last executing test programs:

7.187651604s ago: executing program 3 (id=11709):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, <r0=>0x0}, &(0x7f00000000c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90)
io_setup(0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000000))
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10)
syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]})

5.959372851s ago: executing program 4 (id=11718):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kvm_fpu\x00', r1}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 2)

4.869188026s ago: executing program 4 (id=11726):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000010000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000008c0)='page_pool_state_hold\x00', r0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

4.868608666s ago: executing program 0 (id=11727):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400})

4.782378314s ago: executing program 4 (id=11729):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000001811", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400})

4.740560597s ago: executing program 1 (id=11730):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000180)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@barrier_val={'barrier', 0x3d, 0xb24}}, {@init_itable}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@inlinecrypt}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
socket$tipc(0x1e, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
clock_gettime(0xffffffc3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062430bc068829afff36b31fa7e35ce95d0436c712910560020000005094931ab5affea652f9848fdd33ae4e7df071ae8d7ea01c986008da3e339490eac13d3f1b867ff8c951f8c4b28f441377b5a7566a3524411c461d46f07799a5083f512f211d07acf9e3c8890933d1b2fc9af227c50ee67acebb3bc0d012910bff219d7fb737185ba004f2436bb3675437bd9970185f46527ecec93941fa0432c689a9bc7e0545216ea318985751657e615ced6f0c1bfabe1c15e0cae2a480ec0127cdb5354cd5856a503722fc9775631fcf2042e6f20b7a520197f489fe44d21e90bb234a2f94af09d5203482fcdce01626ff5bde607caba78ee651fc05b17f6511f09e96ddf300232b576ad0ae8630813f8e751b9811efe6fa82ab494e80ac0f82959da1212b3764b089c5e3a1c08e732d822cb5378f4a00cfbb96451a4e03005d0ce3f4a7e21231e282f5c38a91269369a46ab42db4b714e50f040450927045d36be4d7491f75f0c7e3699243e9801d958e2fff00e8de4c3a72067822ee537e365fb2e9ed25f5ea5b254bafc6aadec480a14691cf10ca8b18f5286c4639be88ace76f643abcd4595fc6e74c52cf9b3e871dcdf1e5289a15edc515ce0e876f665e06a420a87029d38a2d9408410817cfc41117649e2a60a2217a5290a75c15cf4150c96851e5b457d9af481880e481ff5a6b0100f3cbe4b6d3a7b598d527f43a6e59240332d653002f19abb3cb6662f8f068f2a501441df4357a090d8aa311080b0ad09ed668d9baeb8a70f24cdbd20c520400a188b8719a0db1ff61168c8fb387e50ded3ab98c87d30676829313caa6ea85b0f8e3ca325bba62dfb59406fbd452100032176b7a491f6dfe25593505a416b15970cc0ecd7a4ea733131961c6c3ee523e41e08150aa48e42399e9ea78131cc0a5ff5e641523450a6737798d22919ea798778dfe9cfbdd3ecd3534ccdea46edd2f1c06653e87d1af043ef2005a9217d8f00eb22b793bfde8c009970446d8bb5cad553fd896a2c8c566"], &(0x7f0000281ffc)='GPL\x00'}, 0x48)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x0)
bind$bt_hci(r5, &(0x7f0000000140), 0x6)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)

4.740106127s ago: executing program 0 (id=11731):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000010000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000008c0)='page_pool_state_hold\x00', r0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 2)

4.439396594s ago: executing program 4 (id=11732):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, <r0=>0x0}, &(0x7f00000000c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90)
io_setup(0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000000))
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket(0x10, 0x803, 0x0)
r7 = socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)

4.398678537s ago: executing program 0 (id=11733):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0)

4.398044967s ago: executing program 0 (id=11734):
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x1f)
socket$inet(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32=<r4=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$unix(0x1, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10)
rt_sigaction(0x22, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0xa, 0x3, &(0x7f0000000440)=ANY=[@ANYRES16=r4, @ANYRESOCT=r3, @ANYRESOCT=r4, @ANYRESHEX=r5], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x28, 0x1, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r7, 0x8983, &(0x7f0000000000)={0x6, 'pimreg0\x00', {0x2}, 0x4})
io_setup(0x6, &(0x7f00000000c0)=<r8=>0x0)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/profiling', 0x1a1081, 0x0)
io_submit(r8, 0x1, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x0, r9, &(0x7f0000000100)='9', 0x1}])
getsockname$packet(r7, &(0x7f0000000080)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab)
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003e80)=@newtfilter={0x30, 0x2c, 0x800, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {}, {0x10}, {0x0, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}}, 0x0)
syz_open_procfs(0x0, 0x0)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0xff, 0x208, &(0x7f0000000780)="$eJzsmb9rFEEUx78zu7d7BhEstLA5i4ARzN7unkoai9iKICSilodZQ3STk8sWSUAw2Nj4B/iPKFxlYWcjFlYWKggWXmmj4Mj82Lu5W2917zgs8j7F8J03M2/evNm8gRwIgjiyfP70/eOzqyvrFwAcxyJ8Y//qDOdwa/6H507NyNc7Jx71xv0xAEIM++5f9vcAvFp1gMfarRA/hD2+aHyugystuQmO80bfAkOQxyokWiZguGPM9y3dOWZEmrC7nXTj3laahLKJZBPLpgWIkfj7hwwbAOpmC2bFt7t/8KCdAl0t0iQXNZHvUxiqKsryp+Jb5bhipUDe1+2nTw5lPzD20MpfBI7I6BYY1oxegY8gCBqmm0TW+c+4Q/+Ovjbr/P96kvpsiagqTi6XzskPMe8wfom5ePamuoL5CBlH9VW8UVzlVfPjTREzG7fIP+iB5XS/96a46st/Te9sQhUuAIWhdwtpet22vL1mxKkRP2ft/Fgi/wInfhK6fjAXOGfVJ9d6FZrZ9sPm7v7B8tZ2ezPZTHbiuHU5vBiGl+Kmqs26Lal/dVWfFiz/tQlzPeZhr51l3WgPyLrRoB/r1qq4ay8639Qaruofx9JPIfLnRR3b//Me6v3z9TqmekvOxOAJgiAIgiAIgiAIgiAIgiBKaLwvWPAS5n+VLP9NrIgb31CzfwcAAP//+HdjKA==")
socket(0x89bf93a2af2e115d, 0x5, 0x80004)

4.006817671s ago: executing program 3 (id=11735):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000022ac1b26000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x2d)

3.843381815s ago: executing program 1 (id=11736):
io_setup(0x3, &(0x7f0000000340))

3.582840168s ago: executing program 1 (id=11737):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000e8000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000980)='neigh_update\x00', r1}, 0x10)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000040)={{0x2, 0x0, @multicast2}, {}, 0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'ip6gre0\x00'}) (fail_nth: 2)

3.467676558s ago: executing program 0 (id=11738):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth0_vlan\x00', <r1=>0x0})
unshare(0x62040200)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0)
r3 = gettid()
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0)

3.168292474s ago: executing program 1 (id=11739):
syz_io_uring_setup(0x1390, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x101091, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x1, {[@main]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f0000000000)={0x0, 0xffffffff})
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
r3 = syz_open_dev$loop(&(0x7f00000003c0), 0x0, 0x10f242)
r4 = memfd_create(&(0x7f0000000640)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xefE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xd1\xa7@\xa1_B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xb0\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcd\x90\x95\xdd\x8a\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\fe\x84\x7f\x10Y,\xe6\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xab>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1d<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbe\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaa\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00w\xa8wW\xb7\a\xda\xe1\xe0\x9b\xcd\x1dM\t\x86.\xc5\x06A\x17\xd3\xb7\xd7\xe8\xf5\xf4\xa48\xa1\x8cp\x89\x95y\x14\xa5k/\xceu\xad\x7f\x04Q\x96[@\xfb\xe4\x11\x88\xda}\xcd\xe8!\xb8\x92\xa14c\x85b\xd9\f\xbf\x95J\xa1cU\xf9\xa3\x11\xad\xaa\x00vZ]An\xba3\xde}G\x95qZ\xff\x1e\x9d\xd8\x86\x9a\xf8\xca\x1dMiJ\x0f\xed\xbb\x1a\xf5\xf2\x90j\x13\xdc^!\xe2Z\':\xb6\x19js|\xb5\xdf\xe7\xe3\xff\x17+\x96\xae\t\xb7\xcd#s5VTT\x93hD\xe9`\xfbl\xc4\xf9\xe7_\xb4\xc4[%B\x85\x91\x0f\xef\x15)je\xc9.\xec\xb7@\a\xa1\x83\xe3/\x04bw\x00\x00\x00\x00\x00\x00\x00\x00\x00\xda\xca\x1fM\x15\x9c\xe0}\x86,\xef=s(\xc0\x03\xf1H\xa0\xa9\xfblV\x81\xd1\xe3KQlR\xbc\xc9\'O}+e\xc3\xabr?v\x9dMS\xa9<\fq3\xe8\xe2I\x9f\x9b\x11\xa4\xc0\xbdV;\x83Y\x86$\r\a%\x1aV\x00\x00\x00\x00', 0x3)
pwritev(r4, &(0x7f0000000140)=[{&(0x7f00000000c0)="ee8dc302", 0x4}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4)
rt_sigprocmask(0x2, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendfile(r3, r3, 0x0, 0x24002de8)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000180)={'ip6gre0\x00', <r5=>0x0, 0x2b, 0xa, 0x5c, 0x249db97d, 0x1, @dev={0xfe, 0x80, '\x00', 0x22}, @local, 0x7, 0x8000, 0xffffff81, 0x200}})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x7fff, 0x0, r2, 0xce4, '\x00', r5, 0xffffffffffffffff, 0x2, 0x2, 0x4}, 0x48)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

3.110697129s ago: executing program 0 (id=11741):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10)
unshare(0x64000600)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000002200000c0000000000feff00760000000f00000045000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r1}, 0x10)
syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0xd42, 0x20003}, 0x0, 0x0)
r2 = syz_io_uring_setup(0x49, &(0x7f0000000340), &(0x7f0000000140), &(0x7f0000000100))
r3 = syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040), &(0x7f0000000240))
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_freezer_state(r4, &(0x7f00000000c0), 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r6}, 0x10)
r7 = openat$cgroup_procs(r4, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f0000000040), 0x12)
write$cgroup_freezer_state(r5, &(0x7f0000000400)='FROZEN\x00', 0x7)
write$cgroup_freezer_state(r5, &(0x7f0000000080)='THAWED\x00', 0x7)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0x18, 0x20000000, r8)
r9 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r10, &(0x7f0000000440), 0x10)
listen(r10, 0x0)
r11 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r11, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
setsockopt$sock_timeval(r11, 0x1, 0x43, &(0x7f0000000040)={0x0, 0x2710}, 0x10)
writev(r11, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
writev(r11, &(0x7f0000000740), 0x0)
fsetxattr$system_posix_acl(r9, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000010"], 0xfe44, 0x0)

2.558259067s ago: executing program 3 (id=11746):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, <r0=>0x0}, &(0x7f00000000c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90)
io_setup(0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000000))
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10)
syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]})

2.115306726s ago: executing program 4 (id=11747):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, <r0=>0x0}, &(0x7f00000000c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90)
io_setup(0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000000))
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0)
getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10)
syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]})

831.708988ms ago: executing program 1 (id=11749):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
mkdir(0x0, 0x0)
r1 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
fcntl$setsig(r2, 0xa, 0x12)
ppoll(&(0x7f0000000100)=[{r3}], 0x1, 0x0, &(0x7f0000000080)={[0x8001a0ffffffff]}, 0x8)
dup2(r2, r3)
fcntl$setown(r3, 0x8, r1)
tkill(r1, 0x13)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
socket(0x10, 0x3, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r6, 0x8982, &(0x7f0000000000)={0x1, 'xfrm0\x00', {}, 0x4})

831.047028ms ago: executing program 2 (id=11750):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdfe}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 2)

830.334008ms ago: executing program 3 (id=11751):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r5}, 0x69)

487.403768ms ago: executing program 2 (id=11752):
r0 = socket$netlink(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xf) (async)
ioctl$TCFLSH(r1, 0x400455c8, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB="0000000000000000b70800000000c82a7b8af8ff00000069bfa200000000000007020000f8ffffffb703000048000000b704000000000000850000000100199b4aaf77ba59df31dc205e1a40ae531f7f29ca5fcfc953f7851caa51aba11b80eefe341d3e88a3b96d32d46cccf800"/121], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00'}, 0x10) (async)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x9f1b}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={0xffffffffffffffff, r4}, 0xc)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x4, 0xba, 0x1100, r4}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffff64) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={0x0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
ioctl$TIOCSTI(r1, 0x5437, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$GTP_CMD_DELPDP(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r8, &(0x7f0000000080)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000000000090", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route_sched(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0x4, 0xffff}, {0x0, 0xfff2}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x8}}]}, 0x2c}}, 0x0) (async)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f0000000300)=r11, 0x4)

482.845428ms ago: executing program 3 (id=11753):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdfe}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

482.382798ms ago: executing program 2 (id=11754):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000000000000000181100", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400})

457.554821ms ago: executing program 1 (id=11755):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000100)={[{@noinline_xattr}, {@io_bits={'io_bits', 0x3d, 0xcd}}, {@four_active_logs}, {@jqfmt_vfsv1}, {@inline_xattr}, {@user_xattr}, {@noflush_merge}, {@fsync_mode_posix}, {@noinline_dentry}, {@noextent_cache}]}, 0x21, 0x552d, &(0x7f000000abc0)="$eJzs3EtvG1UUAODjpOmbEiEW7DqoQkqk2qrTh2BXoBUP0aoqsGAFju1abmxPFDtOyIoFS8SCf4JAYsWS38CCNTvEAsQOCeS5E2gKlZDixKT5Pml85t65c+beURTpzFgO4NhazH77pRIX4kxEzEfE+Yhiv1JuhZspvBARFyNi7pGtUvb/1XEyIs5GxIVJ8pSzUh764vL40vWf3/712+9PnTj35Tc/zG7VwKy9FBH99bS/1U8x76T4sOxvjLtF7F8blzEd6K+V7TzFrfZqkWGrsTuuUcSrnTQ+X98cTuKDXqM5iZ3ug6J/fZAuOBx3dvMUJzxsbBTtVnu1iN1hXsTOTprX9k7637YzHKU8rTLfx0X6GI12Y+pvb7fTetbXitgcjMr+lDdvtbcncVzG8nLRzHutYh6r+7nT/2svvtMdbG5n4/bGsJsPsuu1+su1+o1qfSNvtUfta9VGv3XjWrbU6U2GVUftRv9mJ887vXatmfeXs6VOs1mt17OlW+3VbmOQ1eu1q7Ur1evL5d7l7I2772e9VrY0ia91B5ujbm+YPcg3snTGcrZSu/rKcnapnr1751527/7t23fuvffhrQ/uvnrnrdfLQf+YVra0cmVlpVq/Ul2pL+/vBhyp9X9aTnqK64d9qcx6AgBHj/ofmIWDq/837kccfP0f6v+pOFL173Gv/w9g/bAv6n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGPrx4Wv3ix2FlP7XNn/TNn1XNmuRMRcRPzxL+bj5J6c82WehSeMX3hsDt9VosgwucapcjsbETfL7fdnD/ouAAAAwNPr608ufp6q9fSxOOsJcZjSQ5u58x9NKV8lIhYWf5pStrnJx/NTSlb8fZ+I7SllKx5gnZ5SsvTI7cS0sv0n83vC6UdCJYW5x8+Y2moBAICZ2VsJHG4VAgAAwGH67IlH1g51HhyySuy+ytx9F1x88/7vl31nUturPwAAADi6KrOeAAAAAHDgivrf7/8BAADA0y39/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+ycy+5aQNxHID/NrjQl4qq7nuV7uAYPUKXXVYcoJfgCOQKuQBnILscIYIIj4NCRB7EY6xE3yfZgy3zmxkei5mRBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLV9VydvHv5/+2OZttO3l6AwAAAByzrpaz+sUkXX9u7n9tbn1vrouIKCPi2Nh9EB8OMgdNTvXI89WDNlxG1Am7OkbN8SkifqVjG9+6/hQAAADgXRruTqv5YppG6+k06btVtHbCd5gmbcovvzNVXURENbnOlFbu8n5kCqt/38P4mymtnsAaZwpLU27DXGkvUv/d97N243tFkYry6fdn6zsAAHBGg4PivKMQAAAAzulP3w2gCx+ffaKIu6XM/VLgKBXjgwiLfQAAAPB2FX03AAAAAOhcPf4/Zf+/6Gf/v7ix/x8AAAC8Wtr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC6tq+VsNV9M2+Zstu3k6Q0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9LCoRAEETBnPG/k77/YSVBzyBCBDQ8qqhFAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7Ny/b9xUHADwZ/t8/QGII6AbghBIDLDQ67W0dEMMoIiBPwEpSq8l9MqPNgOtKqQsbChzFwQjQkigsPUfYOqG1EpdytbhhiKxsByyz845TSUuRLEvyecjPb/vOY7f99lSlK+fEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDR6bxon2aYzieNi373Ht1ay/v4TfebOxoPFrGVxVGfSB8Mr1Q9Rt7lEAAAAODqSsr4PITxMN5eyPu7k9X9aHpPV/N8/N4nLev7Jur/sy9o/a7/9+uilrYE6k3Gyk15aHQ5O70yltX+znG/P/+cRrfzK589ekvyGxB+uvzhK8+sZfXv37vvtPDxWR7YAwP9xquyLoPx9KOv7TSYGwJHRqhTeZf2fdJrNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAOo/XwTBlHIYTF1jTO3H98a+Vp/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8GkJoavR3i+lf+XiGg0No5PrsV/DPeDze1Xcdbz7nPQVxcbPnJZ+DETT4QwkAgEMpLVpW1z9MN5eyfdFCCOMfttf/b1TiMGP9/+iT8/eqY1Xr/35tM5x/vbWrX/Su37j51urV5cuDy4PP3j7Tf6d/9sK5cxd6+bOSnicmAAAA7E27aNX6P17Yuf5/shKHGev/L7/rfz0d6Y98q/7fabro13QmAAAAR9sLr/39V/SU/VG7Hb5aXlu71p9stz6fmWwbSHXXjhWtWv8nC01nBQAAANRhtB5tW/+/WInDjOv/z/748s/VcyYhhBPF+v+plc+HF+ubzlyr48+Jm54jAAAAzTpRtOr6f5q//x9vvfIQhxDefH0SF/8GcKb6P/ngm5+qYyWV9//P1jfFuRR3J9cj77shtLrbvvx7Y4kBAABwKB0vWlbs/5luLn36y8mP2t7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjbvwEAAP//E41CoA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xf0})
fstat(r0, &(0x7f0000000340))

440.373402ms ago: executing program 2 (id=11756):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0)

437.362102ms ago: executing program 3 (id=11757):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, <r0=>0x0}, &(0x7f00000000c0)=0x14)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90)
io_setup(0x0, &(0x7f00000000c0))
io_setup(0x4, &(0x7f0000000000))
syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket(0x10, 0x803, 0x0)
r7 = socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)

403.000615ms ago: executing program 2 (id=11758):
clock_gettime(0x0, 0x0)

357.408809ms ago: executing program 2 (id=11759):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x2, 0x10000, 0x5, 0x0, 0x1}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)={0x0, <r0=>0x0})
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x238804}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, 0x3e9, 0x10, 0x70bd28, 0x25dfdbfe, {0x43, 0x0, 0x0, r0, 0x6, 0x80000000, 0x9b38, 0x4, 0x0, 0x7, 0x5}, ["", "", "", "", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x11)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$loop_ctrl(0xffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000c80)=0x9)
socket$netlink(0x10, 0x3, 0x4)
getpgid(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r6=>0x0}, &(0x7f0000cab000)=0xa)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
syz_emit_ethernet(0x4e, &(0x7f0000000100)=ANY=[@ANYBLOB="85a2fa90e20700000000000086dd6000000000180000fe8000000000000000000000000000bbff020000000000000000000000000001860090"], 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000002c0)={0x0, @loopback, @local}, &(0x7f00000004c0)=0xc)
setresgid(0x0, r6, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc)
sendmmsg$unix(r4, &(0x7f0000002fc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b40)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, r6}}}], 0x20}}], 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x1ff)

0s ago: executing program 4 (id=11760):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8c}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00'}, 0x10)
getrlimit(0xe, &(0x7f0000000180)) (fail_nth: 1)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)

kernel console output (not intermixed with test programs):

T12093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2296.181766][T12093] Call Trace:
[ 2296.184889][T12093]  <TASK>
[ 2296.187669][T12093]  dump_stack_lvl+0x151/0x1b7
[ 2296.192181][T12093]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2296.197475][T12093]  ? selinux_socket_bind+0x3c3/0xe40
[ 2296.202600][T12093]  dump_stack+0x15/0x1c
[ 2296.206588][T12093]  should_fail_ex+0x3d0/0x520
[ 2296.211104][T12093]  ? unix_bind+0x25c/0xec0
[ 2296.215465][T12093]  __should_failslab+0xaf/0xf0
[ 2296.220062][T12093]  should_failslab+0x9/0x20
[ 2296.224400][T12093]  __kmem_cache_alloc_node+0x3d/0x250
[ 2296.229609][T12093]  ? unix_bind+0x25c/0xec0
[ 2296.233862][T12093]  __kmalloc+0xa3/0x1e0
[ 2296.237857][T12093]  unix_bind+0x25c/0xec0
[ 2296.241934][T12093]  ? check_stack_object+0x114/0x130
[ 2296.246971][T12093]  ? unix_release+0xc0/0xc0
[ 2296.251308][T12093]  ? security_socket_bind+0x82/0xb0
[ 2296.256339][T12093]  __sys_bind+0x233/0x2e0
[ 2296.260510][T12093]  ? __ia32_sys_socketpair+0xb0/0xb0
[ 2296.265718][T12093]  ? debug_smp_processor_id+0x17/0x20
[ 2296.267225][T11963] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2296.270920][T12093]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2296.280894][ T8747] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 2296.286716][T12093]  __x64_sys_bind+0x7a/0x90
[ 2296.296972][T12093]  x64_sys_call+0x17f/0x9a0
[ 2296.301302][T12093]  do_syscall_64+0x3b/0xb0
[ 2296.305549][T12093]  ? clear_bhb_loop+0x55/0xb0
[ 2296.310061][T12093]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2296.315797][T12093] RIP: 0033:0x7f469d57cef9
[ 2296.320539][T12093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2296.340188][T12093] RSP: 002b:00007f469e2ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 2296.348433][T12093] RAX: ffffffffffffffda RBX: 00007f469d736130 RCX: 00007f469d57cef9
[ 2296.356349][T12093] RDX: 000000000000006e RSI: 0000000020003000 RDI: 0000000000000006
[ 2296.364142][T12093] RBP: 00007f469e2ba090 R08: 0000000000000000 R09: 0000000000000000
[ 2296.371953][T12093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2296.379764][T12093] R13: 0000000000000000 R14: 00007f469d736130 R15: 00007ffff19bef08
[ 2296.387580][T12093]  </TASK>
[ 2296.454221][T12096] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11511'.
[ 2296.465543][T12096] device sit3 entered promiscuous mode
[ 2296.523761][   T28] audit: type=1400 audit(1725779810.672:622): avc:  denied  { unmount } for  pid=1439 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 2296.547135][T11963] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2296.564813][T11963] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2296.587421][T11963] usb 3-1: Product: syz
[ 2296.591417][T11963] usb 3-1: Manufacturer: syz
[ 2296.595843][T11963] usb 3-1: SerialNumber: syz
[ 2296.617956][T11963] usb 3-1: config 0 descriptor??
[ 2296.687037][T10833] bio_check_eod: 102203 callbacks suppressed
[ 2296.687059][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.687059][T10833] loop2: rw=524288, sector=87960, nr_sectors = 8 limit=40427
[ 2296.707024][T11676] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2296.717054][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.717054][T10833] loop2: rw=524288, sector=87968, nr_sectors = 8 limit=40427
[ 2296.731039][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.731039][T10833] loop2: rw=524288, sector=87976, nr_sectors = 8 limit=40427
[ 2296.744989][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.744989][T10833] loop2: rw=524288, sector=87984, nr_sectors = 8 limit=40427
[ 2296.759084][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.759084][T10833] loop2: rw=524288, sector=87992, nr_sectors = 8 limit=40427
[ 2296.773051][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.773051][T10833] loop2: rw=524288, sector=88000, nr_sectors = 8 limit=40427
[ 2296.787167][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.787167][T10833] loop2: rw=524288, sector=88008, nr_sectors = 8 limit=40427
[ 2296.801396][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.801396][T10833] loop2: rw=524288, sector=88016, nr_sectors = 8 limit=40427
[ 2296.815432][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.815432][T10833] loop2: rw=524288, sector=88024, nr_sectors = 8 limit=40427
[ 2296.829536][T10833] syz.2.11195: attempt to access beyond end of device
[ 2296.829536][T10833] loop2: rw=524288, sector=88032, nr_sectors = 8 limit=40427
[ 2296.848031][T12103] loop4: detected capacity change from 0 to 40427
[ 2296.878575][T11963] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[ 2296.891947][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2296.897458][T11963] usb 3-1: USB disconnect, device number 113
[ 2296.913469][T11676] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2296.922563][T11676] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2296.930675][T11676] usb 4-1: Product: syz
[ 2296.938169][T12103] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 2296.947097][T11676] usb 4-1: Manufacturer: syz
[ 2296.959301][T11676] usb 4-1: SerialNumber: syz
[ 2296.972880][T11676] usb 4-1: config 0 descriptor??
[ 2297.010456][T12103] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 2297.208287][   T28] audit: type=1400 audit(1725779811.362:623): avc:  denied  { create } for  pid=12102 comm="syz.4.11513" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1
[ 2297.318304][T12087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11510'.
[ 2297.345131][T12087] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11510'.
[ 2297.399744][T11676] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[ 2297.407517][T11676] usb 4-1: USB disconnect, device number 107
[ 2297.407717][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2297.701935][T12121] FAULT_INJECTION: forcing a failure.
[ 2297.701935][T12121] name failslab, interval 1, probability 0, space 0, times 0
[ 2297.714486][T12121] CPU: 1 PID: 12121 Comm: syz.2.11519 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2297.724695][T12121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2297.734594][T12121] Call Trace:
[ 2297.737715][T12121]  <TASK>
[ 2297.740494][T12121]  dump_stack_lvl+0x151/0x1b7
[ 2297.745008][T12121]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2297.750304][T12121]  dump_stack+0x15/0x1c
[ 2297.754295][T12121]  should_fail_ex+0x3d0/0x520
[ 2297.758809][T12121]  ? disk_seqf_start+0x6f/0x110
[ 2297.763493][T12121]  __should_failslab+0xaf/0xf0
[ 2297.768095][T12121]  should_failslab+0x9/0x20
[ 2297.772436][T12121]  __kmem_cache_alloc_node+0x3d/0x250
[ 2297.777641][T12121]  ? disk_seqf_start+0x6f/0x110
[ 2297.782330][T12121]  kmalloc_trace+0x2a/0xa0
[ 2297.786587][T12121]  disk_seqf_start+0x6f/0x110
[ 2297.791092][T12121]  traverse+0x151/0x530
[ 2297.795088][T12121]  ? bit_wait_io_timeout+0x120/0x120
[ 2297.800212][T12121]  seq_lseek+0x170/0x270
[ 2297.804285][T12121]  proc_reg_llseek+0x1af/0x280
[ 2297.808891][T12121]  __x64_sys_lseek+0x14f/0x1e0
[ 2297.813489][T12121]  x64_sys_call+0x60/0x9a0
[ 2297.817740][T12121]  do_syscall_64+0x3b/0xb0
[ 2297.821993][T12121]  ? clear_bhb_loop+0x55/0xb0
[ 2297.826504][T12121]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2297.832234][T12121] RIP: 0033:0x7f2ad377cef9
[ 2297.836487][T12121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2297.855928][T12121] RSP: 002b:00007f2ad44a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000008
[ 2297.864173][T12121] RAX: ffffffffffffffda RBX: 00007f2ad3935f80 RCX: 00007f2ad377cef9
[ 2297.871983][T12121] RDX: 0000000000000000 RSI: 0146e80000000000 RDI: 0000000000000009
[ 2297.879805][T12121] RBP: 00007f2ad44a3090 R08: 0000000000000000 R09: 0000000000000000
[ 2297.887609][T12121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2297.895425][T12121] R13: 0000000000000000 R14: 00007f2ad3935f80 R15: 00007ffd64575978
[ 2297.903239][T12121]  </TASK>
[ 2297.911836][T12123] loop4: detected capacity change from 0 to 1024
[ 2297.918377][T12123] EXT4-fs: Ignoring removed orlov option
[ 2297.937403][T12123] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 2297.967953][T12123] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 2298.707698][ T8749] Bluetooth: hci0: sending frame failed (-49)
[ 2298.714205][ T8747] Bluetooth: hci0: Opcode 0x1003 failed: -49
[ 2299.208266][ T9754] EXT4-fs (loop4): unmounting filesystem.
[ 2299.384217][T12152] FAULT_INJECTION: forcing a failure.
[ 2299.384217][T12152] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2299.397135][T12152] CPU: 1 PID: 12152 Comm: syz.3.11523 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2299.406806][T12152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2299.416698][T12152] Call Trace:
[ 2299.419823][T12152]  <TASK>
[ 2299.422600][T12152]  dump_stack_lvl+0x151/0x1b7
[ 2299.427113][T12152]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2299.432409][T12152]  ? __check_object_size+0x76/0x650
[ 2299.437445][T12152]  dump_stack+0x15/0x1c
[ 2299.441432][T12152]  should_fail_ex+0x3d0/0x520
[ 2299.445957][T12152]  should_fail+0xb/0x10
[ 2299.449938][T12152]  should_fail_usercopy+0x1a/0x20
[ 2299.454821][T12152]  _copy_from_user+0x1e/0xc0
[ 2299.459229][T12152]  move_addr_to_kernel+0x87/0x150
[ 2299.464173][T12152]  __sys_sendto+0x2b4/0x600
[ 2299.468516][T12152]  ? __ia32_sys_getpeername+0x90/0x90
[ 2299.473822][T12152]  ? finish_task_switch+0x167/0x7b0
[ 2299.478864][T12152]  ? __kasan_check_write+0x14/0x20
[ 2299.483793][T12152]  ? fpregs_restore_userregs+0x130/0x290
[ 2299.489260][T12152]  __x64_sys_sendto+0xe5/0x100
[ 2299.493868][T12152]  x64_sys_call+0x15c/0x9a0
[ 2299.498633][T12152]  do_syscall_64+0x3b/0xb0
[ 2299.502884][T12152]  ? clear_bhb_loop+0x55/0xb0
[ 2299.507398][T12152]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2299.513125][T12152] RIP: 0033:0x7f11a297ed8c
[ 2299.517816][T12152] Code: 2a 5a 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5a 02 00 48 8b
[ 2299.537255][T12152] RSP: 002b:00007f11a27dcec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 2299.545500][T12152] RAX: ffffffffffffffda RBX: 00007f11a27dcfc0 RCX: 00007f11a297ed8c
[ 2299.553315][T12152] RDX: 0000000000000020 RSI: 00007f11a27dd010 RDI: 0000000000000003
[ 2299.561126][T12152] RBP: 0000000000000000 R08: 00007f11a27dcf14 R09: 000000000000000c
[ 2299.569370][T12152] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 2299.577180][T12152] R13: 00007f11a27dcf68 R14: 00007f11a27dd010 R15: 0000000000000000
[ 2299.584998][T12152]  </TASK>
[ 2299.833696][T12143] loop1: detected capacity change from 0 to 40427
[ 2299.873326][T12143] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 2299.997949][T12143] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[ 2300.219845][T12166] FAULT_INJECTION: forcing a failure.
[ 2300.219845][T12166] name failslab, interval 1, probability 0, space 0, times 0
[ 2300.232323][T12166] CPU: 1 PID: 12166 Comm: syz.1.11525 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2300.242004][T12166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2300.251895][T12166] Call Trace:
[ 2300.255042][T12166]  <TASK>
[ 2300.257803][T12166]  dump_stack_lvl+0x151/0x1b7
[ 2300.262313][T12166]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2300.267703][T12166]  ? preempt_schedule_irq+0xe7/0x140
[ 2300.272824][T12166]  ? selinux_socket_bind+0x3c3/0xe40
[ 2300.277945][T12166]  dump_stack+0x15/0x1c
[ 2300.281934][T12166]  should_fail_ex+0x3d0/0x520
[ 2300.286450][T12166]  ? unix_bind+0x25c/0xec0
[ 2300.290702][T12166]  __should_failslab+0xaf/0xf0
[ 2300.295301][T12166]  should_failslab+0x9/0x20
[ 2300.299661][T12166]  __kmem_cache_alloc_node+0x3d/0x250
[ 2300.304849][T12166]  ? unix_bind+0x25c/0xec0
[ 2300.309101][T12166]  __kmalloc+0xa3/0x1e0
[ 2300.313100][T12166]  unix_bind+0x25c/0xec0
[ 2300.317171][T12166]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[ 2300.322643][T12166]  ? __sys_bind+0x16d/0x2e0
[ 2300.326993][T12166]  ? unix_release+0xc0/0xc0
[ 2300.331323][T12166]  ? security_socket_bind+0x82/0xb0
[ 2300.336357][T12166]  __sys_bind+0x233/0x2e0
[ 2300.340522][T12166]  ? __ia32_sys_socketpair+0xb0/0xb0
[ 2300.345642][T12166]  ? fpregs_restore_userregs+0x130/0x290
[ 2300.351117][T12166]  __x64_sys_bind+0x7a/0x90
[ 2300.355450][T12166]  x64_sys_call+0x17f/0x9a0
[ 2300.359787][T12166]  do_syscall_64+0x3b/0xb0
[ 2300.364038][T12166]  ? clear_bhb_loop+0x55/0xb0
[ 2300.368554][T12166]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2300.374281][T12166] RIP: 0033:0x7faa2bd7cef9
[ 2300.378539][T12166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2300.397978][T12166] RSP: 002b:00007faa2cafc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 2300.406222][T12166] RAX: ffffffffffffffda RBX: 00007faa2bf36130 RCX: 00007faa2bd7cef9
[ 2300.414117][T12166] RDX: 000000000000006e RSI: 0000000020003000 RDI: 0000000000000008
[ 2300.421928][T12166] RBP: 00007faa2cafc090 R08: 0000000000000000 R09: 0000000000000000
[ 2300.429760][T12166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2300.437554][T12166] R13: 0000000000000000 R14: 00007faa2bf36130 R15: 00007fff2ba15c38
[ 2300.445368][T12166]  </TASK>
[ 2300.603681][T12171] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11528'.
[ 2300.799741][T12175] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11534'.
[ 2301.056988][ T3012] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[ 2301.106992][T29701] usb 3-1: new full-speed USB device number 114 using dummy_hcd
[ 2301.276534][T12183] loop1: detected capacity change from 0 to 40427
[ 2301.294639][T12183] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 2301.343171][T12183] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[ 2301.467073][ T3012] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2301.574033][T29701] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 2301.600674][T29701] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[ 2301.697573][T10833] bio_check_eod: 60726 callbacks suppressed
[ 2301.697654][T10833] syz.2.11195: attempt to access beyond end of device
[ 2301.697654][T10833] loop2: rw=0, sector=86760, nr_sectors = 8 limit=40427
[ 2301.747541][ T3012] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2301.762674][ T3012] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2301.777862][T10833] syz.2.11195: attempt to access beyond end of device
[ 2301.777862][T10833] loop2: rw=0, sector=86768, nr_sectors = 8 limit=40427
[ 2301.887098][T29701] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2301.896210][ T3012] usb 4-1: Product: syz
[ 2301.900557][T29701] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2301.908670][ T3012] usb 4-1: Manufacturer: syz
[ 2301.913086][ T3012] usb 4-1: SerialNumber: syz
[ 2301.927076][T10833] syz.2.11195: attempt to access beyond end of device
[ 2301.927076][T10833] loop2: rw=0, sector=86776, nr_sectors = 8 limit=40427
[ 2301.940952][ T1439] syz-executor: attempt to access beyond end of device
[ 2301.940952][ T1439] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 2301.953750][T29701] usb 3-1: Product: syz
[ 2301.961643][ T3012] usb 4-1: config 0 descriptor??
[ 2301.967263][T29701] usb 3-1: Manufacturer: syz
[ 2301.987153][T10833] syz.2.11195: attempt to access beyond end of device
[ 2301.987153][T10833] loop2: rw=0, sector=86784, nr_sectors = 8 limit=40427
[ 2301.989446][T29701] usb 3-1: SerialNumber: syz
[ 2302.000709][T10833] syz.2.11195: attempt to access beyond end of device
[ 2302.000709][T10833] loop2: rw=0, sector=86792, nr_sectors = 8 limit=40427
[ 2302.018922][T10833] syz.2.11195: attempt to access beyond end of device
[ 2302.018922][T10833] loop2: rw=0, sector=86800, nr_sectors = 8 limit=40427
[ 2302.034336][T10833] syz.2.11195: attempt to access beyond end of device
[ 2302.034336][T10833] loop2: rw=0, sector=86808, nr_sectors = 8 limit=40427
[ 2302.072777][T10833] syz.2.11195: attempt to access beyond end of device
[ 2302.072777][T10833] loop2: rw=0, sector=86816, nr_sectors = 8 limit=40427
[ 2302.106822][T10833] syz.2.11195: attempt to access beyond end of device
[ 2302.106822][T10833] loop2: rw=0, sector=86824, nr_sectors = 8 limit=40427
[ 2302.188923][T12200] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11537'.
[ 2302.228580][T12172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11531'.
[ 2302.241507][T12172] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11531'.
[ 2302.272020][ T3012] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[ 2302.283676][ T3012] usb 4-1: USB disconnect, device number 108
[ 2302.290756][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2302.660594][T12214] FAULT_INJECTION: forcing a failure.
[ 2302.660594][T12214] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2302.673627][T12214] CPU: 0 PID: 12214 Comm: syz.0.11535 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2302.683270][T12214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2302.693155][T12214] Call Trace:
[ 2302.696278][T12214]  <TASK>
[ 2302.699060][T12214]  dump_stack_lvl+0x151/0x1b7
[ 2302.703582][T12214]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2302.708870][T12214]  dump_stack+0x15/0x1c
[ 2302.712856][T12214]  should_fail_ex+0x3d0/0x520
[ 2302.717374][T12214]  should_fail+0xb/0x10
[ 2302.721363][T12214]  should_fail_usercopy+0x1a/0x20
[ 2302.726312][T12214]  _copy_to_user+0x1e/0x90
[ 2302.730565][T12214]  bpf_obj_get_info_by_fd+0xe0b/0x3e60
[ 2302.735857][T12214]  ? kasan_set_track+0x4b/0x70
[ 2302.740458][T12214]  ? kasan_save_free_info+0x2b/0x40
[ 2302.745498][T12214]  ? _kstrtol+0x150/0x150
[ 2302.749660][T12214]  ? avc_has_perm_noaudit+0x348/0x430
[ 2302.754877][T12214]  ? memcpy+0x56/0x70
[ 2302.758687][T12214]  ? bpf_map_get_fd_by_id+0x350/0x350
[ 2302.763896][T12214]  ? avc_denied+0x1b0/0x1b0
[ 2302.768235][T12214]  ? selinux_capable+0x2f1/0x430
[ 2302.773100][T12214]  ? selinux_capset+0xf0/0xf0
[ 2302.777701][T12214]  ? vfs_write+0xbb3/0xeb0
[ 2302.781951][T12214]  ? __kasan_slab_free+0x11/0x20
[ 2302.786728][T12214]  ? cap_capable+0x1d2/0x270
[ 2302.791155][T12214]  ? selinux_bpf+0xd2/0x100
[ 2302.795500][T12214]  ? security_bpf+0x82/0xb0
[ 2302.799833][T12214]  __sys_bpf+0x479/0x7f0
[ 2302.803913][T12214]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 2302.809127][T12214]  ? __ia32_sys_read+0x90/0x90
[ 2302.813729][T12214]  ? debug_smp_processor_id+0x17/0x20
[ 2302.819012][T12214]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2302.824920][T12214]  __x64_sys_bpf+0x7c/0x90
[ 2302.829171][T12214]  x64_sys_call+0x87f/0x9a0
[ 2302.833508][T12214]  do_syscall_64+0x3b/0xb0
[ 2302.837767][T12214]  ? clear_bhb_loop+0x55/0xb0
[ 2302.842279][T12214]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2302.848003][T12214] RIP: 0033:0x7f038417cef9
[ 2302.852266][T12214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2302.871695][T12214] RSP: 002b:00007f0384f7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2302.879944][T12214] RAX: ffffffffffffffda RBX: 00007f0384336130 RCX: 00007f038417cef9
[ 2302.887757][T12214] RDX: 0000000000000010 RSI: 0000000020000380 RDI: 000000000000000f
[ 2302.895566][T12214] RBP: 00007f0384f7e090 R08: 0000000000000000 R09: 0000000000000000
[ 2302.903374][T12214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2302.911449][T12214] R13: 0000000000000000 R14: 00007f0384336130 R15: 00007ffd2e79cfd8
[ 2302.919268][T12214]  </TASK>
[ 2303.518411][T12216] loop1: detected capacity change from 0 to 40427
[ 2303.539277][T12216] F2FS-fs (loop1): Invalid segment count (0)
[ 2303.557373][T12216] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[ 2303.594264][T12216] F2FS-fs (loop1): invalid crc value
[ 2303.634534][T12216] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 2303.768789][T12216] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[ 2303.778621][T12216] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[ 2303.824480][T12228] loop3: detected capacity change from 0 to 40427
[ 2303.868499][T12228] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 2303.879660][T12228] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 2303.888857][T12228] F2FS-fs (loop3): invalid crc value
[ 2303.910069][T12228] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 2304.248705][T11676] usb 3-1: USB disconnect, device number 114
[ 2304.364495][T12228] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 2304.372472][T12228] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 2304.418594][T12246] netlink: 44 bytes leftover after parsing attributes in process `syz.2.11550'.
[ 2304.597567][T12255] FAULT_INJECTION: forcing a failure.
[ 2304.597567][T12255] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2304.610613][T12255] CPU: 1 PID: 12255 Comm: syz.3.11547 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2304.620266][T12255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2304.630185][T12255] Call Trace:
[ 2304.633283][T12255]  <TASK>
[ 2304.636061][T12255]  dump_stack_lvl+0x151/0x1b7
[ 2304.640589][T12255]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2304.645870][T12255]  ? __check_object_size+0x76/0x650
[ 2304.650899][T12255]  ? ___ratelimit+0xb2/0x5a0
[ 2304.655336][T12255]  dump_stack+0x15/0x1c
[ 2304.659340][T12255]  should_fail_ex+0x3d0/0x520
[ 2304.663837][T12255]  should_fail+0xb/0x10
[ 2304.667834][T12255]  should_fail_usercopy+0x1a/0x20
[ 2304.672687][T12255]  _copy_from_user+0x1e/0xc0
[ 2304.677206][T12255]  iovec_from_user+0xc7/0x320
[ 2304.681715][T12255]  __import_iovec+0x70/0x430
[ 2304.686309][T12255]  ? rcu_read_unlock_special+0xdb/0x4e0
[ 2304.691693][T12255]  import_iovec+0xe5/0x120
[ 2304.695950][T12255]  copy_msghdr_from_user+0x527/0x670
[ 2304.701071][T12255]  ? sendmsg_copy_msghdr+0x70/0x70
[ 2304.706022][T12255]  __sys_sendmsg+0x236/0x390
[ 2304.710442][T12255]  ? ____sys_sendmsg+0x9a0/0x9a0
[ 2304.715225][T12255]  ? __kasan_check_write+0x14/0x20
[ 2304.720250][T12255]  ? mutex_unlock+0xb2/0x260
[ 2304.724688][T12255]  ? __kasan_check_write+0x14/0x20
[ 2304.729629][T12255]  ? fpregs_restore_userregs+0x130/0x290
[ 2304.735094][T12255]  __x64_sys_sendmsg+0x7f/0x90
[ 2304.739692][T12255]  x64_sys_call+0x16a/0x9a0
[ 2304.744032][T12255]  do_syscall_64+0x3b/0xb0
[ 2304.748284][T12255]  ? clear_bhb_loop+0x55/0xb0
[ 2304.752802][T12255]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2304.758598][T12255] RIP: 0033:0x7f11a297cef9
[ 2304.762780][T12255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2304.782223][T12255] RSP: 002b:00007f11a27de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2304.790465][T12255] RAX: ffffffffffffffda RBX: 00007f11a2b36130 RCX: 00007f11a297cef9
[ 2304.798282][T12255] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000008
[ 2304.806086][T12255] RBP: 00007f11a27de090 R08: 0000000000000000 R09: 0000000000000000
[ 2304.813900][T12255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2304.821710][T12255] R13: 0000000000000000 R14: 00007f11a2b36130 R15: 00007ffeddd65ad8
[ 2304.829613][T12255]  </TASK>
[ 2304.848713][T12258] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11551'.
[ 2304.971902][T11676] usb 3-1: new full-speed USB device number 115 using dummy_hcd
[ 2305.246999][T11676] usb 3-1: device descriptor read/64, error -71
[ 2305.297041][T11963] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 2305.335178][T12234] loop4: detected capacity change from 0 to 131072
[ 2305.350964][T12234] F2FS-fs (loop4): Test dummy encryption mode enabled
[ 2305.359279][T12234] F2FS-fs (loop4): invalid crc value
[ 2305.365847][T12234] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 2305.377014][ T1847] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[ 2305.421845][T12234] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 2305.601656][T12282] FAULT_INJECTION: forcing a failure.
[ 2305.601656][T12282] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2305.614711][T12282] CPU: 1 PID: 12282 Comm: syz.4.11549 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2305.624365][T12282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2305.634276][T12282] Call Trace:
[ 2305.637387][T12282]  <TASK>
[ 2305.640164][T12282]  dump_stack_lvl+0x151/0x1b7
[ 2305.644680][T12282]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2305.649974][T12282]  dump_stack+0x15/0x1c
[ 2305.654046][T12282]  should_fail_ex+0x3d0/0x520
[ 2305.658567][T12282]  should_fail+0xb/0x10
[ 2305.662554][T12282]  should_fail_usercopy+0x1a/0x20
[ 2305.667414][T12282]  strncpy_from_user+0x24/0x2b0
[ 2305.672100][T12282]  ? getname_flags+0xba/0x520
[ 2305.676705][T12282]  getname_flags+0xf2/0x520
[ 2305.681044][T12282]  __se_sys_newfstatat+0xe2/0x7b0
[ 2305.685901][T12282]  ? __this_cpu_preempt_check+0x13/0x20
[ 2305.691282][T12282]  ? __x64_sys_newfstatat+0xb0/0xb0
[ 2305.696317][T12282]  ? _raw_spin_unlock+0x4c/0x70
[ 2305.701003][T12282]  ? finish_task_switch+0x167/0x7b0
[ 2305.706128][T12282]  ? __schedule+0xcbd/0x1560
[ 2305.710560][T12282]  ? fpregs_restore_userregs+0x130/0x290
[ 2305.716023][T12282]  __x64_sys_newfstatat+0x9b/0xb0
[ 2305.720879][T12282]  x64_sys_call+0x6e2/0x9a0
[ 2305.725220][T12282]  do_syscall_64+0x3b/0xb0
[ 2305.729471][T12282]  ? clear_bhb_loop+0x55/0xb0
[ 2305.733985][T12282]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2305.739717][T12282] RIP: 0033:0x7f469d57cef9
[ 2305.743967][T12282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2305.763408][T12282] RSP: 002b:00007f469e2ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[ 2305.771653][T12282] RAX: ffffffffffffffda RBX: 00007f469d736130 RCX: 00007f469d57cef9
[ 2305.779470][T12282] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c
[ 2305.787273][T12282] RBP: 00007f469e2ba090 R08: 0000000000000000 R09: 0000000000000000
[ 2305.795175][T12282] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001
[ 2305.802986][T12282] R13: 0000000000000001 R14: 00007f469d736130 R15: 00007ffff19bef08
[ 2305.810804][T12282]  </TASK>
[ 2305.937222][T11963] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2306.167052][T11963] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2306.186176][T11963] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2306.216461][T11963] usb 2-1: Product: syz
[ 2306.221634][T11963] usb 2-1: Manufacturer: syz
[ 2306.226049][T11963] usb 2-1: SerialNumber: syz
[ 2306.263439][T11963] usb 2-1: config 0 descriptor??
[ 2306.327022][T11676] usb 3-1: device descriptor read/64, error -71
[ 2306.427044][ T1847] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2306.518500][T12263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11555'.
[ 2306.541208][T12263] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11555'.
[ 2306.568787][T11963] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[ 2306.592088][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2306.597148][T11676] usb 3-1: new full-speed USB device number 116 using dummy_hcd
[ 2306.608680][T11963] usb 2-1: USB disconnect, device number 94
[ 2306.615331][ T1847] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2306.657078][ T1847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2306.664917][ T1847] usb 4-1: Product: syz
[ 2306.677062][ T1847] usb 4-1: Manufacturer: syz
[ 2306.681499][ T1847] usb 4-1: SerialNumber: syz
[ 2306.690618][ T1847] usb 4-1: config 0 descriptor??
[ 2306.716991][T10833] bio_check_eod: 54232 callbacks suppressed
[ 2306.717010][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.717010][T10833] loop2: rw=524288, sector=89040, nr_sectors = 8 limit=40427
[ 2306.757049][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.757049][T10833] loop2: rw=524288, sector=89048, nr_sectors = 8 limit=40427
[ 2306.791350][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.791350][T10833] loop2: rw=524288, sector=89056, nr_sectors = 8 limit=40427
[ 2306.815629][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.815629][T10833] loop2: rw=524288, sector=89064, nr_sectors = 8 limit=40427
[ 2306.847135][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.847135][T10833] loop2: rw=524288, sector=89072, nr_sectors = 8 limit=40427
[ 2306.871221][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.871221][T10833] loop2: rw=524288, sector=89080, nr_sectors = 8 limit=40427
[ 2306.903613][T12285] loop4: detected capacity change from 0 to 40427
[ 2306.910002][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.910002][T10833] loop2: rw=524288, sector=89088, nr_sectors = 8 limit=40427
[ 2306.917249][T11676] usb 3-1: device descriptor read/64, error -71
[ 2306.924678][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.924678][T10833] loop2: rw=524288, sector=89096, nr_sectors = 8 limit=40427
[ 2306.938596][T12272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11558'.
[ 2306.943743][T12285] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 2306.967430][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.967430][T10833] loop2: rw=524288, sector=89104, nr_sectors = 8 limit=40427
[ 2306.972218][T12272] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11558'.
[ 2306.981339][T12285] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 2306.998277][T10833] syz.2.11195: attempt to access beyond end of device
[ 2306.998277][T10833] loop2: rw=524288, sector=89112, nr_sectors = 8 limit=40427
[ 2307.013077][T12285] F2FS-fs (loop4): invalid crc value
[ 2307.028936][ T1847] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[ 2307.036730][ T1847] usb 4-1: USB disconnect, device number 109
[ 2307.046420][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2307.073174][T12285] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 2307.235222][T12285] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 2307.247006][T12285] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 2308.183730][T12301] loop4: detected capacity change from 0 to 128
[ 2308.193431][T12301] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 2308.206660][T12303] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11565'.
[ 2308.321788][T12301] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 2308.333782][T12301] ext4 filesystem being mounted at /142/mnt supports timestamps until 2038 (0x7fffffff)
[ 2308.488349][T12315] FAULT_INJECTION: forcing a failure.
[ 2308.488349][T12315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2308.520795][T12315] CPU: 0 PID: 12315 Comm: syz.2.11567 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2308.530530][T12315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2308.540425][T12315] Call Trace:
[ 2308.543553][T12315]  <TASK>
[ 2308.546323][T12315]  dump_stack_lvl+0x151/0x1b7
[ 2308.550841][T12315]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2308.556222][T12315]  dump_stack+0x15/0x1c
[ 2308.560215][T12315]  should_fail_ex+0x3d0/0x520
[ 2308.564730][T12315]  should_fail+0xb/0x10
[ 2308.568730][T12315]  should_fail_usercopy+0x1a/0x20
[ 2308.573577][T12315]  _copy_from_user+0x1e/0xc0
[ 2308.578009][T12315]  memdup_user+0x63/0xc0
[ 2308.582085][T12315]  strndup_user+0x68/0xc0
[ 2308.586249][T12315]  __se_sys_mount+0x9b/0x3b0
[ 2308.590679][T12315]  ? __x64_sys_mount+0xd0/0xd0
[ 2308.595275][T12315]  ? debug_smp_processor_id+0x17/0x20
[ 2308.600484][T12315]  __x64_sys_mount+0xbf/0xd0
[ 2308.604909][T12315]  x64_sys_call+0x49d/0x9a0
[ 2308.609249][T12315]  do_syscall_64+0x3b/0xb0
[ 2308.613503][T12315]  ? clear_bhb_loop+0x55/0xb0
[ 2308.618017][T12315]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2308.623750][T12315] RIP: 0033:0x7f2ad377cef9
[ 2308.628005][T12315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2308.647442][T12315] RSP: 002b:00007f2ad44a3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2308.655682][T12315] RAX: ffffffffffffffda RBX: 00007f2ad3935f80 RCX: 00007f2ad377cef9
[ 2308.663581][T12315] RDX: 0000000020000b80 RSI: 00000000200010c0 RDI: 0000000000000000
[ 2308.671388][T12315] RBP: 00007f2ad44a3090 R08: 0000000020001000 R09: 0000000000000000
[ 2308.679547][T12315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2308.687368][T12315] R13: 0000000000000000 R14: 00007f2ad3935f80 R15: 00007ffd64575978
[ 2308.695183][T12315]  </TASK>
[ 2308.799436][T12323] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11570'.
[ 2309.104834][ T9754] EXT4-fs (loop4): unmounting filesystem.
[ 2309.133907][T12333] loop4: detected capacity change from 0 to 1024
[ 2309.154786][T12333] EXT4-fs: Ignoring removed orlov option
[ 2309.163183][T12333] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 2309.172585][T12333] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 2309.207116][T11676] usb usb3-port1: attempt power cycle
[ 2309.327115][ T3012] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[ 2309.767116][ T3012] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2309.795647][ T3012] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11
[ 2309.819297][ T3012] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024
[ 2309.847064][ T3012] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2309.866480][ T3012] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2309.917070][T12331] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 2309.957215][T11676] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[ 2310.006881][ T9754] EXT4-fs (loop4): unmounting filesystem.
[ 2310.041559][T12347] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11577'.
[ 2310.187149][T11676] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 2310.201795][T11676] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 240, changing to 11
[ 2310.241549][T11676] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 33535, setting to 1024
[ 2310.252865][T11676] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2310.266787][T11676] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2310.284568][T11676] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2310.338063][T11676] usb 3-1: invalid MIDI in EP 0
[ 2310.796601][T11676] snd-usb-audio: probe of 3-1:27.0 failed with error -22
[ 2310.813156][T11676] usb 3-1: USB disconnect, device number 117
[ 2311.148652][T12363] FAULT_INJECTION: forcing a failure.
[ 2311.148652][T12363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2311.161712][T12363] CPU: 0 PID: 12363 Comm: syz.4.11581 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2311.171426][T12363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2311.181406][T12363] Call Trace:
[ 2311.184551][T12363]  <TASK>
[ 2311.187307][T12363]  dump_stack_lvl+0x151/0x1b7
[ 2311.191820][T12363]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2311.197116][T12363]  ? _parse_integer+0x2a/0x40
[ 2311.201630][T12363]  dump_stack+0x15/0x1c
[ 2311.205622][T12363]  should_fail_ex+0x3d0/0x520
[ 2311.210135][T12363]  should_fail+0xb/0x10
[ 2311.214129][T12363]  should_fail_usercopy+0x1a/0x20
[ 2311.218990][T12363]  _copy_from_user+0x1e/0xc0
[ 2311.223417][T12363]  iovec_from_user+0xc7/0x320
[ 2311.227927][T12363]  ? kasan_set_track+0x4b/0x70
[ 2311.232524][T12363]  ? kasan_save_free_info+0x2b/0x40
[ 2311.237564][T12363]  __import_iovec+0x70/0x430
[ 2311.241992][T12363]  import_iovec+0xe5/0x120
[ 2311.246242][T12363]  copy_msghdr_from_user+0x527/0x670
[ 2311.251363][T12363]  ? sendmsg_copy_msghdr+0x70/0x70
[ 2311.256315][T12363]  __sys_sendmsg+0x236/0x390
[ 2311.260740][T12363]  ? ____sys_sendmsg+0x9a0/0x9a0
[ 2311.265511][T12363]  ? __kasan_check_write+0x14/0x20
[ 2311.270455][T12363]  ? mutex_unlock+0xb2/0x260
[ 2311.274888][T12363]  ? __kasan_check_write+0x14/0x20
[ 2311.279834][T12363]  ? __ia32_sys_read+0x90/0x90
[ 2311.284439][T12363]  ? debug_smp_processor_id+0x17/0x20
[ 2311.289637][T12363]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2311.295547][T12363]  __x64_sys_sendmsg+0x7f/0x90
[ 2311.300142][T12363]  x64_sys_call+0x16a/0x9a0
[ 2311.304478][T12363]  do_syscall_64+0x3b/0xb0
[ 2311.308732][T12363]  ? clear_bhb_loop+0x55/0xb0
[ 2311.313247][T12363]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2311.318973][T12363] RIP: 0033:0x7f469d57cef9
[ 2311.323228][T12363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2311.342671][T12363] RSP: 002b:00007f469e2fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2311.350913][T12363] RAX: ffffffffffffffda RBX: 00007f469d735f80 RCX: 00007f469d57cef9
[ 2311.358723][T12363] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
[ 2311.366536][T12363] RBP: 00007f469e2fc090 R08: 0000000000000000 R09: 0000000000000000
[ 2311.374346][T12363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2311.382164][T12363] R13: 0000000000000000 R14: 00007f469d735f80 R15: 00007ffff19bef08
[ 2311.389977][T12363]  </TASK>
[ 2311.457005][T29409] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 2311.726993][T10833] bio_check_eod: 69226 callbacks suppressed
[ 2311.727013][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.727013][T10833] loop2: rw=524288, sector=88528, nr_sectors = 8 limit=40427
[ 2311.747237][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.747237][T10833] loop2: rw=524288, sector=88536, nr_sectors = 8 limit=40427
[ 2311.781147][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.781147][T10833] loop2: rw=524288, sector=88544, nr_sectors = 8 limit=40427
[ 2311.795462][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.795462][T10833] loop2: rw=524288, sector=88552, nr_sectors = 8 limit=40427
[ 2311.809766][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.809766][T10833] loop2: rw=524288, sector=88560, nr_sectors = 8 limit=40427
[ 2311.823833][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.823833][T10833] loop2: rw=524288, sector=88568, nr_sectors = 8 limit=40427
[ 2311.838044][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.838044][T10833] loop2: rw=524288, sector=88576, nr_sectors = 8 limit=40427
[ 2311.852083][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.852083][T10833] loop2: rw=524288, sector=88584, nr_sectors = 8 limit=40427
[ 2311.865950][T29409] usb 2-1: config index 0 descriptor too short (expected 61732, got 36)
[ 2311.867351][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.867351][T10833] loop2: rw=524288, sector=88592, nr_sectors = 8 limit=40427
[ 2311.874448][T29409] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2311.888044][T10833] syz.2.11195: attempt to access beyond end of device
[ 2311.888044][T10833] loop2: rw=524288, sector=88600, nr_sectors = 8 limit=40427
[ 2312.860839][T29409] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2312.885937][T29409] usb 2-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00
[ 2312.895568][T12379] FAULT_INJECTION: forcing a failure.
[ 2312.895568][T12379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2312.943706][ T3012] usb 4-1: USB disconnect, device number 110
[ 2312.952096][T12379] CPU: 1 PID: 12379 Comm: syz.4.11586 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2312.961825][T12379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2312.971721][T12379] Call Trace:
[ 2312.974842][T12379]  <TASK>
[ 2312.977623][T12379]  dump_stack_lvl+0x151/0x1b7
[ 2312.982131][T12379]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2312.987430][T12379]  dump_stack+0x15/0x1c
[ 2312.991419][T12379]  should_fail_ex+0x3d0/0x520
[ 2312.995933][T12379]  should_fail+0xb/0x10
[ 2312.999926][T12379]  should_fail_usercopy+0x1a/0x20
[ 2313.004785][T12379]  _copy_to_user+0x1e/0x90
[ 2313.009037][T12379]  simple_read_from_buffer+0xc7/0x150
[ 2313.014247][T12379]  proc_fail_nth_read+0x1a3/0x210
[ 2313.019107][T12379]  ? proc_fault_inject_write+0x390/0x390
[ 2313.024573][T12379]  ? fsnotify_perm+0x470/0x5d0
[ 2313.029181][T12379]  ? security_file_permission+0x86/0xb0
[ 2313.034556][T12379]  ? proc_fault_inject_write+0x390/0x390
[ 2313.040025][T12379]  vfs_read+0x26c/0xad0
[ 2313.042047][T29409] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2313.044016][T12379]  ? kernel_read+0x1f0/0x1f0
[ 2313.056253][T12379]  ? mutex_lock+0xb1/0x1e0
[ 2313.060507][T12379]  ? bit_wait_io_timeout+0x120/0x120
[ 2313.065630][T12379]  ? __fdget_pos+0x2e2/0x390
[ 2313.070053][T12379]  ? ksys_read+0x77/0x2c0
[ 2313.074222][T12379]  ksys_read+0x199/0x2c0
[ 2313.078301][T12379]  ? vfs_write+0xeb0/0xeb0
[ 2313.082551][T12379]  ? debug_smp_processor_id+0x17/0x20
[ 2313.087764][T12379]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2313.090084][T29409] usb 2-1: config 0 descriptor??
[ 2313.093703][T12379]  __x64_sys_read+0x7b/0x90
[ 2313.102790][T12379]  x64_sys_call+0x28/0x9a0
[ 2313.107029][T12379]  do_syscall_64+0x3b/0xb0
[ 2313.111281][T12379]  ? clear_bhb_loop+0x55/0xb0
[ 2313.115812][T12379]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2313.121522][T12379] RIP: 0033:0x7f469d57b93c
[ 2313.125777][T12379] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 2313.145217][T12379] RSP: 002b:00007f469e2fc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2313.153465][T12379] RAX: ffffffffffffffda RBX: 00007f469d735f80 RCX: 00007f469d57b93c
[ 2313.161275][T12379] RDX: 000000000000000f RSI: 00007f469e2fc0a0 RDI: 0000000000000004
[ 2313.169084][T12379] RBP: 00007f469e2fc090 R08: 0000000000000000 R09: 0000000000000000
[ 2313.176897][T12379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2313.184706][T12379] R13: 0000000000000000 R14: 00007f469d735f80 R15: 00007ffff19bef08
[ 2313.192527][T12379]  </TASK>
[ 2313.317812][T12391] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11588'.
[ 2313.600162][T29409] microsoft 0003:045E:009D.005A: unbalanced delimiter at end of report description
[ 2313.609964][T29409] microsoft 0003:045E:009D.005A: parse failed
[ 2313.615916][T29409] microsoft: probe of 0003:045E:009D.005A failed with error -22
[ 2313.948164][T12406] loop3: detected capacity change from 0 to 1024
[ 2313.954615][T12406] EXT4-fs: quotafile must be on filesystem root
[ 2314.620650][T12414] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2314.627890][T12414] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2314.635317][T12414] device bridge_slave_0 entered promiscuous mode
[ 2314.642647][T12414] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2314.650169][T12414] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2314.657810][T12414] device bridge_slave_1 entered promiscuous mode
[ 2314.665931][T11877] device bridge_slave_1 left promiscuous mode
[ 2314.672317][T11877] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2314.679939][T11877] device bridge_slave_0 left promiscuous mode
[ 2314.686063][T11877] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2314.694736][T11877] device dummy0 left promiscuous mode
[ 2314.700098][T11877] device veth1_macvtap left promiscuous mode
[ 2314.706031][T11877] device veth0_vlan left promiscuous mode
[ 2315.073660][T12414] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2315.080652][T12414] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2315.087759][T12414] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2315.094704][T12414] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2315.155096][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2315.164012][T11676] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2315.171489][T11676] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2315.190155][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2315.198477][ T1847] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2315.205363][ T1847] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2315.213162][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2315.225670][ T1847] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2315.232553][ T1847] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2315.257779][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 2315.267899][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 2315.567088][ T8749] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 2315.567126][ T8747] Bluetooth: hci0: command 0x1003 tx timeout
[ 2315.585858][T12414] device veth0_vlan entered promiscuous mode
[ 2315.592349][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 2315.601019][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 2315.609468][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 2315.617268][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 2315.632631][T12414] device veth1_macvtap entered promiscuous mode
[ 2315.640262][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 2315.647798][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 2315.656740][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 2315.665175][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 2315.674995][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 2315.691876][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 2315.700402][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 2315.717151][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 2315.740242][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 2315.772421][T12427] FAULT_INJECTION: forcing a failure.
[ 2315.772421][T12427] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2315.788250][T12427] CPU: 0 PID: 12427 Comm: syz.3.11599 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2315.797970][T12427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2315.807864][T12427] Call Trace:
[ 2315.810988][T12427]  <TASK>
[ 2315.813768][T12427]  dump_stack_lvl+0x151/0x1b7
[ 2315.818279][T12427]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2315.823580][T12427]  ? _parse_integer+0x2a/0x40
[ 2315.828089][T12427]  dump_stack+0x15/0x1c
[ 2315.832079][T12427]  should_fail_ex+0x3d0/0x520
[ 2315.836591][T12427]  should_fail+0xb/0x10
[ 2315.840584][T12427]  should_fail_usercopy+0x1a/0x20
[ 2315.845443][T12427]  _copy_from_user+0x1e/0xc0
[ 2315.849873][T12427]  iovec_from_user+0xc7/0x320
[ 2315.854384][T12427]  ? kasan_set_track+0x4b/0x70
[ 2315.858986][T12427]  ? kasan_save_free_info+0x2b/0x40
[ 2315.864018][T12427]  __import_iovec+0x70/0x430
[ 2315.868449][T12427]  import_iovec+0xe5/0x120
[ 2315.872699][T12427]  copy_msghdr_from_user+0x527/0x670
[ 2315.877820][T12427]  ? sendmsg_copy_msghdr+0x70/0x70
[ 2315.882771][T12427]  __sys_sendmsg+0x236/0x390
[ 2315.887197][T12427]  ? ____sys_sendmsg+0x9a0/0x9a0
[ 2315.891969][T12427]  ? __kasan_check_write+0x14/0x20
[ 2315.896915][T12427]  ? mutex_unlock+0xb2/0x260
[ 2315.901344][T12427]  ? __kasan_check_write+0x14/0x20
[ 2315.906289][T12427]  ? __ia32_sys_read+0x90/0x90
[ 2315.910978][T12427]  ? debug_smp_processor_id+0x17/0x20
[ 2315.916180][T12427]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2315.922086][T12427]  __x64_sys_sendmsg+0x7f/0x90
[ 2315.926688][T12427]  x64_sys_call+0x16a/0x9a0
[ 2315.931031][T12427]  do_syscall_64+0x3b/0xb0
[ 2315.935275][T12427]  ? clear_bhb_loop+0x55/0xb0
[ 2315.939792][T12427]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2315.945519][T12427] RIP: 0033:0x7f9ccf17cef9
[ 2315.949772][T12427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2315.969225][T12427] RSP: 002b:00007f9ccfee6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2315.977454][T12427] RAX: ffffffffffffffda RBX: 00007f9ccf335f80 RCX: 00007f9ccf17cef9
[ 2315.985266][T12427] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003
[ 2315.993078][T12427] RBP: 00007f9ccfee6090 R08: 0000000000000000 R09: 0000000000000000
[ 2316.000899][T12427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2316.008701][T12427] R13: 0000000000000000 R14: 00007f9ccf335f80 R15: 00007ffff29c7a78
[ 2316.016519][T12427]  </TASK>
[ 2316.737183][T10833] bio_check_eod: 90538 callbacks suppressed
[ 2316.737228][T10833] syz.2.11195: attempt to access beyond end of device
[ 2316.737228][T10833] loop2: rw=0, sector=88232, nr_sectors = 8 limit=40427
[ 2316.873095][ T3012] usb 2-1: USB disconnect, device number 95
[ 2317.009629][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.009629][T10833] loop2: rw=0, sector=88240, nr_sectors = 8 limit=40427
[ 2317.023381][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.023381][T10833] loop2: rw=0, sector=88248, nr_sectors = 8 limit=40427
[ 2317.048123][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.048123][T10833] loop2: rw=0, sector=88256, nr_sectors = 8 limit=40427
[ 2317.066645][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.066645][T10833] loop2: rw=0, sector=88264, nr_sectors = 8 limit=40427
[ 2317.083808][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.083808][T10833] loop2: rw=0, sector=88272, nr_sectors = 8 limit=40427
[ 2317.098912][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.098912][T10833] loop2: rw=0, sector=88280, nr_sectors = 8 limit=40427
[ 2317.148444][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.148444][T10833] loop2: rw=0, sector=88288, nr_sectors = 8 limit=40427
[ 2317.209342][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.209342][T10833] loop2: rw=0, sector=88296, nr_sectors = 8 limit=40427
[ 2317.253394][T10833] syz.2.11195: attempt to access beyond end of device
[ 2317.253394][T10833] loop2: rw=0, sector=88304, nr_sectors = 8 limit=40427
[ 2318.130309][T12465] loop3: detected capacity change from 0 to 40427
[ 2318.155239][T12465] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 2318.163104][T12465] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 2318.561132][T12465] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 2318.617217][T12465] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 2318.624284][T12465] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 2318.661102][   T28] audit: type=1400 audit(1725779832.812:624): avc:  denied  { create } for  pid=12464 comm="syz.3.11609" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[ 2318.935628][T12484] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11613'.
[ 2318.986499][   T28] audit: type=1400 audit(1725779833.132:625): avc:  denied  { read } for  pid=12464 comm="syz.3.11609" name="file0" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[ 2319.014358][   T28] audit: type=1400 audit(1725779833.162:626): avc:  denied  { rename } for  pid=12464 comm="syz.3.11609" name="file0" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[ 2319.069942][T12487] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11615'.
[ 2319.152359][T12491] netlink: 40 bytes leftover after parsing attributes in process `syz.3.11614'.
[ 2319.488649][ T1847] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[ 2319.676397][T12499] FAULT_INJECTION: forcing a failure.
[ 2319.676397][T12499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2319.689326][T12499] CPU: 1 PID: 12499 Comm: syz.4.11617 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2319.699076][T12499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2319.708983][T12499] Call Trace:
[ 2319.712095][T12499]  <TASK>
[ 2319.714876][T12499]  dump_stack_lvl+0x151/0x1b7
[ 2319.719389][T12499]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2319.724684][T12499]  dump_stack+0x15/0x1c
[ 2319.728763][T12499]  should_fail_ex+0x3d0/0x520
[ 2319.733276][T12499]  should_fail+0xb/0x10
[ 2319.737266][T12499]  should_fail_usercopy+0x1a/0x20
[ 2319.742126][T12499]  _copy_from_user+0x1e/0xc0
[ 2319.746553][T12499]  iovec_from_user+0xc7/0x320
[ 2319.751071][T12499]  __import_iovec+0x70/0x430
[ 2319.755496][T12499]  ? exc_page_fault+0x4e5/0x6d0
[ 2319.760183][T12499]  import_iovec+0xe5/0x120
[ 2319.764433][T12499]  copy_msghdr_from_user+0x527/0x670
[ 2319.769553][T12499]  ? sendmsg_copy_msghdr+0x70/0x70
[ 2319.774508][T12499]  __sys_sendmsg+0x236/0x390
[ 2319.778929][T12499]  ? ____sys_sendmsg+0x9a0/0x9a0
[ 2319.783718][T12499]  ? fpregs_restore_userregs+0x130/0x290
[ 2319.789172][T12499]  __x64_sys_sendmsg+0x7f/0x90
[ 2319.793772][T12499]  x64_sys_call+0x16a/0x9a0
[ 2319.798114][T12499]  do_syscall_64+0x3b/0xb0
[ 2319.802357][T12499]  ? clear_bhb_loop+0x55/0xb0
[ 2319.806873][T12499]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2319.812603][T12499] RIP: 0033:0x7f469d57cef9
[ 2319.817135][T12499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2319.836562][T12499] RSP: 002b:00007f469e2ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2319.844809][T12499] RAX: ffffffffffffffda RBX: 00007f469d736130 RCX: 00007f469d57cef9
[ 2319.852620][T12499] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000009
[ 2319.860430][T12499] RBP: 00007f469e2ba090 R08: 0000000000000000 R09: 0000000000000000
[ 2319.868242][T12499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2319.876057][T12499] R13: 0000000000000000 R14: 00007f469d736130 R15: 00007ffff19bef08
[ 2319.883870][T12499]  </TASK>
[ 2320.127061][ T1847] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2320.297320][ T1847] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2320.306345][ T1847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2320.597095][ T1847] usb 4-1: Product: syz
[ 2320.616051][ T1847] usb 4-1: Manufacturer: syz
[ 2320.620705][ T1847] usb 4-1: SerialNumber: syz
[ 2320.623166][T12069] Bluetooth: hci0: command 0x1003 tx timeout
[ 2320.627245][ T8749] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 2320.679041][ T1847] usb 4-1: config 0 descriptor??
[ 2320.747519][T12518] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11625'.
[ 2321.121833][T12495] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11616'.
[ 2321.147260][T12495] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11616'.
[ 2321.166140][T12526] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11628'.
[ 2321.178909][ T1847] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[ 2321.200212][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2321.217291][ T1847] usb 4-1: USB disconnect, device number 111
[ 2321.395905][T12530] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2321.411244][T12530] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2321.425995][T12530] device bridge_slave_0 entered promiscuous mode
[ 2321.443737][T12530] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2321.451048][T12530] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2321.458649][T12530] device bridge_slave_1 entered promiscuous mode
[ 2321.507295][ T4431] tipc: Left network mode
[ 2321.554469][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.562702][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.570454][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.577786][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.585020][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.592347][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.599715][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.607024][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.614531][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.621870][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.629324][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.635234][T12530] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2321.636585][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.643399][T12530] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2321.643497][T12530] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2321.664471][T12530] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2321.666996][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.680962][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.688355][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.695549][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.702966][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.727055][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.734288][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.747021][T10833] bio_check_eod: 90785 callbacks suppressed
[ 2321.747038][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.747038][T10833] loop2: rw=524288, sector=89912, nr_sectors = 8 limit=40427
[ 2321.747708][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.753019][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.753019][T10833] loop2: rw=524288, sector=89920, nr_sectors = 8 limit=40427
[ 2321.774527][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.788509][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.788509][T10833] loop2: rw=524288, sector=89928, nr_sectors = 8 limit=40427
[ 2321.799958][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.808805][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.808805][T10833] loop2: rw=524288, sector=89936, nr_sectors = 8 limit=40427
[ 2321.829875][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.837310][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.844616][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.851211][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.851211][T10833] loop2: rw=524288, sector=89944, nr_sectors = 8 limit=40427
[ 2321.853773][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.871839][T12530] device veth0_vlan entered promiscuous mode
[ 2321.878743][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.880208][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.880208][T10833] loop2: rw=524288, sector=89952, nr_sectors = 8 limit=40427
[ 2321.886115][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.900830][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.900830][T10833] loop2: rw=524288, sector=89960, nr_sectors = 8 limit=40427
[ 2321.908150][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.921021][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.921021][T10833] loop2: rw=524288, sector=89968, nr_sectors = 8 limit=40427
[ 2321.929480][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.942499][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.942499][T10833] loop2: rw=0, sector=86016, nr_sectors = 8 limit=40427
[ 2321.949395][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.970407][T10833] syz.2.11195: attempt to access beyond end of device
[ 2321.970407][T10833] loop2: rw=0, sector=86024, nr_sectors = 8 limit=40427
[ 2321.971090][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0
[ 2321.993131][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2322.000552][T29409] hid-generic 0000:0000:0000.005B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[ 2322.010400][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2322.018908][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2322.028583][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 2322.036473][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 2322.044788][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 2322.053353][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 2322.061476][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 2322.068836][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 2322.076333][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 2322.085118][T12530] device veth1_macvtap entered promiscuous mode
[ 2322.101815][T12538] loop3: detected capacity change from 0 to 16
[ 2322.112156][T12538] erofs: (device loop3): mounted with root inode @ nid 36.
[ 2322.128538][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 2322.195714][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 2322.216717][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 2322.225623][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 2322.305239][T12544] input: syz0 as /devices/virtual/input/input30
[ 2322.778006][ T4431] device bridge_slave_1 left promiscuous mode
[ 2322.785047][ T4431] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2322.802695][ T4431] device bridge_slave_0 left promiscuous mode
[ 2322.821027][ T4431] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2322.835265][T12558] loop1: detected capacity change from 0 to 2048
[ 2322.848056][ T4431] device veth1_macvtap left promiscuous mode
[ 2322.861074][ T4431] device veth0_vlan left promiscuous mode
[ 2322.867586][T12558] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz.1.11635: casefold flag without casefold feature
[ 2322.906632][T12558] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[ 2322.995917][T12548] loop4: detected capacity change from 0 to 40427
[ 2323.003391][T12563] loop3: detected capacity change from 0 to 16
[ 2323.010257][T12558] EXT4-fs (loop1): Errors on filesystem, clearing orphan list.
[ 2323.026205][T12548] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 2323.032409][T12558] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 2323.034192][T12563] erofs: (device loop3): mounted with root inode @ nid 36.
[ 2323.049822][T12548] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 2323.085286][T12548] F2FS-fs (loop4): invalid crc value
[ 2323.128161][T12548] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[ 2323.262052][T12548] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 2323.273449][T12548] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 2323.699767][T12570] input: syz0 as /devices/virtual/input/input31
[ 2324.141516][T12577] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11637'.
[ 2324.417037][ T3012] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[ 2324.649898][T12584] loop4: detected capacity change from 0 to 40427
[ 2324.667146][ T3012] usb 3-1: Using ep0 maxpacket: 8
[ 2324.675692][T12584] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 2324.695570][T12584] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 2324.744960][T12584] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 2324.817058][ T3012] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2324.817183][T12584] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 2324.844926][T12584] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 2324.847221][ T3012] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2324.902471][ T3012] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[ 2324.937085][ T3012] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2324.969624][ T3012] usb 3-1: config 0 descriptor??
[ 2325.428930][ T3012] hid-picolcd 0003:04D8:F002.005C: item fetching failed at offset 5/7
[ 2325.447158][ T3012] hid-picolcd 0003:04D8:F002.005C: device report parse failed
[ 2325.466988][ T3012] hid-picolcd: probe of 0003:04D8:F002.005C failed with error -22
[ 2325.629472][  T552] usb 3-1: USB disconnect, device number 118
[ 2325.698636][T12530] EXT4-fs (loop1): unmounting filesystem.
[ 2325.797110][T12586] loop3: detected capacity change from 0 to 131072
[ 2325.808744][T12586] F2FS-fs (loop3): Test dummy encryption mode enabled
[ 2325.817555][ T4431] device bridge_slave_1 left promiscuous mode
[ 2325.824416][ T4431] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2325.831924][T12586] F2FS-fs (loop3): invalid crc value
[ 2325.847686][ T4431] device bridge_slave_0 left promiscuous mode
[ 2325.859225][ T4431] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2325.866563][T12586] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 2325.897881][ T4431] device veth1_macvtap left promiscuous mode
[ 2325.903758][ T4431] device veth0_vlan left promiscuous mode
[ 2325.924475][T12586] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 2326.139163][T12607] 9pnet_fd: Insufficient options for proto=fd
[ 2326.280593][T12599] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2326.296975][T12599] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2326.314591][T12599] device bridge_slave_0 entered promiscuous mode
[ 2326.325097][T12599] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2326.344366][T12599] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2326.354965][T12599] device bridge_slave_1 entered promiscuous mode
[ 2326.514396][T12599] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2326.521309][T12599] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2326.528399][T12599] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2326.535156][T12599] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2326.546989][ T3012] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[ 2326.616395][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2326.625674][  T317] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2326.645996][  T317] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2326.676141][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2326.680507][  T552] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 2326.685241][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2326.707212][T29701] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2326.714079][T29701] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2326.747076][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2326.755277][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2326.757148][T10833] bio_check_eod: 66454 callbacks suppressed
[ 2326.757166][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.757166][T10833] loop2: rw=0, sector=86968, nr_sectors = 8 limit=40427
[ 2326.770529][T29701] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2326.782537][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.782537][T10833] loop2: rw=0, sector=86976, nr_sectors = 8 limit=40427
[ 2326.789125][T29701] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2326.805664][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 2326.809789][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.809789][T10833] loop2: rw=0, sector=86984, nr_sectors = 8 limit=40427
[ 2326.830690][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.830690][T10833] loop2: rw=0, sector=86992, nr_sectors = 8 limit=40427
[ 2326.844940][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 2326.845128][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.845128][T10833] loop2: rw=0, sector=87000, nr_sectors = 8 limit=40427
[ 2326.866100][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.866100][T10833] loop2: rw=0, sector=87008, nr_sectors = 8 limit=40427
[ 2326.867427][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 2326.879666][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.879666][T10833] loop2: rw=0, sector=87016, nr_sectors = 8 limit=40427
[ 2326.900680][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.900680][T10833] loop2: rw=0, sector=87024, nr_sectors = 8 limit=40427
[ 2326.907660][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 2326.914969][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.914969][T10833] loop2: rw=0, sector=87032, nr_sectors = 8 limit=40427
[ 2326.935763][T10833] syz.2.11195: attempt to access beyond end of device
[ 2326.935763][T10833] loop2: rw=0, sector=87040, nr_sectors = 8 limit=40427
[ 2326.947840][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 2326.957513][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 2326.978118][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 2326.986079][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 2326.997132][ T3012] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2327.007488][T12599] device veth0_vlan entered promiscuous mode
[ 2327.016147][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 2327.026313][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 2327.050993][T12599] device veth1_macvtap entered promiscuous mode
[ 2327.057158][  T552] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2327.077745][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 2327.085755][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 2327.107378][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 2327.128959][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 2327.140186][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 2327.175927][T12617] loop3: detected capacity change from 0 to 128
[ 2327.177387][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 2327.187518][T12617] EXT4-fs: Ignoring removed i_version option
[ 2327.191694][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 2327.203950][T12617] EXT4-fs: Ignoring removed orlov option
[ 2327.210146][T12617] ext2: Unknown parameter 'func'
[ 2327.217090][ T3012] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2327.226223][ T3012] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2327.227918][  T552] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2327.245445][ T3012] usb 3-1: Product: syz
[ 2327.256837][ T3012] usb 3-1: Manufacturer: syz
[ 2327.261684][   T28] audit: type=1400 audit(1725779841.412:627): avc:  denied  { mount } for  pid=12616 comm="syz.3.11649" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 2327.264809][  T552] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2327.284163][ T3012] usb 3-1: SerialNumber: syz
[ 2327.296535][   T28] audit: type=1400 audit(1725779841.412:628): avc:  denied  { remount } for  pid=12616 comm="syz.3.11649" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 2327.301849][  T552] usb 2-1: Product: syz
[ 2327.317569][ T3012] usb 3-1: config 0 descriptor??
[ 2327.331009][  T552] usb 2-1: Manufacturer: syz
[ 2327.336282][   T28] audit: type=1400 audit(1725779841.482:629): avc:  denied  { unmount } for  pid=12414 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 2327.363858][T12623] netlink: 40 bytes leftover after parsing attributes in process `syz.3.11651'.
[ 2327.372842][  T552] usb 2-1: SerialNumber: syz
[ 2327.382362][  T552] usb 2-1: config 0 descriptor??
[ 2327.485805][T12629] loop3: detected capacity change from 0 to 16
[ 2327.506068][T12629] erofs: (device loop3): z_erofs_load_lz4_config: too large lz4 pclusterblks 16832
[ 2327.622974][T12612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11648'.
[ 2327.842553][T12603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11647'.
[ 2327.851753][T12633] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11648'.
[ 2327.864844][T12635] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11647'.
[ 2327.899582][ T3012] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[ 2327.912820][ T3012] usb 3-1: USB disconnect, device number 119
[ 2327.920717][  T552] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[ 2327.930053][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2327.950318][  T552] usb 2-1: USB disconnect, device number 96
[ 2327.960022][T12640] FAULT_INJECTION: forcing a failure.
[ 2327.960022][T12640] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2327.969992][ T8166] udevd[8166]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2327.973175][T12640] CPU: 0 PID: 12640 Comm: syz.3.11655 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2327.998123][T12640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2328.008109][T12640] Call Trace:
[ 2328.011231][T12640]  <TASK>
[ 2328.014004][T12640]  dump_stack_lvl+0x151/0x1b7
[ 2328.018614][T12640]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2328.023915][T12640]  ? _parse_integer+0x2a/0x40
[ 2328.028420][T12640]  dump_stack+0x15/0x1c
[ 2328.032407][T12640]  should_fail_ex+0x3d0/0x520
[ 2328.036934][T12640]  should_fail+0xb/0x10
[ 2328.040915][T12640]  should_fail_usercopy+0x1a/0x20
[ 2328.045774][T12640]  _copy_from_user+0x1e/0xc0
[ 2328.050287][T12640]  iovec_from_user+0xc7/0x320
[ 2328.054971][T12640]  ? kasan_set_track+0x4b/0x70
[ 2328.059573][T12640]  ? kasan_save_free_info+0x2b/0x40
[ 2328.064608][T12640]  __import_iovec+0x70/0x430
[ 2328.069039][T12640]  import_iovec+0xe5/0x120
[ 2328.073295][T12640]  copy_msghdr_from_user+0x527/0x670
[ 2328.078412][T12640]  ? sendmsg_copy_msghdr+0x70/0x70
[ 2328.083535][T12640]  __sys_sendmsg+0x236/0x390
[ 2328.088047][T12640]  ? ____sys_sendmsg+0x9a0/0x9a0
[ 2328.092827][T12640]  ? __kasan_check_write+0x14/0x20
[ 2328.097767][T12640]  ? mutex_unlock+0xb2/0x260
[ 2328.102196][T12640]  ? __kasan_check_write+0x14/0x20
[ 2328.107229][T12640]  ? __ia32_sys_read+0x90/0x90
[ 2328.111827][T12640]  ? debug_smp_processor_id+0x17/0x20
[ 2328.117117][T12640]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2328.123024][T12640]  __x64_sys_sendmsg+0x7f/0x90
[ 2328.127622][T12640]  x64_sys_call+0x16a/0x9a0
[ 2328.131959][T12640]  do_syscall_64+0x3b/0xb0
[ 2328.136212][T12640]  ? clear_bhb_loop+0x55/0xb0
[ 2328.140734][T12640]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2328.146453][T12640] RIP: 0033:0x7f9ccf17cef9
[ 2328.150706][T12640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2328.170151][T12640] RSP: 002b:00007f9ccfee6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2328.178394][T12640] RAX: ffffffffffffffda RBX: 00007f9ccf335f80 RCX: 00007f9ccf17cef9
[ 2328.186325][T12640] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[ 2328.194135][T12640] RBP: 00007f9ccfee6090 R08: 0000000000000000 R09: 0000000000000000
[ 2328.201953][T12640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2328.209847][T12640] R13: 0000000000000000 R14: 00007f9ccf335f80 R15: 00007ffff29c7a78
[ 2328.217666][T12640]  </TASK>
[ 2328.237752][T12643] FAULT_INJECTION: forcing a failure.
[ 2328.237752][T12643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2328.262806][T12643] CPU: 1 PID: 12643 Comm: syz.3.11656 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2328.272541][T12643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2328.282447][T12643] Call Trace:
[ 2328.285565][T12643]  <TASK>
[ 2328.288335][T12643]  dump_stack_lvl+0x151/0x1b7
[ 2328.292847][T12643]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2328.298160][T12643]  dump_stack+0x15/0x1c
[ 2328.302142][T12643]  should_fail_ex+0x3d0/0x520
[ 2328.306651][T12643]  should_fail+0xb/0x10
[ 2328.310642][T12643]  should_fail_usercopy+0x1a/0x20
[ 2328.315503][T12643]  _copy_from_user+0x1e/0xc0
[ 2328.319931][T12643]  iovec_from_user+0xc7/0x320
[ 2328.324453][T12643]  __import_iovec+0x70/0x430
[ 2328.328874][T12643]  import_iovec+0xe5/0x120
[ 2328.333123][T12643]  copy_msghdr_from_user+0x527/0x670
[ 2328.338246][T12643]  ? putname+0xfa/0x150
[ 2328.342238][T12643]  ? sendmsg_copy_msghdr+0x70/0x70
[ 2328.347186][T12643]  do_recvmmsg+0x408/0xab0
[ 2328.351444][T12643]  ? __sys_recvmmsg+0x270/0x270
[ 2328.356129][T12643]  ? vfs_write+0xbb3/0xeb0
[ 2328.360373][T12643]  ? __kasan_slab_free+0x11/0x20
[ 2328.365154][T12643]  ? __kasan_check_write+0x14/0x20
[ 2328.370097][T12643]  ? mutex_unlock+0xb2/0x260
[ 2328.374545][T12643]  ? fput+0x15b/0x1b0
[ 2328.378344][T12643]  ? ksys_write+0x260/0x2c0
[ 2328.382684][T12643]  __x64_sys_recvmmsg+0x195/0x240
[ 2328.387543][T12643]  ? do_recvmmsg+0xab0/0xab0
[ 2328.391965][T12643]  ? debug_smp_processor_id+0x17/0x20
[ 2328.397263][T12643]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2328.402736][T12643]  x64_sys_call+0x7e5/0x9a0
[ 2328.407072][T12643]  do_syscall_64+0x3b/0xb0
[ 2328.411323][T12643]  ? clear_bhb_loop+0x55/0xb0
[ 2328.415839][T12643]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2328.421565][T12643] RIP: 0033:0x7f9ccf17cef9
[ 2328.425824][T12643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2328.445260][T12643] RSP: 002b:00007f9ccfee6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 2328.453504][T12643] RAX: ffffffffffffffda RBX: 00007f9ccf335f80 RCX: 00007f9ccf17cef9
[ 2328.461316][T12643] RDX: 0000000000000001 RSI: 0000000020002a00 RDI: 0000000000000003
[ 2328.469128][T12643] RBP: 00007f9ccfee6090 R08: 0000000000000000 R09: 0000000000000000
[ 2328.476941][T12643] R10: 00007fb14727fda9 R11: 0000000000000246 R12: 0000000000000001
[ 2328.484749][T12643] R13: 0000000000000000 R14: 00007f9ccf335f80 R15: 00007ffff29c7a78
[ 2328.492568][T12643]  </TASK>
[ 2328.528768][T12647] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11658'.
[ 2328.615275][T12649] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[ 2328.918540][  T552] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[ 2329.007354][  T317] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 2329.062056][T12658] loop4: detected capacity change from 0 to 512
[ 2329.082272][T12658] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 2329.154071][T12599] EXT4-fs (loop4): unmounting filesystem.
[ 2329.197248][T12669] loop4: detected capacity change from 0 to 2048
[ 2329.218764][T12669] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 2329.227185][T12669] ext4 filesystem being mounted at /5/bus supports timestamps until 2038 (0x7fffffff)
[ 2329.254449][   T28] audit: type=1400 audit(1725779843.402:630): avc:  denied  { ioctl } for  pid=12668 comm="syz.4.11664" path="/5/bus/file0/file0" dev="loop4" ino=13 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 2329.279543][T12669] fs-verity: sha512 using implementation "sha512-avx2"
[ 2329.296261][T12599] EXT4-fs (loop4): unmounting filesystem.
[ 2329.302027][  T552] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2329.346883][T12675] loop4: detected capacity change from 0 to 2048
[ 2329.407067][  T317] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2329.444247][T12675] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 2329.452647][T12675] ext4 filesystem being mounted at /6/bus supports timestamps until 2038 (0x7fffffff)
[ 2329.472764][T12675] FAULT_INJECTION: forcing a failure.
[ 2329.472764][T12675] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2329.486591][T12675] CPU: 1 PID: 12675 Comm: syz.4.11665 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2329.496312][T12675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2329.497027][  T552] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2329.506202][T12675] Call Trace:
[ 2329.506213][T12675]  <TASK>
[ 2329.506222][T12675]  dump_stack_lvl+0x151/0x1b7
[ 2329.525475][T12675]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2329.530764][T12675]  ? do_vfs_ioctl+0x19df/0x29a0
[ 2329.535452][T12675]  dump_stack+0x15/0x1c
[ 2329.539445][T12675]  should_fail_ex+0x3d0/0x520
[ 2329.543958][T12675]  should_fail+0xb/0x10
[ 2329.547953][T12675]  should_fail_usercopy+0x1a/0x20
[ 2329.552808][T12675]  _copy_to_user+0x1e/0x90
[ 2329.557065][T12675]  simple_read_from_buffer+0xc7/0x150
[ 2329.562289][T12675]  proc_fail_nth_read+0x1a3/0x210
[ 2329.567137][T12675]  ? proc_fault_inject_write+0x390/0x390
[ 2329.572597][T12675]  ? fsnotify_perm+0x470/0x5d0
[ 2329.577200][T12675]  ? security_file_permission+0x86/0xb0
[ 2329.582581][T12675]  ? proc_fault_inject_write+0x390/0x390
[ 2329.588048][T12675]  vfs_read+0x26c/0xad0
[ 2329.592045][T12675]  ? kernel_read+0x1f0/0x1f0
[ 2329.596468][T12675]  ? mutex_lock+0xb1/0x1e0
[ 2329.600720][T12675]  ? bit_wait_io_timeout+0x120/0x120
[ 2329.605930][T12675]  ? __fdget_pos+0x2e2/0x390
[ 2329.610353][T12675]  ? ksys_read+0x77/0x2c0
[ 2329.614524][T12675]  ksys_read+0x199/0x2c0
[ 2329.618604][T12675]  ? vfs_write+0xeb0/0xeb0
[ 2329.622851][T12675]  ? debug_smp_processor_id+0x17/0x20
[ 2329.628061][T12675]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2329.633978][T12675]  __x64_sys_read+0x7b/0x90
[ 2329.638302][T12675]  x64_sys_call+0x28/0x9a0
[ 2329.642554][T12675]  do_syscall_64+0x3b/0xb0
[ 2329.646804][T12675]  ? clear_bhb_loop+0x55/0xb0
[ 2329.651318][T12675]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2329.657047][T12675] RIP: 0033:0x7f5af1d7b93c
[ 2329.661475][T12675] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 2329.680918][T12675] RSP: 002b:00007f5af2ba6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2329.689161][T12675] RAX: ffffffffffffffda RBX: 00007f5af1f35f80 RCX: 00007f5af1d7b93c
[ 2329.696972][T12675] RDX: 000000000000000f RSI: 00007f5af2ba60a0 RDI: 0000000000000006
[ 2329.704784][T12675] RBP: 00007f5af2ba6090 R08: 0000000000000000 R09: 0000000000000000
[ 2329.712611][T12675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2329.720408][T12675] R13: 0000000000000000 R14: 00007f5af1f35f80 R15: 00007ffec257d138
[ 2329.728230][T12675]  </TASK>
[ 2329.731494][  T552] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2329.745396][  T552] usb 3-1: Product: syz
[ 2329.746045][T12599] EXT4-fs (loop4): unmounting filesystem.
[ 2329.749423][  T552] usb 3-1: Manufacturer: syz
[ 2329.749440][  T552] usb 3-1: SerialNumber: syz
[ 2329.768610][  T552] usb 3-1: config 0 descriptor??
[ 2329.847979][  T317] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2329.856830][  T317] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2329.864985][  T317] usb 2-1: Product: syz
[ 2329.869123][  T317] usb 2-1: Manufacturer: syz
[ 2329.873545][  T317] usb 2-1: SerialNumber: syz
[ 2329.879182][ T3012] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 2329.887868][  T317] usb 2-1: config 0 descriptor??
[ 2330.008534][T12652] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11660'.
[ 2330.021216][T12652] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11660'.
[ 2330.047712][T18974] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[ 2330.056264][  T552] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[ 2330.067971][ T8166] udevd[8166]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2330.084407][  T552] usb 3-1: USB disconnect, device number 120
[ 2330.138329][T12654] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11661'.
[ 2330.147451][T12654] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11661'.
[ 2330.188516][  T317] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[ 2330.197386][  T317] usb 2-1: USB disconnect, device number 97
[ 2330.202715][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2330.327053][ T3012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2330.338312][ T3012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2330.349276][ T3012] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[ 2330.359055][ T3012] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2330.379249][ T3012] usb 4-1: config 0 descriptor??
[ 2330.747009][T18974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2330.766956][T18974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2330.786750][T18974] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[ 2330.806986][T18974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2330.824393][T18974] usb 5-1: config 0 descriptor??
[ 2330.956978][T11676] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 2331.256987][ T3012] usbhid 4-1:0.0: can't add hid device: -71
[ 2331.262862][ T3012] usbhid: probe of 4-1:0.0 failed with error -71
[ 2331.277731][ T3012] usb 4-1: USB disconnect, device number 112
[ 2331.308396][T18974] hid-led 0003:1D34:000A.005D: unknown main item tag 0x0
[ 2331.317168][T11676] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2331.487064][T11676] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2331.496060][T11676] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2331.504131][T11676] usb 2-1: Product: syz
[ 2331.508514][T11676] usb 2-1: Manufacturer: syz
[ 2331.512923][T11676] usb 2-1: SerialNumber: syz
[ 2331.520881][T12683] loop4: detected capacity change from 0 to 512
[ 2331.541974][T12683] EXT4-fs: Ignoring removed nobh option
[ 2331.568316][T11676] usb 2-1: config 0 descriptor??
[ 2331.575402][T12683] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[ 2331.584574][T12683] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.11668: attempt to clear invalid blocks 2 len 1
[ 2331.597940][T12683] EXT4-fs (loop4): Remounting filesystem read-only
[ 2331.605211][T12683] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[ 2331.657878][T12683] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.11668: invalid indirect mapped block 1819239214 (level 0)
[ 2331.766922][T10833] bio_check_eod: 130237 callbacks suppressed
[ 2331.839843][T12683] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.11668: invalid indirect mapped block 1819239214 (level 1)
[ 2331.901131][T10833] syz.2.11195: attempt to access beyond end of device
[ 2331.901131][T10833] loop2: rw=524288, sector=87464, nr_sectors = 8 limit=40427
[ 2331.912514][T12692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11671'.
[ 2331.915796][T10833] syz.2.11195: attempt to access beyond end of device
[ 2331.915796][T10833] loop2: rw=524288, sector=87472, nr_sectors = 8 limit=40427
[ 2331.928107][T12692] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11671'.
[ 2331.938130][T12683] EXT4-fs (loop4): 1 truncate cleaned up
[ 2331.952485][T12683] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 2331.954339][T10833] syz.2.11195: attempt to access beyond end of device
[ 2331.954339][T10833] loop2: rw=524288, sector=87480, nr_sectors = 8 limit=40427
[ 2331.977969][T18974] hid-led 0003:1D34:000A.005D: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.4-1/input0
[ 2331.980171][T10833] syz.2.11195: attempt to access beyond end of device
[ 2331.980171][T10833] loop2: rw=524288, sector=87488, nr_sectors = 8 limit=40427
[ 2331.994243][T18974] hid-led 0003:1D34:000A.005D: Dream Cheeky Webmail Notifier initialized
[ 2332.003083][T10833] syz.2.11195: attempt to access beyond end of device
[ 2332.003083][T10833] loop2: rw=524288, sector=87496, nr_sectors = 8 limit=40427
[ 2332.028515][T11676] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[ 2332.032164][T10833] syz.2.11195: attempt to access beyond end of device
[ 2332.032164][T10833] loop2: rw=524288, sector=87504, nr_sectors = 8 limit=40427
[ 2332.039891][ T8166] udevd[8166]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2332.049611][T10833] syz.2.11195: attempt to access beyond end of device
[ 2332.049611][T10833] loop2: rw=524288, sector=87512, nr_sectors = 8 limit=40427
[ 2332.065358][T11676] usb 2-1: USB disconnect, device number 98
[ 2332.084070][T10833] syz.2.11195: attempt to access beyond end of device
[ 2332.084070][T10833] loop2: rw=524288, sector=87520, nr_sectors = 8 limit=40427
[ 2332.101694][T10833] syz.2.11195: attempt to access beyond end of device
[ 2332.101694][T10833] loop2: rw=524288, sector=87528, nr_sectors = 8 limit=40427
[ 2332.115857][T10833] syz.2.11195: attempt to access beyond end of device
[ 2332.115857][T10833] loop2: rw=524288, sector=87536, nr_sectors = 8 limit=40427
[ 2332.207407][  T552] usb 5-1: USB disconnect, device number 105
[ 2332.861631][T12599] EXT4-fs (loop4): unmounting filesystem.
[ 2332.869179][T12727] loop1: detected capacity change from 0 to 128
[ 2332.893602][T12727] EXT4-fs: Ignoring removed i_version option
[ 2332.906374][T12727] EXT4-fs: Ignoring removed orlov option
[ 2332.912350][T12727] ext2: Unknown parameter 'func'
[ 2332.999756][T12732] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11682'.
[ 2333.108199][T12740] loop3: detected capacity change from 0 to 512
[ 2333.125166][T12740] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 2333.187020][T18974] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[ 2333.229541][T12414] EXT4-fs (loop3): unmounting filesystem.
[ 2333.547003][T18974] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2333.586963][  T552] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[ 2333.717566][T18974] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2333.726806][T18974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2333.734905][T18974] usb 5-1: Product: syz
[ 2333.739783][T18974] usb 5-1: Manufacturer: syz
[ 2333.744326][T18974] usb 5-1: SerialNumber: syz
[ 2333.759775][T18974] usb 5-1: config 0 descriptor??
[ 2333.916239][   T28] audit: type=1400 audit(1725779848.062:631): avc:  denied  { validate_trans } for  pid=12761 comm="syz.1.11690" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[ 2333.977605][  T552] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2333.999703][T12729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11681'.
[ 2334.032286][T18974] snd-usb-audio: probe of 5-1:0.0 failed with error -2
[ 2334.048383][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2334.072577][T18974] usb 5-1: USB disconnect, device number 106
[ 2334.147056][  T552] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2334.155981][  T552] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2334.168548][  T552] usb 3-1: Product: syz
[ 2334.172537][  T552] usb 3-1: Manufacturer: syz
[ 2334.177480][  T552] usb 3-1: SerialNumber: syz
[ 2334.191875][  T552] usb 3-1: config 0 descriptor??
[ 2334.513704][T12757] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11688'.
[ 2334.706691][T12757] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11688'.
[ 2334.824750][  T552] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[ 2334.834207][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2334.852218][  T552] usb 3-1: USB disconnect, device number 121
[ 2335.210115][T12782] loop3: detected capacity change from 0 to 512
[ 2335.228410][T12782] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 2335.360190][T12414] EXT4-fs (loop3): unmounting filesystem.
[ 2335.463714][T12799] loop3: detected capacity change from 0 to 1024
[ 2335.470325][T12799] EXT4-fs: Ignoring removed orlov option
[ 2335.480180][T12799] EXT4-fs (loop3): Test dummy encryption mode enabled
[ 2335.499504][T12799] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 2335.962613][   T28] audit: type=1400 audit(1725779850.112:632): avc:  denied  { bind } for  pid=12810 comm="syz.2.11702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 2336.246986][  T552] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[ 2336.338422][T12414] EXT4-fs (loop3): unmounting filesystem.
[ 2336.363983][T12816] netlink: 40 bytes leftover after parsing attributes in process `syz.3.11704'.
[ 2336.498147][T12819] loop3: detected capacity change from 0 to 256
[ 2336.516995][ T8747] Bluetooth: hci0: command 0x1003 tx timeout
[ 2336.517009][ T8749] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 2336.607015][  T552] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2336.774537][T12824] overlayfs: unrecognized mount option "func=MMAP_CHECK" or missing value
[ 2336.777600][  T552] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2336.783024][T10833] bio_check_eod: 121899 callbacks suppressed
[ 2336.783042][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.783042][T10833] loop2: rw=524288, sector=88576, nr_sectors = 8 limit=40427
[ 2336.799183][  T552] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2336.813228][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.813228][T10833] loop2: rw=524288, sector=88584, nr_sectors = 8 limit=40427
[ 2336.819960][  T552] usb 3-1: Product: syz
[ 2336.833833][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.833833][T10833] loop2: rw=524288, sector=88592, nr_sectors = 8 limit=40427
[ 2336.837828][  T552] usb 3-1: Manufacturer: syz
[ 2336.851875][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.851875][T10833] loop2: rw=524288, sector=88600, nr_sectors = 8 limit=40427
[ 2336.856213][  T552] usb 3-1: SerialNumber: syz
[ 2336.871069][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.871069][T10833] loop2: rw=524288, sector=88608, nr_sectors = 8 limit=40427
[ 2336.887959][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.887959][T10833] loop2: rw=524288, sector=88616, nr_sectors = 8 limit=40427
[ 2336.902177][  T552] usb 3-1: config 0 descriptor??
[ 2336.902206][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.902206][T10833] loop2: rw=524288, sector=88624, nr_sectors = 8 limit=40427
[ 2336.921864][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.921864][T10833] loop2: rw=524288, sector=88632, nr_sectors = 8 limit=40427
[ 2336.936142][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.936142][T10833] loop2: rw=524288, sector=88640, nr_sectors = 8 limit=40427
[ 2336.950231][T10833] syz.2.11195: attempt to access beyond end of device
[ 2336.950231][T10833] loop2: rw=524288, sector=88648, nr_sectors = 8 limit=40427
[ 2337.086978][ T8749] Bluetooth: hci1: command 0x1003 tx timeout
[ 2337.087029][T12069] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 2337.149919][T12813] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11703'.
[ 2337.168159][T12813] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11703'.
[ 2337.168381][T12835] loop4: detected capacity change from 0 to 1024
[ 2337.190122][  T552] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[ 2337.197505][T12835] EXT4-fs: Ignoring removed orlov option
[ 2337.210646][T12835] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 2337.211097][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2337.239630][  T552] usb 3-1: USB disconnect, device number 122
[ 2337.242112][T12835] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 2337.317023][T18974] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 2337.798226][T12853] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11715'.
[ 2337.890215][T12856] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11716'.
[ 2337.937052][T18974] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2337.975469][T12859] FAULT_INJECTION: forcing a failure.
[ 2337.975469][T12859] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2338.023915][T12859] CPU: 0 PID: 12859 Comm: syz.1.11717 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2338.024994][T12599] EXT4-fs (loop4): unmounting filesystem.
[ 2338.033640][T12859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2338.033655][T12859] Call Trace:
[ 2338.033662][T12859]  <TASK>
[ 2338.033669][T12859]  dump_stack_lvl+0x151/0x1b7
[ 2338.059512][T12859]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2338.064801][T12859]  ? __alloc_pages+0x3a1/0x780
[ 2338.069414][T12859]  dump_stack+0x15/0x1c
[ 2338.073393][T12859]  should_fail_ex+0x3d0/0x520
[ 2338.078099][T12859]  should_fail+0xb/0x10
[ 2338.082091][T12859]  should_fail_usercopy+0x1a/0x20
[ 2338.086953][T12859]  _copy_from_user+0x1e/0xc0
[ 2338.091374][T12859]  simple_transaction_get+0x11d/0x150
[ 2338.096582][T12859]  selinux_transaction_write+0xb4/0x140
[ 2338.101965][T12859]  ? sel_write_enforce+0x790/0x790
[ 2338.106910][T12859]  vfs_write+0x41d/0xeb0
[ 2338.110986][T12859]  ? __kasan_slab_free+0x11/0x20
[ 2338.115769][T12859]  ? file_end_write+0x1c0/0x1c0
[ 2338.120535][T12859]  ? mutex_lock+0xb1/0x1e0
[ 2338.124788][T12859]  ? bit_wait_io_timeout+0x120/0x120
[ 2338.129925][T12859]  ? __fdget_pos+0x2e2/0x390
[ 2338.134330][T12859]  ? ksys_write+0x77/0x2c0
[ 2338.138586][T12859]  ksys_write+0x199/0x2c0
[ 2338.142750][T12859]  ? __ia32_sys_read+0x90/0x90
[ 2338.147439][T12859]  ? debug_smp_processor_id+0x17/0x20
[ 2338.152655][T12859]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2338.158546][T12859]  __x64_sys_write+0x7b/0x90
[ 2338.162972][T12859]  x64_sys_call+0x2f/0x9a0
[ 2338.167228][T12859]  do_syscall_64+0x3b/0xb0
[ 2338.171476][T12859]  ? clear_bhb_loop+0x55/0xb0
[ 2338.175999][T12859]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2338.181718][T12859] RIP: 0033:0x7fe0b7f7cef9
[ 2338.185973][T12859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2338.205420][T12859] RSP: 002b:00007fe0b8dcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2338.213662][T12859] RAX: ffffffffffffffda RBX: 00007fe0b8135f80 RCX: 00007fe0b7f7cef9
[ 2338.221474][T12859] RDX: 0000000000000046 RSI: 0000000020000580 RDI: 0000000000000006
[ 2338.229283][T12859] RBP: 00007fe0b8dcf090 R08: 0000000000000000 R09: 0000000000000000
[ 2338.237095][T12859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2338.244906][T12859] R13: 0000000000000000 R14: 00007fe0b8135f80 R15: 00007ffebc2a8708
[ 2338.252723][T12859]  </TASK>
[ 2338.309129][T12861] FAULT_INJECTION: forcing a failure.
[ 2338.309129][T12861] name failslab, interval 1, probability 0, space 0, times 0
[ 2338.338929][T12867] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11719'.
[ 2338.370836][T12861] CPU: 0 PID: 12861 Comm: syz.4.11718 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2338.380573][T12861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2338.390465][T12861] Call Trace:
[ 2338.393588][T12861]  <TASK>
[ 2338.396368][T12861]  dump_stack_lvl+0x151/0x1b7
[ 2338.400883][T12861]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2338.406182][T12861]  ? kasan_save_alloc_info+0x1f/0x30
[ 2338.411293][T12861]  ? __kasan_kmalloc+0x9c/0xb0
[ 2338.415891][T12861]  ? kvmalloc_node+0x221/0x640
[ 2338.420492][T12861]  dump_stack+0x15/0x1c
[ 2338.424483][T12861]  should_fail_ex+0x3d0/0x520
[ 2338.428998][T12861]  ? __kvm_mmu_topup_memory_cache+0x1a5/0x4a0
[ 2338.434898][T12861]  __should_failslab+0xaf/0xf0
[ 2338.439497][T12861]  should_failslab+0x9/0x20
[ 2338.443838][T12861]  kmem_cache_alloc+0x3b/0x2c0
[ 2338.448436][T12861]  ? debug_smp_processor_id+0x17/0x20
[ 2338.453647][T12861]  __kvm_mmu_topup_memory_cache+0x1a5/0x4a0
[ 2338.459377][T12861]  kvm_mmu_topup_memory_cache+0x22/0x30
[ 2338.464756][T12861]  kvm_mmu_load+0x111/0x2970
[ 2338.469185][T12861]  ? __kasan_check_write+0x14/0x20
[ 2338.474126][T12861]  ? mutex_unlock+0xb2/0x260
[ 2338.478557][T12861]  ? kvm_mmu_unload+0x120/0x120
[ 2338.483326][T12861]  ? xa_find+0x2e0/0x2e0
[ 2338.487409][T12861]  ? memset+0x35/0x40
[ 2338.491233][T12861]  ? vmx_flush_tlb_all+0xc2/0x380
[ 2338.496088][T12861]  ? vmx_get_if_flag+0x40/0x40
[ 2338.500695][T12861]  ? queue_delayed_work_on+0x13f/0x180
[ 2338.505983][T12861]  ? kvm_apic_has_interrupt+0x9d0/0xa70
[ 2338.511361][T12861]  ? kvm_hv_activate_synic+0x100/0x100
[ 2338.516674][T12861]  vcpu_enter_guest+0x6c78/0x9490
[ 2338.521531][T12861]  ? avc_has_perm+0x16f/0x260
[ 2338.526047][T12861]  ? pvclock_gtod_update_fn+0x2b0/0x2b0
[ 2338.531418][T12861]  ? 0xffffffffa0000674
[ 2338.535415][T12861]  ? is_bpf_text_address+0x172/0x190
[ 2338.540528][T12861]  ? stack_trace_save+0x1c0/0x1c0
[ 2338.545391][T12861]  ? kernel_text_address+0xa9/0xe0
[ 2338.550335][T12861]  ? __kernel_text_address+0xd/0x40
[ 2338.555373][T12861]  ? unwind_get_return_address+0x4d/0x90
[ 2338.560921][T12861]  ? arch_stack_walk+0xf3/0x140
[ 2338.565612][T12861]  ? _parse_integer_limit+0x19b/0x1e0
[ 2338.570821][T12861]  ? memset+0x35/0x40
[ 2338.574636][T12861]  ? __bpf_get_stack+0x2af/0x590
[ 2338.579408][T12861]  ? nested_vmx_inject_exception_vmexit+0x4d0/0x4d0
[ 2338.585919][T12861]  ? stack_map_get_build_id_offset+0x9a0/0x9a0
[ 2338.591909][T12861]  ? bpf_get_stack+0x31/0x40
[ 2338.596342][T12861]  ? bpf_get_stack_raw_tp+0x1b2/0x220
[ 2338.601542][T12861]  ? bpf_trace_run1+0x10b/0x240
[ 2338.606229][T12861]  ? bpf_put_raw_tracepoint+0x60/0x60
[ 2338.611440][T12861]  ? fpu_swap_kvm_fpstate+0x4e2/0x5d0
[ 2338.616653][T12861]  ? fpu_swap_kvm_fpstate+0x81/0x5d0
[ 2338.621765][T12861]  ? __bpf_trace_kvm_fpu+0x1b/0x20
[ 2338.626712][T12861]  kvm_arch_vcpu_ioctl_run+0x1478/0x2270
[ 2338.632184][T12861]  ? __kvm_request_immediate_exit+0x70/0x70
[ 2338.637905][T12861]  ? vfs_write+0xbb3/0xeb0
[ 2338.642162][T12861]  kvm_vcpu_ioctl+0x7eb/0xcf0
[ 2338.646674][T12861]  ? xa_release+0x40/0x40
[ 2338.650844][T12861]  ? selinux_file_ioctl+0x3cc/0x540
[ 2338.655871][T12861]  ? __mutex_lock_slowpath+0x10/0x10
[ 2338.660997][T12861]  ? selinux_file_alloc_security+0x120/0x120
[ 2338.666812][T12861]  ? __fget_files+0x2cb/0x330
[ 2338.671323][T12861]  ? security_file_ioctl+0x84/0xb0
[ 2338.676278][T12861]  ? xa_release+0x40/0x40
[ 2338.680436][T12861]  __se_sys_ioctl+0x114/0x190
[ 2338.684961][T12861]  __x64_sys_ioctl+0x7b/0x90
[ 2338.689379][T12861]  x64_sys_call+0x98/0x9a0
[ 2338.693630][T12861]  do_syscall_64+0x3b/0xb0
[ 2338.697882][T12861]  ? clear_bhb_loop+0x55/0xb0
[ 2338.702396][T12861]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2338.708126][T12861] RIP: 0033:0x7f5af1d7cef9
[ 2338.712378][T12861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2338.731922][T12861] RSP: 002b:00007f5af2ba6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2338.740148][T12861] RAX: ffffffffffffffda RBX: 00007f5af1f35f80 RCX: 00007f5af1d7cef9
[ 2338.747960][T12861] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[ 2338.755772][T12861] RBP: 00007f5af2ba6090 R08: 0000000000000000 R09: 0000000000000000
[ 2338.763584][T12861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2338.771397][T12861] R13: 0000000000000000 R14: 00007f5af1f35f80 R15: 00007ffec257d138
[ 2338.779210][T12861]  </TASK>
[ 2338.798586][T18974] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2338.816987][T18974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2338.835061][T18974] usb 4-1: Product: syz
[ 2338.839227][T18974] usb 4-1: Manufacturer: syz
[ 2338.843574][T18974] usb 4-1: SerialNumber: syz
[ 2338.852477][T12865] loop1: detected capacity change from 0 to 16
[ 2338.858724][T12865] erofs: Unknown parameter '/sys/kernel/profiling'
[ 2338.869159][T18974] usb 4-1: config 0 descriptor??
[ 2338.907316][ T8166] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 2339.205691][T12831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11709'.
[ 2339.295425][T12878] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11709'.
[ 2339.366235][T18974] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[ 2339.382063][T12890] fuse: Bad value for 'fd'
[ 2339.385376][T18974] usb 4-1: USB disconnect, device number 113
[ 2339.396428][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2339.475412][T12894] loop1: detected capacity change from 0 to 1024
[ 2339.487225][T12897] FAULT_INJECTION: forcing a failure.
[ 2339.487225][T12897] name failslab, interval 1, probability 0, space 0, times 0
[ 2339.495508][T12894] EXT4-fs: Ignoring removed orlov option
[ 2339.506601][T12897] CPU: 0 PID: 12897 Comm: syz.0.11731 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2339.516316][T12897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2339.526327][T12897] Call Trace:
[ 2339.529452][T12897]  <TASK>
[ 2339.532228][T12897]  dump_stack_lvl+0x151/0x1b7
[ 2339.536740][T12897]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2339.542048][T12897]  ? _parse_integer+0x2a/0x40
[ 2339.546542][T12897]  ? kstrtoull+0x1cd/0x2e0
[ 2339.550798][T12897]  dump_stack+0x15/0x1c
[ 2339.554791][T12897]  should_fail_ex+0x3d0/0x520
[ 2339.559303][T12897]  ? bpf_test_init+0xf1/0x190
[ 2339.563947][T12897]  __should_failslab+0xaf/0xf0
[ 2339.568550][T12897]  should_failslab+0x9/0x20
[ 2339.572886][T12897]  __kmem_cache_alloc_node+0x3d/0x250
[ 2339.578189][T12897]  ? kasan_save_free_info+0x2b/0x40
[ 2339.583224][T12897]  ? bpf_test_init+0xf1/0x190
[ 2339.587745][T12897]  __kmalloc+0xa3/0x1e0
[ 2339.591733][T12897]  bpf_test_init+0xf1/0x190
[ 2339.596076][T12897]  bpf_prog_test_run_xdp+0x414/0x1130
[ 2339.601276][T12897]  ? avc_denied+0x1b0/0x1b0
[ 2339.605620][T12897]  ? dev_put+0x80/0x80
[ 2339.609526][T12897]  ? __kasan_check_write+0x14/0x20
[ 2339.614468][T12897]  ? fput+0x15b/0x1b0
[ 2339.618291][T12897]  ? dev_put+0x80/0x80
[ 2339.622192][T12897]  bpf_prog_test_run+0x3b0/0x630
[ 2339.626969][T12897]  ? bpf_prog_query+0x260/0x260
[ 2339.631656][T12897]  ? selinux_bpf+0xd2/0x100
[ 2339.636082][T12897]  ? security_bpf+0x82/0xb0
[ 2339.640420][T12897]  __sys_bpf+0x59f/0x7f0
[ 2339.644500][T12897]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 2339.649723][T12897]  ? __ia32_sys_read+0x90/0x90
[ 2339.654397][T12897]  ? debug_smp_processor_id+0x17/0x20
[ 2339.659697][T12897]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2339.665592][T12897]  __x64_sys_bpf+0x7c/0x90
[ 2339.669843][T12897]  x64_sys_call+0x87f/0x9a0
[ 2339.674189][T12897]  do_syscall_64+0x3b/0xb0
[ 2339.678437][T12897]  ? clear_bhb_loop+0x55/0xb0
[ 2339.682950][T12897]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2339.688686][T12897] RIP: 0033:0x7f038417cef9
[ 2339.692933][T12897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2339.712371][T12897] RSP: 002b:00007f0384fc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2339.720618][T12897] RAX: ffffffffffffffda RBX: 00007f0384335f80 RCX: 00007f038417cef9
[ 2339.728430][T12897] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a
[ 2339.736261][T12897] RBP: 00007f0384fc0090 R08: 0000000000000000 R09: 0000000000000000
[ 2339.744050][T12897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2339.751861][T12897] R13: 0000000000000000 R14: 00007f0384335f80 R15: 00007ffd2e79cfd8
[ 2339.759769][T12897]  </TASK>
[ 2339.767569][T12894] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 2339.782206][T12894] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 2339.819241][T12898] xt_hashlimit: size too large, truncated to 1048576
[ 2340.277105][ T1847] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[ 2340.432699][T12530] EXT4-fs (loop1): unmounting filesystem.
[ 2340.652658][T12921] FAULT_INJECTION: forcing a failure.
[ 2340.652658][T12921] name failslab, interval 1, probability 0, space 0, times 0
[ 2340.677009][ T1847] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2340.706471][T12921] CPU: 1 PID: 12921 Comm: syz.1.11737 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2340.716503][T12921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2340.726395][T12921] Call Trace:
[ 2340.729518][T12921]  <TASK>
[ 2340.732293][T12921]  dump_stack_lvl+0x151/0x1b7
[ 2340.736810][T12921]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2340.742102][T12921]  ? avc_denied+0x1b0/0x1b0
[ 2340.746446][T12921]  dump_stack+0x15/0x1c
[ 2340.750436][T12921]  should_fail_ex+0x3d0/0x520
[ 2340.754981][T12921]  ? ___neigh_create+0x6af/0x1db0
[ 2340.759808][T12921]  __should_failslab+0xaf/0xf0
[ 2340.764407][T12921]  should_failslab+0x9/0x20
[ 2340.768751][T12921]  __kmem_cache_alloc_node+0x3d/0x250
[ 2340.773954][T12921]  ? avc_has_perm_noaudit+0x2dd/0x430
[ 2340.779163][T12921]  ? ___neigh_create+0x6af/0x1db0
[ 2340.784020][T12921]  __kmalloc+0xa3/0x1e0
[ 2340.788016][T12921]  ___neigh_create+0x6af/0x1db0
[ 2340.792705][T12921]  ? neigh_ifdown+0x30/0x30
[ 2340.797035][T12921]  ? selinux_capable+0x2f1/0x430
[ 2340.801822][T12921]  __neigh_create+0x32/0x40
[ 2340.806239][T12921]  arp_req_set+0x400/0x820
[ 2340.810493][T12921]  ? arp_req_delete+0x460/0x460
[ 2340.815178][T12921]  ? mutex_lock+0xb1/0x1e0
[ 2340.819434][T12921]  ? cap_capable+0x1d2/0x270
[ 2340.823877][T12921]  ? bit_wait_io_timeout+0x120/0x120
[ 2340.829153][T12921]  ? full_name_hash+0x9d/0xf0
[ 2340.833670][T12921]  arp_ioctl+0x436/0x660
[ 2340.837753][T12921]  ? neigh_release+0x80/0x80
[ 2340.842174][T12921]  ? _kstrtol+0x150/0x150
[ 2340.846347][T12921]  inet_ioctl+0x34d/0x400
[ 2340.850509][T12921]  ? inet_shutdown+0x3d0/0x3d0
[ 2340.855113][T12921]  sock_do_ioctl+0x152/0x450
[ 2340.859549][T12921]  ? has_cap_mac_admin+0x3c0/0x3c0
[ 2340.864477][T12921]  ? sock_show_fdinfo+0xa0/0xa0
[ 2340.869169][T12921]  ? selinux_file_ioctl+0x3cc/0x540
[ 2340.874200][T12921]  sock_ioctl+0x455/0x740
[ 2340.878366][T12921]  ? sock_poll+0x400/0x400
[ 2340.882616][T12921]  ? __fget_files+0x2cb/0x330
[ 2340.887135][T12921]  ? security_file_ioctl+0x84/0xb0
[ 2340.892080][T12921]  ? sock_poll+0x400/0x400
[ 2340.896343][T12921]  __se_sys_ioctl+0x114/0x190
[ 2340.900844][T12921]  __x64_sys_ioctl+0x7b/0x90
[ 2340.905284][T12921]  x64_sys_call+0x98/0x9a0
[ 2340.909522][T12921]  do_syscall_64+0x3b/0xb0
[ 2340.913781][T12921]  ? clear_bhb_loop+0x55/0xb0
[ 2340.918387][T12921]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2340.924112][T12921] RIP: 0033:0x7fe0b7f7cef9
[ 2340.928376][T12921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2340.947898][T12921] RSP: 002b:00007fe0b8dcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2340.956229][T12921] RAX: ffffffffffffffda RBX: 00007fe0b8135f80 RCX: 00007fe0b7f7cef9
[ 2340.964039][T12921] RDX: 0000000020000040 RSI: 0000000000008955 RDI: 0000000000000006
[ 2340.971851][T12921] RBP: 00007fe0b8dcf090 R08: 0000000000000000 R09: 0000000000000000
[ 2340.979661][T12921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2340.987477][T12921] R13: 0000000000000000 R14: 00007fe0b8135f80 R15: 00007ffebc2a8708
[ 2340.995325][T12921]  </TASK>
[ 2341.057050][ T1847] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2341.072037][ T1847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2341.080571][ T1847] usb 5-1: Product: syz
[ 2341.084586][ T1847] usb 5-1: Manufacturer: syz
[ 2341.096962][ T1847] usb 5-1: SerialNumber: syz
[ 2341.124387][ T1847] usb 5-1: config 0 descriptor??
[ 2341.296995][T18974] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[ 2341.748436][T18974] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 2341.765938][ T1847] snd-usb-audio: probe of 5-1:0.0 failed with error -2
[ 2341.786960][T10833] bio_check_eod: 65735 callbacks suppressed
[ 2341.786989][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.786989][T10833] loop2: rw=0, sector=87856, nr_sectors = 8 limit=40427
[ 2341.789874][ T1847] usb 5-1: USB disconnect, device number 107
[ 2341.798265][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2341.806476][T18974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2341.812343][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.812343][T10833] loop2: rw=0, sector=87864, nr_sectors = 8 limit=40427
[ 2341.828829][T18974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2341.839270][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.839270][T10833] loop2: rw=0, sector=87872, nr_sectors = 8 limit=40427
[ 2341.853329][T18974] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 2341.864026][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.864026][T10833] loop2: rw=0, sector=87880, nr_sectors = 8 limit=40427
[ 2341.901665][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.901665][T10833] loop2: rw=0, sector=87888, nr_sectors = 8 limit=40427
[ 2341.915489][T29701] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[ 2341.923359][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.923359][T10833] loop2: rw=0, sector=87896, nr_sectors = 8 limit=40427
[ 2341.937361][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.937361][T10833] loop2: rw=0, sector=87904, nr_sectors = 8 limit=40427
[ 2341.947223][T18974] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 2341.950950][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.950950][T10833] loop2: rw=0, sector=87912, nr_sectors = 8 limit=40427
[ 2341.960087][T18974] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 2341.973378][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.973378][T10833] loop2: rw=0, sector=87920, nr_sectors = 8 limit=40427
[ 2341.981426][T18974] usb 2-1: Manufacturer: syz
[ 2341.994514][T10833] syz.2.11195: attempt to access beyond end of device
[ 2341.994514][T10833] loop2: rw=0, sector=87928, nr_sectors = 8 limit=40427
[ 2342.010816][T18974] usb 2-1: config 0 descriptor??
[ 2342.297020][T29701] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2342.407022][T11511] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 2342.527038][T29701] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2342.535934][T29701] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2342.543758][T29701] usb 4-1: Product: syz
[ 2342.548027][T29701] usb 4-1: Manufacturer: syz
[ 2342.548855][T18974] appleir 0003:05AC:8243.005E: unknown main item tag 0x0
[ 2342.552435][T29701] usb 4-1: SerialNumber: syz
[ 2342.564720][T29701] usb 4-1: config 0 descriptor??
[ 2342.569851][T18974] appleir 0003:05AC:8243.005E: No inputs registered, leaving
[ 2342.580002][T18974] appleir 0003:05AC:8243.005E: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[ 2342.827013][T11511] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2342.828944][T18974] usb 2-1: USB disconnect, device number 99
[ 2342.843904][T12945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11746'.
[ 2342.860531][T12945] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11746'.
[ 2342.888865][T29701] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[ 2342.902823][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2342.907041][T29701] usb 4-1: USB disconnect, device number 114
[ 2343.057012][T11511] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2343.066209][T11511] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2343.074084][T11511] usb 5-1: Product: syz
[ 2343.078078][T11511] usb 5-1: Manufacturer: syz
[ 2343.082440][T11511] usb 5-1: SerialNumber: syz
[ 2343.097210][T11511] usb 5-1: config 0 descriptor??
[ 2343.350289][T12948] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11747'.
[ 2343.389088][T12953] FAULT_INJECTION: forcing a failure.
[ 2343.389088][T12953] name failslab, interval 1, probability 0, space 0, times 0
[ 2343.391566][T12948] netlink: 48 bytes leftover after parsing attributes in process `syz.4.11747'.
[ 2343.413848][T12953] CPU: 1 PID: 12953 Comm: syz.2.11750 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2343.423561][T12953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2343.433460][T12953] Call Trace:
[ 2343.436580][T12953]  <TASK>
[ 2343.439360][T12953]  dump_stack_lvl+0x151/0x1b7
[ 2343.443872][T12953]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2343.449165][T12953]  ? _parse_integer+0x2a/0x40
[ 2343.453681][T12953]  ? kstrtoull+0x1cd/0x2e0
[ 2343.457932][T12953]  dump_stack+0x15/0x1c
[ 2343.461924][T12953]  should_fail_ex+0x3d0/0x520
[ 2343.466440][T12953]  ? bpf_test_init+0xf1/0x190
[ 2343.470966][T12953]  __should_failslab+0xaf/0xf0
[ 2343.475558][T12953]  should_failslab+0x9/0x20
[ 2343.479889][T12953]  __kmem_cache_alloc_node+0x3d/0x250
[ 2343.485096][T12953]  ? kasan_save_free_info+0x2b/0x40
[ 2343.490136][T12953]  ? bpf_test_init+0xf1/0x190
[ 2343.494646][T12953]  __kmalloc+0xa3/0x1e0
[ 2343.498729][T12953]  bpf_test_init+0xf1/0x190
[ 2343.503068][T12953]  bpf_prog_test_run_xdp+0x414/0x1130
[ 2343.508275][T12953]  ? avc_denied+0x1b0/0x1b0
[ 2343.512623][T12953]  ? dev_put+0x80/0x80
[ 2343.516523][T12953]  ? __kasan_check_write+0x14/0x20
[ 2343.521469][T12953]  ? fput+0x15b/0x1b0
[ 2343.525400][T12953]  ? dev_put+0x80/0x80
[ 2343.529304][T12953]  bpf_prog_test_run+0x3b0/0x630
[ 2343.534076][T12953]  ? bpf_prog_query+0x260/0x260
[ 2343.538763][T12953]  ? selinux_bpf+0xd2/0x100
[ 2343.543099][T12953]  ? security_bpf+0x82/0xb0
[ 2343.547441][T12953]  __sys_bpf+0x59f/0x7f0
[ 2343.551528][T12953]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 2343.556733][T12953]  ? __ia32_sys_read+0x90/0x90
[ 2343.561330][T12953]  ? debug_smp_processor_id+0x17/0x20
[ 2343.566537][T12953]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2343.572437][T12953]  __x64_sys_bpf+0x7c/0x90
[ 2343.576692][T12953]  x64_sys_call+0x87f/0x9a0
[ 2343.581028][T12953]  do_syscall_64+0x3b/0xb0
[ 2343.585281][T12953]  ? clear_bhb_loop+0x55/0xb0
[ 2343.589795][T12953]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2343.595525][T12953] RIP: 0033:0x7f2ad377cef9
[ 2343.599777][T12953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2343.619306][T12953] RSP: 002b:00007f2ad44a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2343.627637][T12953] RAX: ffffffffffffffda RBX: 00007f2ad3935f80 RCX: 00007f2ad377cef9
[ 2343.635449][T12953] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a
[ 2343.643260][T12953] RBP: 00007f2ad44a3090 R08: 0000000000000000 R09: 0000000000000000
[ 2343.651071][T12953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2343.658883][T12953] R13: 0000000000000000 R14: 00007f2ad3935f80 R15: 00007ffd64575978
[ 2343.666698][T12953]  </TASK>
[ 2343.674317][T11511] snd-usb-audio: probe of 5-1:0.0 failed with error -2
[ 2343.687777][T11511] usb 5-1: USB disconnect, device number 108
[ 2343.701301][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2344.258827][T12982] FAULT_INJECTION: forcing a failure.
[ 2344.258827][T12982] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2344.271909][T12982] CPU: 1 PID: 12982 Comm: syz.4.11760 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2344.281583][T12982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2344.291481][T12982] Call Trace:
[ 2344.294601][T12982]  <TASK>
[ 2344.297379][T12982]  dump_stack_lvl+0x151/0x1b7
[ 2344.301900][T12982]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2344.307185][T12982]  ? mutex_unlock+0xb2/0x260
[ 2344.311617][T12982]  ? __mutex_lock_slowpath+0x10/0x10
[ 2344.316735][T12982]  dump_stack+0x15/0x1c
[ 2344.318132][T12969] loop1: detected capacity change from 0 to 40427
[ 2344.320723][T12982]  should_fail_ex+0x3d0/0x520
[ 2344.331490][T12982]  should_fail+0xb/0x10
[ 2344.335478][T12982]  should_fail_usercopy+0x1a/0x20
[ 2344.340340][T12982]  _copy_to_user+0x1e/0x90
[ 2344.344594][T12982]  __x64_sys_getrlimit+0x19e/0x1f0
[ 2344.349544][T12982]  ? __ia32_sys_setdomainname+0x70/0x70
[ 2344.354921][T12982]  ? debug_smp_processor_id+0x17/0x20
[ 2344.356569][T12969] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[ 2344.360126][T12982]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 2344.360157][T12982]  x64_sys_call+0x2cf/0x9a0
[ 2344.360180][T12982]  do_syscall_64+0x3b/0xb0
[ 2344.360198][T12982]  ? clear_bhb_loop+0x55/0xb0
[ 2344.360222][T12982]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2344.371148][T12969] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[ 2344.372363][T12982] RIP: 0033:0x7f5af1d7cef9
[ 2344.372383][T12982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2344.378883][T12969] ================================================================================
[ 2344.380955][T12982] RSP: 002b:00007f5af2ba6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000061
[ 2344.387235][T12969] UBSAN: shift-out-of-bounds in fs/f2fs/super.c:911:5
[ 2344.391195][T12982] RAX: ffffffffffffffda RBX: 00007f5af1f35f80 RCX: 00007f5af1d7cef9
[ 2344.391214][T12982] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 000000000000000e
[ 2344.413715][T12969] shift exponent 133 is too large for 64-bit type 'unsigned long'
[ 2344.422878][T12982] RBP: 00007f5af2ba6090 R08: 0000000000000000 R09: 0000000000000000
[ 2344.422895][T12982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2344.422908][T12982] R13: 0000000000000000 R14: 00007f5af1f35f80 R15: 00007ffec257d138
[ 2344.422930][T12982]  </TASK>
[ 2344.496974][  T317] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 2344.497844][T12969] CPU: 0 PID: 12969 Comm: syz.1.11755 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0
[ 2344.514233][T12969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 2344.524132][T12969] Call Trace:
[ 2344.527252][T12969]  <TASK>
[ 2344.530033][T12969]  dump_stack_lvl+0x151/0x1b7
[ 2344.534543][T12969]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 2344.539845][T12969]  dump_stack+0x15/0x1c
[ 2344.543831][T12969]  __ubsan_handle_shift_out_of_bounds+0x3e1/0x440
[ 2344.550089][T12969]  parse_options+0x4b90/0x4ba0
[ 2344.554684][T12969]  ? mount_bdev+0x282/0x3b0
[ 2344.559031][T12969]  ? f2fs_mount+0x34/0x40
[ 2344.563199][T12969]  ? default_options+0xc80/0xc80
[ 2344.567966][T12969]  ? kstrdup+0x54/0x70
[ 2344.571865][T12969]  ? memcpy+0x56/0x70
[ 2344.575686][T12969]  f2fs_fill_super+0x23bc/0x6dc0
[ 2344.580472][T12969]  ? kill_f2fs_super+0x3c0/0x3c0
[ 2344.585233][T12969]  ? set_blocksize+0x1cb/0x360
[ 2344.589836][T12969]  ? sb_set_blocksize+0xa8/0xf0
[ 2344.594529][T12969]  mount_bdev+0x282/0x3b0
[ 2344.598687][T12969]  ? kill_f2fs_super+0x3c0/0x3c0
[ 2344.603464][T12969]  f2fs_mount+0x34/0x40
[ 2344.607455][T12969]  legacy_get_tree+0xf1/0x190
[ 2344.611966][T12969]  ? trace_raw_output_f2fs__rw_end+0x110/0x110
[ 2344.617956][T12969]  vfs_get_tree+0x88/0x290
[ 2344.622206][T12969]  do_new_mount+0x2ba/0xb30
[ 2344.626547][T12969]  ? do_move_mount_old+0x160/0x160
[ 2344.631498][T12969]  ? security_capable+0x87/0xb0
[ 2344.636197][T12969]  ? ns_capable+0x89/0xe0
[ 2344.640350][T12969]  path_mount+0x671/0x1070
[ 2344.644609][T12969]  ? user_path_at_empty+0x14e/0x1a0
[ 2344.649634][T12969]  __se_sys_mount+0x2c4/0x3b0
[ 2344.654150][T12969]  ? __x64_sys_mount+0xd0/0xd0
[ 2344.658750][T12969]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 2344.664653][T12969]  __x64_sys_mount+0xbf/0xd0
[ 2344.669076][T12969]  x64_sys_call+0x49d/0x9a0
[ 2344.673413][T12969]  do_syscall_64+0x3b/0xb0
[ 2344.677666][T12969]  ? clear_bhb_loop+0x55/0xb0
[ 2344.682183][T12969]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2344.687919][T12969] RIP: 0033:0x7fe0b7f7e69a
[ 2344.692248][T12969] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2344.711691][T12969] RSP: 002b:00007fe0b8dcee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2344.719936][T12969] RAX: ffffffffffffffda RBX: 00007fe0b8dceef0 RCX: 00007fe0b7f7e69a
[ 2344.727745][T12969] RDX: 0000000020000040 RSI: 00000000200000c0 RDI: 00007fe0b8dceeb0
[ 2344.735563][T12969] RBP: 0000000020000040 R08: 00007fe0b8dceef0 R09: 0000000000000000
[ 2344.743370][T12969] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200000c0
[ 2344.751405][T12969] R13: 00007fe0b8dceeb0 R14: 000000000000552d R15: 0000000020000100
[ 2344.759236][T12969]  </TASK>
[ 2344.782327][T12969] ================================================================================
[ 2344.791556][T12969] F2FS-fs (loop1): Not support 32, larger than 256
[ 2344.996993][  T317] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2345.177582][  T317] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[ 2345.186575][  T317] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2345.194545][  T317] usb 4-1: Product: syz
[ 2345.198543][  T317] usb 4-1: Manufacturer: syz
[ 2345.202924][  T317] usb 4-1: SerialNumber: syz
[ 2345.217167][  T317] usb 4-1: config 0 descriptor??
[ 2345.478401][  T317] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[ 2345.492072][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 2345.497082][  T317] usb 4-1: USB disconnect, device number 115
[ 2346.796954][T10833] bio_check_eod: 186039 callbacks suppressed
[ 2346.796974][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.796974][T10833] loop2: rw=0, sector=87288, nr_sectors = 8 limit=40427
[ 2346.816235][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.816235][T10833] loop2: rw=0, sector=87296, nr_sectors = 8 limit=40427
[ 2346.829566][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.829566][T10833] loop2: rw=0, sector=87304, nr_sectors = 8 limit=40427
[ 2346.843210][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.843210][T10833] loop2: rw=0, sector=87312, nr_sectors = 8 limit=40427
[ 2346.856709][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.856709][T10833] loop2: rw=0, sector=87320, nr_sectors = 8 limit=40427
[ 2346.870284][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.870284][T10833] loop2: rw=0, sector=87328, nr_sectors = 8 limit=40427
[ 2346.883821][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.883821][T10833] loop2: rw=0, sector=87336, nr_sectors = 8 limit=40427
[ 2346.897448][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.897448][T10833] loop2: rw=0, sector=87344, nr_sectors = 8 limit=40427
[ 2346.910926][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.910926][T10833] loop2: rw=0, sector=87352, nr_sectors = 8 limit=40427
[ 2346.924272][T10833] syz.2.11195: attempt to access beyond end of device
[ 2346.924272][T10833] loop2: rw=0, sector=87360, nr_sectors = 8 limit=40427
[ 2351.806938][T10833] bio_check_eod: 275617 callbacks suppressed
[ 2351.806962][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.806962][T10833] loop2: rw=524288, sector=86584, nr_sectors = 8 limit=40427
[ 2351.826671][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.826671][T10833] loop2: rw=524288, sector=86592, nr_sectors = 8 limit=40427
[ 2351.840442][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.840442][T10833] loop2: rw=524288, sector=86600, nr_sectors = 8 limit=40427
[ 2351.854255][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.854255][T10833] loop2: rw=524288, sector=86608, nr_sectors = 8 limit=40427
[ 2351.868052][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.868052][T10833] loop2: rw=524288, sector=86616, nr_sectors = 8 limit=40427
[ 2351.881845][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.881845][T10833] loop2: rw=524288, sector=86624, nr_sectors = 8 limit=40427
[ 2351.895648][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.895648][T10833] loop2: rw=524288, sector=86632, nr_sectors = 8 limit=40427
[ 2351.909434][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.909434][T10833] loop2: rw=524288, sector=86640, nr_sectors = 8 limit=40427
[ 2351.923319][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.923319][T10833] loop2: rw=524288, sector=86648, nr_sectors = 8 limit=40427
[ 2351.937125][T10833] syz.2.11195: attempt to access beyond end of device
[ 2351.937125][T10833] loop2: rw=524288, sector=86656, nr_sectors = 8 limit=40427