhb_loop+0x40/0x90
[  486.411755][ T9386]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  486.417676][ T9386] RIP: 0033:0x7f2333f8e9a9
[  486.422121][ T9386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.441851][ T9386] RSP: 002b:00007f2334d3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  486.450293][ T9386] RAX: ffffffffffffffda RBX: 00007f23341b6080 RCX: 00007f2333f8e9a9
[  486.458283][ T9386] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009
[  486.466286][ T9386] RBP: 00007f2334010d69 R08: 0000000000000004 R09: 0000000000000000
[  486.474276][ T9386] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  486.482276][ T9386] R13: 0000000000000000 R14: 00007f23341b6080 R15: 00007fffdecdc338
[  486.490286][ T9386]  </TASK>
[  486.514625][ T9386] Mem-Info:
[  486.518754][ T9386] active_anon:8268 inactive_anon:0 isolated_anon:0
[  486.518754][ T9386]  active_file:11568 inactive_file:40288 isolated_file:0
[  486.518754][ T9386]  unevictable:768 dirty:337 writeback:0
[  486.518754][ T9386]  slab_reclaimable:10916 slab_unreclaimable:98152
[  486.518754][ T9386]  mapped:28261 shmem:4305 pagetables:615
[  486.518754][ T9386]  sec_pagetables:0 bounce:0
[  486.518754][ T9386]  kernel_misc_reclaimable:0
[  486.518754][ T9386]  free:1340837 free_pcp:11566 free_cma:0
[  486.564919][ T9386] Node 0 active_anon:33072kB inactive_anon:0kB active_file:46272kB inactive_file:160944kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:113044kB dirty:1348kB writeback:0kB shmem:15684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11512kB pagetables:2460kB sec_pagetables:0kB all_unreclaimable? no
[  486.597876][ T9386] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  486.787865][ T9386] Node 0 DMA free:15328kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  487.002769][ T9386] lowmem_reserve[]: 0 2525 2526 2526 2526
[  487.803504][ T9386] Node 0 DMA32 free:1452200kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:33156kB inactive_anon:0kB active_file:46272kB inactive_file:159640kB unevictable:1536kB writepending:1356kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:27892kB local_pcp:19936kB free_cma:0kB
[  488.686919][ T9386] lowmem_reserve[]: 0 0 1 1 1
[  488.750550][ T9386] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB
[  489.016545][ T9386] lowmem_reserve[]: 0 0 0 0 0
[  489.021388][ T9386] Node 1 Normal free:3889776kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:24484kB local_pcp:15652kB free_cma:0kB
[  489.051641][ T9386] lowmem_reserve[]: 0 0 0 0 0
[  489.058818][ T9386] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB
[  489.073588][ T9386] Node 0 DMA32: 2*4kB (UE) 208*8kB (UE) 211*16kB (M) 532*32kB (UME) 302*64kB (UME) 68*128kB (UM) 14*256kB (UME) 8*512kB (UME) 9*1024kB (M) 2*2048kB (M) 337*4096kB (UM) = 1451448kB
[  489.101278][ T9386] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  489.241930][ T9386] Node 1 Normal: 264*4kB (UE) 68*8kB (UME) 53*16kB (UME) 59*32kB (UME) 18*64kB (UE) 10*128kB (UME) 0*256kB 2*512kB (ME) 1*1024kB (U) 1*2048kB (E) 947*4096kB (M) = 3889776kB
[  489.281583][ T9386] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  490.086461][ T9386] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  490.497578][ T9386] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  490.642527][ T9386] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  490.658642][ T9386] 59038 total pagecache pages
[  490.672246][ T9386] 0 pages in swap cache
[  490.681860][ T9386] Free swap  = 124712kB
[  490.687062][ T9386] Total swap = 124996kB
[  491.471839][ T9386] 2097051 pages RAM
[  491.476340][ T9386] 0 pages HighMem/MovableOnly
[  491.481073][ T9386] 416137 pages reserved
[  491.485232][ T9386] 0 pages cma reserved
[  493.136444][   T27] audit: type=1400 audit(2000000069.180:207): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3AF4F9904E7FDB3635A70D23C73EEAF23A3F503280080CA26230668AD9DCF8B061228F8599D34E45087D21AA56759E1651B3DD467BDEF390C76D pid=9431 comm="syz.2.832"
[  493.953594][ T9448] netlink: 24 bytes leftover after parsing attributes in process `syz.4.836'.
[  494.204259][ T9449] loop4: detected capacity change from 0 to 4096
[  494.215770][ T9449] ntfs3: Unknown parameter '0x00000000000000040x0000000000000000'
[  495.638119][ T9452] use of bytesused == 0 is deprecated and will be removed in the future,
[  495.646876][ T9452] use the actual size instead.
[  496.003574][ T9457] netlink: 40 bytes leftover after parsing attributes in process `syz.1.837'.
[  496.776999][ T9412] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  497.343120][ T9461] netlink: 56 bytes leftover after parsing attributes in process `syz.0.838'.
[  497.476336][ T9468] loop2: detected capacity change from 0 to 1764
[  499.081083][ T9477] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.280123][ T9476] netlink: 24 bytes leftover after parsing attributes in process `syz.4.841'.
[  499.927175][ T9487] netlink: 'syz.2.843': attribute type 1 has an invalid length.
[  499.935498][ T9487] netlink: 224 bytes leftover after parsing attributes in process `syz.2.843'.
[  499.948156][ T9487] 9pnet_fd: Insufficient options for proto=fd
[  501.633098][ T9510] loop2: detected capacity change from 0 to 64
[  501.977215][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  501.983597][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  504.453357][ T9510] loop2: detected capacity change from 0 to 32768
[  504.464910][ T9510] XFS: ikeep mount option is deprecated.
[  504.521193][ T9510] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  504.823105][ T9510] XFS (loop2): Ending clean mount
[  504.848665][ T9510] XFS (loop2): Quotacheck needed: Please wait.
[  504.950580][ T9510] XFS (loop2): Quotacheck: Done.
[  505.030322][ T5795] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  511.301961][ T9582] vlan2: entered promiscuous mode
[  511.307103][ T9582] bridge0: entered promiscuous mode
[  516.698826][ T9618] netlink: 24 bytes leftover after parsing attributes in process `syz.0.876'.
[  516.848256][ T8485] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  516.897405][   T27] audit: type=1326 audit(2000000092.960:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.0.876" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0b61d8e9a9 code=0x0
[  517.352037][ T8485] usb 5-1: Using ep0 maxpacket: 32
[  517.938186][ T9624] nvme_fabrics: missing parameter 'transport=%s'
[  517.942097][ T8485] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  517.966594][ T8485] usb 5-1: config 0 has no interfaces?
[  517.975353][ T8485] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  517.985063][ T8485] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  518.006197][ T8485] usb 5-1: Product: syz
[  518.010505][ T8485] usb 5-1: Manufacturer: syz
[  518.015256][ T8485] usb 5-1: SerialNumber: syz
[  518.030282][ T8485] usb 5-1: config 0 descriptor??
[  518.040317][ T9624] nvme_fabrics: missing parameter 'nqn=%s'
[  518.054261][ T9628] overlayfs: failed to clone upperpath
[  520.699393][ T9638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  520.735631][ T9638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  522.265652][ T8485] usb 5-1: USB disconnect, device number 8
[  522.810478][ T9662] overlayfs: failed to clone upperpath
[  528.501166][ T9692] loop4: detected capacity change from 0 to 512
[  528.660692][ T9697] loop2: detected capacity change from 0 to 256
[  529.109447][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.118765][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.128053][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.137156][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.146322][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.155163][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.164242][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.173283][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.182315][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.191299][ T9698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  529.573252][ T9697] FAT-fs (loop2): count of clusters too big (66845694)
[  529.580321][ T9697] FAT-fs (loop2): Can't find a valid FAT filesystem
[  529.643532][   T27] audit: type=1326 audit(2000000105.700:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9693 comm="syz.1.888" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc22818e9a9 code=0x0
[  529.725898][ T9692] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  529.749709][ T9466] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  529.808788][ T9692] UDF-fs: Scanning with blocksize 512 failed
[  529.926300][ T9692] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  529.934153][ T9692] UDF-fs: Scanning with blocksize 1024 failed
[  530.011411][ T9692] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found
[  530.056974][ T9692] UDF-fs: Scanning with blocksize 2048 failed
[  530.079447][ T9692] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  530.153635][ T9692] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  533.232521][ T9726] netlink: set zone limit has 8 unknown bytes
[  534.051237][ T8485] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  534.336204][ T8485] usb 5-1: Using ep0 maxpacket: 32
[  535.496641][ T9729] ceph: No mds server is up or the cluster is laggy
[  535.575413][ T8485] usb 5-1: config 0 has no interfaces?
[  535.601581][ T8485] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  535.601691][ T5860] libceph: connect (1)[c::]:6789 error -101
[  535.620474][ T8485] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  535.629555][ T8485] usb 5-1: Product: syz
[  535.634098][ T8485] usb 5-1: Manufacturer: syz
[  535.642488][ T5860] libceph: mon0 (1)[c::]:6789 connect error
[  535.654667][ T8485] usb 5-1: SerialNumber: syz
[  535.668472][ T8485] usb 5-1: config 0 descriptor??
[  535.954116][ T8485] usb 5-1: USB disconnect, device number 9
[  538.631048][ T9768] delete_channel: no stack
[  540.783990][ T9790] netlink: 'syz.1.915': attribute type 29 has an invalid length.
[  540.792826][ T9790] netlink: 'syz.1.915': attribute type 3 has an invalid length.
[  540.800962][ T9790] __nla_validate_parse: 43 callbacks suppressed
[  540.800974][ T9790] netlink: 76 bytes leftover after parsing attributes in process `syz.1.915'.
[  541.217924][ T9787] loop4: detected capacity change from 0 to 512
[  541.362847][ T9787] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  542.444347][ T9788] netlink: 24 bytes leftover after parsing attributes in process `syz.0.918'.
[  542.502884][ T9787] EXT4-fs (loop4): orphan cleanup on readonly fs
[  542.561740][ T9787] EXT4-fs error (device loop4): ext4_orphan_get:1425: comm syz.4.917: bad orphan inode 15
[  542.602350][ T9787] ext4_test_bit(bit=14, block=18) = 1
[  542.609602][ T9787] is_bad_inode(inode)=0
[  542.613896][ T9787] NEXT_ORPHAN(inode)=1023
[  542.620984][ T9787] max_ino=32
[  542.624299][ T9787] i_nlink=0
[  542.639077][ T9787] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2983: inode #15: comm syz.4.917: corrupted xattr block 19: e_value size too large
[  543.583131][ T9787] EXT4-fs warning (device loop4): ext4_evict_inode:272: xattr delete (err -117)
[  543.672678][ T9787] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  544.146740][ T6232] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  547.241904][ T9829] Cannot find add_set index 1 as target
[  547.400777][ T9832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.930'.
[  547.424145][ T9832] batman_adv: batadv0: Interface deactivated: dummy0
[  547.611863][ T9837] netlink: 68 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.265024][  T788] infiniband syz2: ib_query_port failed (-19)
[  548.330243][ T9832] batman_adv: batadv0: Removing interface: dummy0
[  548.365459][   T28] IPVS: starting estimator thread 0...
[  548.398017][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.407208][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.416172][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.425105][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.434147][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.443118][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.452083][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.461195][ T9836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.929'.
[  548.649255][ T9840] IPVS: using max 20 ests per chain, 48000 per kthread
[  556.255135][ T9899] rtc_cmos 00:00: Alarms can be up to one day in the future
[  561.264742][ T9993] comedi comedi3: pcl818: I/O port conflict (0x2f00,16)
[  561.275094][ T9993] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN
[  561.287042][ T9993] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[  561.295668][ T9993] CPU: 1 PID: 9993 Comm: syz.2.950 Not tainted 6.6.99-syzkaller #0
[  561.303583][ T9993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  561.313650][ T9993] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[  561.319241][ T9993] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 d2 e0 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 d2 e0 f9 4d 8b 24 24 48 83 c3
[  561.338884][ T9993] RSP: 0018:ffffc900045cfa10 EFLAGS: 00010206
[  561.345149][ T9993] RAX: 0000000000000005 RBX: ffff88802f516f80 RCX: 0000000000080000
[  561.353125][ T9993] RDX: ffffc9000ebf1000 RSI: 0000000000008d82 RDI: 0000000000008d83
[  561.361104][ T9993] RBP: 0000000000000001 R08: ffff88814c44b12f R09: 1ffff11029889625
[  561.369092][ T9993] R10: dffffc0000000000 R11: ffffed1029889626 R12: 0000000000000028
[  561.377165][ T9993] R13: dffffc0000000000 R14: ffff88814c44b000 R15: dffffc0000000000
[  561.385263][ T9993] FS:  00007fa4fe9306c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  561.394564][ T9993] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  561.401242][ T9993] CR2: 0000001b2db16ff8 CR3: 000000002954c000 CR4: 00000000003506e0
[  561.409231][ T9993] Call Trace:
[  561.412517][ T9993]  <TASK>
[  561.415453][ T9993]  pcl818_detach+0x66/0xd0
[  561.419893][ T9993]  comedi_device_detach+0x131/0x6f0
[  561.425209][ T9993]  comedi_device_attach+0x561/0x660
[  561.430492][ T9993]  comedi_unlocked_ioctl+0x68d/0xf00
[  561.435871][ T9993]  ? tomoyo_path_number_perm+0x477/0x590
[  561.441855][ T9993]  ? comedi_poll+0x8c0/0x8c0
[  561.446992][ T9993]  ? __fget_files+0x28/0x4d0
[  561.451589][ T9993]  ? bpf_lsm_file_ioctl+0x9/0x10
[  561.456792][ T9993]  ? security_file_ioctl+0x80/0xa0
[  561.461987][ T9993]  ? comedi_poll+0x8c0/0x8c0
[  561.466609][ T9993]  __se_sys_ioctl+0xfd/0x170
[  561.471292][ T9993]  do_syscall_64+0x55/0xb0
[  561.475793][ T9993]  ? clear_bhb_loop+0x40/0x90
[  561.480467][ T9993]  ? clear_bhb_loop+0x40/0x90
[  561.485135][ T9993]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  561.491022][ T9993] RIP: 0033:0x7fa4fdb8e9a9
[  561.495461][ T9993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.515498][ T9993] RSP: 002b:00007fa4fe930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  561.523909][ T9993] RAX: ffffffffffffffda RBX: 00007fa4fddb6160 RCX: 00007fa4fdb8e9a9
[  561.531874][ T9993] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000009
[  561.539961][ T9993] RBP: 00007fa4fdc10d69 R08: 0000000000000000 R09: 0000000000000000
[  561.547934][ T9993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  561.555894][ T9993] R13: 0000000000000000 R14: 00007fa4fddb6160 R15: 00007fffda651fe8
[  561.563859][ T9993]  </TASK>
[  561.566874][ T9993] Modules linked in:
[  561.594378][ T9993] ---[ end trace 0000000000000000 ]---
[  561.599990][ T9993] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[  561.606162][ T9993] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 d2 e0 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 d2 e0 f9 4d 8b 24 24 48 83 c3
[  561.626544][ T9993] RSP: 0018:ffffc900045cfa10 EFLAGS: 00010206
[  561.633058][ T9993] RAX: 0000000000000005 RBX: ffff88802f516f80 RCX: 0000000000080000
[  561.641537][ T9993] RDX: ffffc9000ebf1000 RSI: 0000000000008d82 RDI: 0000000000008d83
[  561.650281][ T9993] RBP: 0000000000000001 R08: ffff88814c44b12f R09: 1ffff11029889625
[  561.663987][ T9993] R10: dffffc0000000000 R11: ffffed1029889626 R12: 0000000000000028
[  561.672489][ T9993] R13: dffffc0000000000 R14: ffff88814c44b000 R15: dffffc0000000000
[  561.680681][ T9993] FS:  00007fa4fe9306c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  561.689786][ T9993] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  561.696462][ T9993] CR2: 0000001b2db0fff8 CR3: 000000002954c000 CR4: 00000000003506e0
[  561.704562][ T9993] Kernel panic - not syncing: Fatal exception
[  561.710867][ T9993] Kernel Offset: disabled
[  561.715263][ T9993] Rebooting in 86400 seconds..