last executing test programs:

15.581268391s ago: executing program 3 (id=2949):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
getpid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')

12.679174294s ago: executing program 4 (id=2959):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc222, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1000, 0x6, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x3}}}}}]}}]}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="09000000070000000000010003"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.events\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1f, 0x8, 0x4, 0x7cb4, 0x40000, r4, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg(r5, &(0x7f0000000780)=[{{&(0x7f0000000580)=@l2={0x1f, 0x4d9, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf}, 0x80, &(0x7f0000000340)}}], 0x1, 0x40000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x1, {[@global=@item_012={0x0, 0x1, 0xa}]}}, 0x0}, 0x0)

11.727997288s ago: executing program 3 (id=2964):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000020000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)

9.913727094s ago: executing program 1 (id=2971):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x1000000, &(0x7f0000000300)=ANY=[@ANYBLOB="00dae905dc2a8504b395c1043ead5fc99faf525bf20a43754536a4f00e7f0b4064df95abd5c9ba8ebcafe2c58a80945a2ae5d8d4a8821ad62118ab2fa92a3247a8dfa30198d6609ef6edddbfadc8485dd1d6eaada0017df98a6e1ab770bf851dc92c031844ef03e52044dc95bb1391d45fde66f173664dfa781c33376f661af0e0da7e30322472c94017d9faefdd390023ac290b47cd0ffa59b5359c5c992bf52f89f352c6c9df218c807043af27e9bec80ea65d0f6b0d115a36f5b0ad56c25f81d5f4af29236173c2"], 0x1, 0x551a, &(0x7f000000df00)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+NhjYf1q02vu2sjcoY0vY4x5XFJAmKCAH0kIaoAZySwkRRHgcAhGKInmwlej7JDPYmB9vEBxmRhoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4pLtqNb/5/+uqbc52106e3gAAAADnbKrVvH4yTedfmuvfmks/mvMiIsqIODd2H8ToJHPQ5FTP918f31+9qOE2ok7Yf8a4OT5HxO/mePh+6W8BAAAAPq71YjlLo/X0MO27ILqUJm3Kr38y5RURUU3vM6WV+7yfmcLq3/cw/mVKqyewJpnC0pTbMFfam9R/98Os3eSoKVJTnn3bochsfQcAADo0OGm6HYUAAADQpb99F0A/inhayjwsBY5T0yzvfTo5AwAAAN6hou8CAAAAgAxGr75aj/872v9vZ/8/AAAA6Efa/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBL2lSr+XqxnLXN2e7aydMbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe2Z93FAiBMAiDves7k7n/YaVBU1OTKhA+/sZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDe/+8v/ialxJpl7bSw9jyRrp8bWqbF3bhz9YXz9GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBif15SIASCIArmjP+d9P0PKwl6BhEioOFRRS0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgi373y/+JqXEmmTttLB2PJGtXja2rxt6DxtGD8fZvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBi535+o6jiAIB/Z2dna1FjraaHGqOJB71IWRDkZjxoGg/+CSZNWbCy+AN6EEKMvXgzPXMxejTGRFNv/A+cIeGCNw491MQzZmZndgeoYRWYWejnk7x5351M3vu+2YTwnTdbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjsvj+J0/ywMIo75bnre5fX8/7GPX3u6vbN5bzlcdJk0k+GV+sfkqVxuNdGMgAAABwMaVXfR8StbGc17zsLRf2fVdfkNf+Pz4/iqp6/t+6v+qr2z9sfv99+eTzRwmiefNDTG8PBkftT6T6+Vc62Fx54Rbe488Wzl7T4Qjofbb20mxX3M/n+2rUPekU410S2AMD/cbjqy6D6/1De99tMDIADo1srvKv6P11oNycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJuxuxbNVnETEcncS527sXV7fr7+6fXO5aieuXNmObydj5kNkEXF6Yzg40uhqZtuFi5fOrg2Hg/PNB69FxOMYeS4iHnTNe+Xyz34yxYARrdwfwaMJ7syVX/aM5POEBC3+owQAwFMpK1te19/Kdlbzc8lixJ2f7q7/36zFMWX9f/vTE9frc9Xr/35jK5x9K5vnvly5cPHS2xvn1s4Mzgw+f+do/93+sZPHj59cKZ6VrHhiAgAAwMPpla1e/3cW79//P1SLY8r6/6sf+t/U50rV//uabPq1nQkAAMDB9uLrf/+V7HM+6fXi67XNzfP90XH8+ejo2EKq/9lc2er1f7rYdlYAAABAE3a3krv2/0/V4phy//+5n1/5tT5mGhHz5f7/4fUvhqeaW85M+5df/87HI/w5cdtrBAAAoF3zZavv/2fF+/+d8SsPnYh4641RXP4ZwKnq//TD736pz1V///9Yc0ucSZ2l0f0o+qWI7lLbGQEAAPA0e6ZsebH/Z7az+tlvhz7uef8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGn/BAAA//+M9j2Q")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x42000773)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
symlink(&(0x7f00000049c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000059c0)='./file0\x00')
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
close(r3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mincore(&(0x7f0000f0c000/0x3000)=nil, 0x3000, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x4, 0x1, 0x34}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

9.518028s ago: executing program 4 (id=2974):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
r2 = syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000440)=ANY=[@ANYBLOB='shortname=mixed,iocharset=iso8859-=winnt,uni_xlate=1,uni_xlate=1,nonumtail=0,utf8=0,errors=continue,utf8=1,check=strict,iocharset=cp855,utf8=0,iocharset=koi8-u,codepage=857,utf8=0,rodir,shortname=win95,\x00'], 0x6, 0x2d4, &(0x7f0000002a80)="$eJzs3T9rZFUUAPDzkjdvZlWYKaxE8IEWVutmW5sJsgExlUsKtdDg7oJkgrALAf/g7Fa2NhYWfgJB8IPY+A0EW8HOVRauvH/MSzKJO8GJaH6/Jod7z3n3vJdL8lLkzgcvHh7cKePeo89/jtEoi41pTONxFpPYiM7DOGb6VQAA/2WPU4rfUuPMpOdOD2URMVpvawDAmpz9+7/sxfki/OHSWgMA1uT2O+++tb27e+vtshzFzuGXR3vVX/bV12Z++158FLO4GzdiHE8i6heFQdRvC1W4k1Ka52VlEq8czo/2qsrD939sr7/9a0RdvxXjmNRDKaW8C9LOm7u3tspGr35e9fFMu/60qr8Z43i+Xb99W+nqby6pj70iXn251//1GMdPH8bHMYs79dqL+i+2yvKN9PXvn71XdVXVZ/OjvWGdt5A2L/UbAwAAAAAAAAAAAAAAAAAAAADA/9r19uycYZSTP5szANvzdzafVPODKDuT4+fzNPVZd6H++UAppXmKb7vzdW6UZZnaxEV9Hi/k/YMFAQAAAAAAAAAAAAAAAAAA4Op68MmnB/uz2d37Fw6uxWKkOw0gj4g/bkdc9MrT3shLUQf5Wa0O2zX3Z7ONNjyek/dHYrPLySLObaO6iYs/loNVkq+d6rkNvvt+1dVHf58zWL7WPxl0u+tgP1v+DIfRjYzaTfJNEb2NVMRTrlWcNZVile1XLJ0ar3zvxbN1MD8nJ7LzGnv9l+bJtSPZybso6qfajLw2aHLbqUGb0ys/sTeeaj/HqCk//bMic1oHAAAAAAAAAAAAAAAAAACs1eK/f5dMPjq3dCMN19YWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFyqxef/rxDM2+KTU/GwGe8lF3H/wb95fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwNfwUAAP//ThJUUw==")
sendfile(r0, r2, &(0x7f0000000240)=0x4, 0x60a0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmmsg$inet(r3, &(0x7f0000003640)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x50}}], 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000"], 0x0, 0x53, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
getdents64(r1, 0xfffffffffffffffe, 0x29)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000040)=""/3, 0x3}, {0x0, 0x3}], 0x2, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd29, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4040)

8.376873127s ago: executing program 4 (id=2976):
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0x4800}, 0x10)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0x0, 0x200})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000001, 0x5, 0xfffffffffffffffe, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.317796198s ago: executing program 4 (id=2977):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000500)={0x1, &(0x7f00000007c0)=[{0x7, 0x2, 0x7, 0x3}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00'}, 0x18)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000080)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x9)
r3 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$MON_IOCG_STATS(r3, 0xc0109207, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000000000000000}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f00000008c0)=ANY=[@ANYBLOB="18060010fe5dfca956c315b8e0dd00000000000000000000000800180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000386f5e708737e7088712b07945cdd25d1bce46a6fdb75b4bfe68b24981c07e26fd23172a60f8a8a091aee8abb388bcc3f69b67ae79f841db5c81a265f7e"], &(0x7f0000000300)='syzkaller\x00', 0x40000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf, @void, @value}, 0x94)

6.193005979s ago: executing program 1 (id=2980):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
llistxattr(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18)
ioctl$EXT4_IOC_GET_ES_CACHE(r4, 0xc020662a, &(0x7f0000000580)={0x8, 0x5dc7b2f2, 0x7, 0xf126, 0x9, 0x0, [{0x1000, 0x9, 0x5, '\x00', 0x202}, {0xfffffffffffffff9, 0x4, 0x4, '\x00', 0x1403}, {0x5, 0x6, 0x9, '\x00', 0x2d82}, {0x7, 0x6, 0x7fffffff}, {0x7, 0x8, 0xb}, {0x4, 0x1, 0x7}, {0xffffffffffffffff, 0x80, 0xd1f5, '\x00', 0x2502}, {0xac58, 0xd5, 0x2, '\x00', 0x4}, {0x81, 0x5, 0x5, '\x00', 0x1103}]})
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000009c0)={0x0, r5, 0x0, 0xfffffffffffffffd}, 0x18)
r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000008)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x80, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x4360}, 0x8, 0x10000007, 0x80, 0x0, 0x1, 0x101, 0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000800)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c000280140003002001000000000000000000000000000114000200fc020000000000000000000000000080e7b12ec32cc1a7854598c2c8407eb23fa217157ab6e45c914a0a8379fde64c9435d454f319128c1759f1f6c3b3200cc6dd13d253674c6b7441317b93d0f5242af76fabd9e9e296af528d02de7b0de22b5b9864fc7bdcfdaeea0c164ff1096583a3717dedf99cba74d48e5527cc8033a4be14b9bc19f46d3a9553e046ed"], 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x0)

5.358910692s ago: executing program 0 (id=2981):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r0}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x1d, &(0x7f00000001c0), 0x4)

5.335214302s ago: executing program 0 (id=2982):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(0xffffffffffffffff, 0x4068aea3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
fsmount(0xffffffffffffffff, 0x0, 0xf0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4800)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10)

5.092836055s ago: executing program 4 (id=2983):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c40))
unshare(0x64000600)

4.234478828s ago: executing program 1 (id=2985):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000009d02"])
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.908433923s ago: executing program 1 (id=2986):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
r2 = syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000440)=ANY=[@ANYBLOB='shortname=mixed,iocharset=iso8859-=winnt,uni_xlate=1,uni_xlate=1,nonumtail=0,utf8=0,errors=continue,utf8=1,check=strict,iocharset=cp855,utf8=0,iocharset=koi8-u,codepage=857,utf8=0,rodir,shortname=win95,\x00'], 0x6, 0x2d4, &(0x7f0000002a80)="$eJzs3T9rZFUUAPDzkjdvZlWYKaxE8IEWVutmW5sJsgExlUsKtdDg7oJkgrALAf/g7Fa2NhYWfgJB8IPY+A0EW8HOVRauvH/MSzKJO8GJaH6/Jod7z3n3vJdL8lLkzgcvHh7cKePeo89/jtEoi41pTONxFpPYiM7DOGb6VQAA/2WPU4rfUuPMpOdOD2URMVpvawDAmpz9+7/sxfki/OHSWgMA1uT2O+++tb27e+vtshzFzuGXR3vVX/bV12Z++158FLO4GzdiHE8i6heFQdRvC1W4k1Ka52VlEq8czo/2qsrD939sr7/9a0RdvxXjmNRDKaW8C9LOm7u3tspGr35e9fFMu/60qr8Z43i+Xb99W+nqby6pj70iXn251//1GMdPH8bHMYs79dqL+i+2yvKN9PXvn71XdVXVZ/OjvWGdt5A2L/UbAwAAAAAAAAAAAAAAAAAAAADA/9r19uycYZSTP5szANvzdzafVPODKDuT4+fzNPVZd6H++UAppXmKb7vzdW6UZZnaxEV9Hi/k/YMFAQAAAAAAAAAAAAAAAAAA4Op68MmnB/uz2d37Fw6uxWKkOw0gj4g/bkdc9MrT3shLUQf5Wa0O2zX3Z7ONNjyek/dHYrPLySLObaO6iYs/loNVkq+d6rkNvvt+1dVHf58zWL7WPxl0u+tgP1v+DIfRjYzaTfJNEb2NVMRTrlWcNZVile1XLJ0ar3zvxbN1MD8nJ7LzGnv9l+bJtSPZybso6qfajLw2aHLbqUGb0ys/sTeeaj/HqCk//bMic1oHAAAAAAAAAAAAAAAAAACs1eK/f5dMPjq3dCMN19YWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFyqxef/rxDM2+KTU/GwGe8lF3H/wb95fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwNfwUAAP//ThJUUw==")
sendfile(r0, r2, &(0x7f0000000240)=0x4, 0x60a0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmmsg$inet(r3, &(0x7f0000003640)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x50}}], 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000"], 0x0, 0x53, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
getdents64(r1, 0xfffffffffffffffe, 0x29)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000040)=""/3, 0x3}, {0x0, 0x3}], 0x2, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd29, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4040)

3.719815676s ago: executing program 3 (id=2973):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x298, 0x1c8, 0xffffffff, 0xffffffff, 0x100, 0xffffffff, 0x1c8, 0xffffffff, 0xffffffff, 0x1c8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev, [], [0x0, 0x0, 0xff000000], 'batadv0\x00', 'wg1\x00', {0xff}, {}, 0x6}, 0x0, 0xd8, 0x100, 0x0, {0x0, 0x4c00}, [@common=@inet=@tcp={{0x30}, {[], [0x4e22], 0x0, 0x0, 0x2, 0x1}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xff0000ff, 0xffffffff, 0xff000000, 0xffffffff], [0xffffffff, 0xffffff00, 0xffffff00, 0xff], 'veth1_vlan\x00', 'lo\x00', {}, {}, 0x67, 0x49, 0x7}, 0x0, 0xa8, 0xc8}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f8)
ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00060000"], 0x1c}}, 0x8000)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.587713807s ago: executing program 2 (id=2987):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(0xffffffffffffffff, 0x4068aea3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4800)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10)

3.41253234s ago: executing program 4 (id=2988):
syz_usb_connect(0x0, 0x5a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b01020301090248000100000000090469", @ANYBLOB="32b683adf11f83220156c564000400000000000089c5"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="6400000002060103000000000000000000000000050001000700000016000300686173683a6e65742c706f72742c6e65740000000900020073797a30000000000500040000000000050005000a00000014000780080012400000000005001500", @ANYRESOCT], 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000ff6000/0x4000)=nil, 0x4000, 0x1000001, 0x12, r4, 0x83a28000)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000280)={r4, &(0x7f0000000480)="70e4c0a2c3d56bc473bb469659f0f5bcca0cace99144d12c593c67bfb8f33e6655b76b3b05a189ed984ae42fbeebdd864b676fc499976d5533c4f39b491a8ae67f2a3c55e68b2e5605dd742e77b151cde1f57992a8baa587e0eb838cf4d1ec2fa8b2b283b24b03a820b0460238dcc53b1109bfaf157bb9d158474f76bf5f806c8591c4e738661ee45fedf7", &(0x7f0000000240)=""/8, 0x4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
inotify_add_watch(0xffffffffffffffff, 0x0, 0xc3000d7c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = socket(0x10, 0x2, 0x0)
setsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4)
write(r6, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)

2.969613386s ago: executing program 0 (id=2989):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newlink={0x2c, 0x10, 0x1, 0x170bd27, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2100}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

2.954055137s ago: executing program 1 (id=2990):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000020000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)

2.539369603s ago: executing program 2 (id=2991):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001f80)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24b8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c027518c669760500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193a05008cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f1cd086058d139ce528425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c47314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829bea46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406400b3b1c321cc158dbe17123eace30000000000009ea77cb4d3ca892600000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b67563e40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c070000000000000422ae2c148d444dd437a7d2f5e575009bc2d17a199802409329dae8baa58d3de63ad45328a9d4dc1ace543dfe11913c6c6413f8f7a15657d012fea460bb4656a20df1ba26932b0ef49f8ea88d7b4c1289314ba789661640f1b5d7cbae103fa95b0035f1e8e866207d4796eab0992704f9e00be4b1af8dfa9e94ad74e607ea9d7d7a95ed5a15429426abbed8d2c657018305c6f9e5159a5453f958991a908ff4cb2e8cbccb1d3c8daf754e4b01b2edd023e5bfdf293bd28fc1f8885f6edd5a715df4d180247feb08e9e2e5126c48be6098e711f0d86de5d76fdccae34eef9197c32ab4e6fcb52eb9ce18fdb621a75913a97254d783778203ec0bd1a8859683e1d01da4e81fb73bb3b358340a0310bf5ae17b917208da607fd7b125cf99fd3e9056f5184df7570ede94b736ae354b5b8ae2cc473b455f2f86d47c69027676bf1141f316b0f278f1692406572ee82766f8e5ff1cfec2a7a6cab7d0f2582a877c9bd4ca81089373f738d02e6bb4d3df30ac0f041e51ad36e1ff140812baf54b80635cc80963c8f69fa4506f7a30c99d3e538cc0aeafcad86ead38ed949aa3c204aea50e5e0039f01b82595b7dc921a8acc1f76340f060cc9a3acad3451c17dc9b5ca5d10a0cb1708592d1900a046f33761d50895febd9fd58cb132989766cf7c252d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x56633bd1cf1d94b2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000280)={'wg2\x00'})

2.291012836s ago: executing program 3 (id=2992):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000500)={0x1, &(0x7f00000007c0)=[{0x7, 0x2, 0x7, 0x3}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00'}, 0x18)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000080)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x9)
r3 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$MON_IOCG_STATS(r3, 0xc0109207, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000000000000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r4, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f00000008c0)=ANY=[@ANYBLOB="18060010fe5dfca956c315b8e0dd00000000000000000000000800180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000386f5e708737e7088712b07945cdd25d1bce46a6fdb75b4bfe68b24981c07e26fd23172a60f8a8a091aee8abb388bcc3f69b67ae79f841db5c81a265f7e"], &(0x7f0000000300)='syzkaller\x00', 0x40000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf, @void, @value}, 0x94)

1.758233414s ago: executing program 0 (id=2993):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
msync(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x200}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f00000004c0)=ANY=[@ANYRESDEC, @ANYRESOCT, @ANYBLOB="7e7e610c93a44cbcc15a63501e649ac74c8e1af526759adbbadcf2dcba3435753935a560fa01238ddfd4de52b34a12f278407b70eb144f621e67862b934748a56754b08150a78a7a564ce6f30b5a123e4648774287490e7e116e632db8eb1d2aa6c00865e2524d1850c108d25fe17ae7a895241596f56892d9b2a3e165312d2770f31c952001f8e6fab9a93d2f36bed05a9616756eee46375ad64a9611d0383de07e6a576eb6622a641eb657fd8d135e4a0b7ff7b8086d27ee89e0a7eb3523c39845f2cbd080d52a2746", @ANYRESHEX=r0, @ANYRES8=r1, @ANYRES16=r1, @ANYBLOB="2924acc21d183c75542a9ab8d910f7a63fe42d948ddc09996a2863dfa38dca5d4c75de00bd801c6ab04f3f0e29ee3cf2850faa98612858bc8cf83248ae4ac9708a44ece388f31503ee939ef59d01e374c5bc80a6d5e3080db3465c24306cb633bc57b8e0acef4087c73c75901475b83528f7e5db392948c0cfe13e9d0e3d4f3de09d7bf6336c670b0eeb2ff6a4fe17385d874d43686e0d94fee3b21da7edb551a5e931d7eb6982caec79fd826a7f87b60eb05c60d637e86a38127422cf51af206d3a07abadfe272d415657750b438fb927c81d", @ANYRES16, @ANYRESHEX=0x0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff070056060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded85d3cdd66d9c79f0529d045625b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c700e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd57c9150bfb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee5000000000000000000d91c6da09fa7cdbbf16d4780d8c2401c55aff772aced3ff966ff76d796c171f5f7a31e1b14b0c0c712c0fdd2710f37a3d15710d68e7326a7db043c57784bd9bdb047db75"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
add_key$user(&(0x7f0000000180), 0x0, &(0x7f00000002c0)="d1c26b1635b771fbb5278cf9c941e3f73ecf66", 0x13, 0xfffffffffffffffb)

1.435610959s ago: executing program 2 (id=2994):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r3, 0xae9a)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0x4800}, 0x10)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0x0, 0x200})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000001, 0x5, 0xfffffffffffffffe, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.146317213s ago: executing program 3 (id=2995):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
getpid()
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)

1.069131604s ago: executing program 2 (id=2996):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000003c0)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000009d02"])
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

971.799546ms ago: executing program 2 (id=2997):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000740)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r4}, 0x18)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x4, 0x0, 0xe4}]}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@nouser_xattr}, {@grpid}]}, 0x3, 0x460, &(0x7f0000000780)="$eJzs3M9rHFUcAPDvTH70t4m1/ugPNbWKwR9Jk1btwYui4EFB0EM9xiQttWkjTQRbilaRepSCF0/iUfAv8CB6EfUkePGgdykU6aWtIIzM7kyz2e5uk3STjdnPB6Z9b+fNvvfdN2/3zbxOA+haQ/kfScT2iPgjIgaq2cUFhqp/Xb96fvLG1fOTSWTZG38nlXLXrp6fLIuWx20rMsNpRPpJEnsb1Dt39tzJiZmZ6TNFfnT+1Lujc2fPPX3i1MTx6ePTp8ePHDl8aOy5Z8efqTtyf/9K4szbdG3PB7P7dr/y1qXXJo9eevvnb5Iy/ro42mSo1c7HsqzN1XXWjpp00tvBhrAsPRGRd1dfZfwPRE8sdN5AvPxxRxsHrKosy7JtzXdfyIANLImlljxZfF8AG0P5Q59f/5bbGk091oUrL1QvgPK4rxdbdU9vpEWZvrrr23YaioijF/75Mt9iefchdn63Sm0CADa27/P5z1ON5n9p3FdT7q5ibWgwIu7OJx8RcU9E7IqIeyMqZe+PiAeWWX/9Ismt85/0ckR88fuKoru9fP73fLG2tXj+V87+YrCnyO2oxN+XHDsxM32w+EyGo29Tnh9rUccPL/32WbN9tfO/fMvrL+eCRTsu925afMzUxPzEncRc68pHEXt6G8Wf3FwJSCJid0TsafYmm1vXceKJr/c129cs/r6lNL4N60zZVxGPV/v/QtTFX0par0+Obo6Z6YOj5Vlxq19+vfh6s/pv3/+rK+//rQ3P/5vxDya167Vzy6/j4p+fNr2mWen535+8WUmXi8HvT8zPnxmL6E9erTa69vXxhWPLfFk+j3/4QOPxvzMWPom9EZGfxA9GxEMR8XDR9v0R8UhEHGgR/08vPvrO0uNP17z/p5bV/wuJ/qh/pXGi5+SP3y6qdLBV/I36/3AlNVy8spTvvxbNuZFl2R2czQAAAPD/k0bE9kjSkZvpNB0Zqf57+V2xNZ2ZnZt/8tjse6enqs8IDEZfWt7pGqi5HzpWXNaX+fG6/KHivvHnPVsq+ZHJ2ZmpTgcPXW5bk/Gf+6un060DVp3ntaB7Gf/QvYx/6F7GP3SvBuN/SyfaAay9Rr//H3agHcDaqxv/lv2gi7j+h+5l/EP36r39M/zAxjO3JVo/vL/ixL/FfyDQ/neWWA+JSNdFMyRWKdHpbyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID2+C8AAP//E8nlDg==")
syz_open_procfs(0xffffffffffffffff, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000a00)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bd98dbb2ab76919ba5c1020e80bd0659e82d861dc6fe4c62639134c504aa438689", 0xc5}], 0x1}}], 0x1, 0xc0)
write$UHID_INPUT(r0, &(0x7f0000001780)={0x8, {"d99abce8bf878fbdc1e2880574c996d188c2098e5cd05e141c84a9fa7715eaa6f4eb2274c962d9ab4a63f1c49c2493e66dc32e20513f2c1d6d8d575a48c1610c82623e557e8f2a788d1ede446cfdbcc06278f39988a71f47b2dde0274c59f9064d17574698774426e4f21ccd86d54c8f74b5937b16909dbfd9511beca3a86e76c002e5565c7d3f07e09cdb11a223543e8b95420ca562dfa1bdb92220db81fa8110fe02f7abd4bb7d33c69209b665544bd28d73b04a7da2318a89deab7ac6dd0f3d3789e6a39db065b2b8bcbcb6ab2efa2a0da04a43382bd3c748694b27efa32ea1b7c9e90a0a93bf215345df252ecb7a6bd497f75e700fd95810eacaea6ee9948cf1495b431933c8d3ff43e1dd94993b42a2b6628864b50dbec583c5a383ab3cc88130e6fe5985585a9fd04b2257b91a89f259bdd4d8fdb27ea43333eca9af87f98f47cc97ae87bc1fb75a764ac48edbc7149a12262f5ba1dc5f4ce2679d9c379f853e68465e6d6390cc3d22e37595d97cccd7ddce3af698a076c762e668179d08c2cefb42b39c5017d6bd4801c8e5f55704eaf870d1a45bdaea16a97ce1060535b5d2579e2db23b76531094daac5be119be79e72462d28b035787b84de9e8777e064e45bdc762f3a4d7fc1df9aa1252a210fbd01448558101598a5f387caea3a6e99fe62275d92831e2cd1d1a4114b76ff47e76b5c1127e24de76dedcf338439048e9bba05765fa85d7cd58e321438bd3e663c11c0605a83b57e15e41df8b8e52759194edaf1f7df5f1873efe01970a8265e487672812ec4856e19f4a84e19a472d78c7cebc7c4cf2a571c01d3680bfcfe1782c686df27fb81041a545ac82687683fc599ab5ec1d846465c1abfe6e24f9a9149b39a4738ae839c7b437cd1c8ac59f41a03fa7e640fc913b64877a4f856137e31f3a6fd109de6e30060a63d56858955a68889a49317ab82e82a738a2697e294f5afebd746519567a5cedd4b3a8f87105115e6989b67d1f250e8d9a795d2d118265d65b863b45c0c39fc56721d3558767584e544f351edd6b2c828cba3939e9f64449011696e25302a89e15c224b671eb294a713f4644b6e82c44303e0bd104f833384388ef836382481ec13080c35dcc075fcd6cb760f713980a70d9b69bf2c0d5cd1883e7c55f3dae2da23038c14b4fef91fbe7333f8d3507cd15fe4c6edf24d637dd96d45ddc705c2f07ca0cb1193dbb469c35c57efcf11f3adfe8c50b2de685be50c3abe3072a0944573a37a5298f12f4bffccd2ab884e90cf0e8a57d1f5c16793d5a65e42fc5270e36024815a8047bcdc12bf0c138e47aca993f9c7cf3a88198e43c2691c69b9620436f41eebc9295b96c21043157785ed183ae2f75cf4ed44c5502292d45820b76a5388220fb0cc51972ac9d120308c568ab5d79d73f80d829f2af2a203486e70e8992efee0b409572fb3d8ceaf2e7dc55faf6dbe32f59108c1cfd429dcc6f35162da8bc11204ab5fb9b362dc77f817bf33014d391bf2ee04fb44e6d11ea574c14b81380a03ad9e24aa741b4ca937c58ef4259a02c40c205b0a4790c11b66c11fa05598f94589ac52d9dd81cac2a34547d73939ef315da5ac14c44701d5f5b33fec66d3a3b9cc1d334decdb99d6a46280bdc61bd9d8ab1f73b07ac45240b57cf6ded8b2fd2f6e72bd2f5894c0b56f0e35d8ef5d1298dd56ce8bf41e30002de29274d01b620794d42368401c08af68847948f6869ea0258cc3a2cf7093ef90bb02ced0e73ceb6708e7b3395febb68aa0986c52b99ba031a4634ea7c8a0c420913293d13b60e32a8087273242ae34eb72d20b0f210193d653f52e66057e3644fd5b108a2ee4ce941b87a15d37b62c2dafcd08f8ad5cd9485201181d67bed8a1f47e31403695af9177c349fe96c4b7d17dad9cef14c69977f22e4613e2307cc3c1b6db1671012186a0d77f0eabec3f9e2b14238102a938c8bd208b68d5b802f735316aef456fbbf1c39272e03a56831f765a3d77d082dfb718febb8c69319da1874cb3b142309ec7943f3233bebd3591224e46c39fa0ef7cc1e0969cae6297bb320eb289ba7eb66481c081d85bfe0f221190810130ce306ff0b92fa30e4c8b400cd9ecfc60e937a154c8b37fa21c2c3e318a114938c922bcde9cbd5987a2e8090b83f880d4042be7ee8085fda3dc3f0bdd4ac68da90a9b7b340ecaf99b6f17ee4d77190f1e1cdabd31eac74eb92ae5cc321595f3718be9bbd8e0d7c3e00c1e4ce51a20811abd1da599e93bd1fe87ff65087f2418ddba9dbd1416fe4c909a0d16425636bbee058aa2cf11e21ee2816efa99115648d4b3f6b28f6297432888b322ff9deebf5224add42866e3ee454db01ab66832a81851529a06bed759b1590bf7e0b1db7581d4306debc372c6c9026953207b624db4163cbf12ae76c2f4da23f6b0d293dfbcd52a8bcfabce18577115ed030947ec68fbcc5c00a684d8ea31f3b2620df754b4fa9a5d934e960b4cd4e0edd0ba9008c639844725054377c1e2d1a9250052d44658279579fdf5522a3d11e64ee47355a36cd182a67a84943db40a11ae521ad1ffa09f6f9eac5ee7024ad79c57966d9f9dce425770d4ba37d2a8cba0df00e67d206cf2e2939c1a37afa696bed5416cda2cbaeeb218d8810472c2b880979c506f89c0d51e344b4940eac5857ff85d5567cd71ebde97fd87e79d18d66c45b99b853da358123a20cfdf0954a662fff8869c1c3b6d0fe530845bad1defa488f7b8794dc7f2da6d50ad7e2e692a79a57da0f04c2b5c229c21d7650735d62b0a0b91e34ed59cdd8681ad22bf34784f1ae453a688f5add7bc4b1493d06a684b2e6df88d5c24ed8fee8396cf3f7d416a0caf85d7e784b1b35c5ecb0f3cda86783a847be239650128765738f234f78403e77bd3e27525c4f986009aa3b4c1f843f4f16e3dc459d163433852d0923ce62ba23f534ba020109028ce5f6d238d9ad4664482ce78d57fa72034446c540ed6fd2af04a2f465329c18f50f5a1da87bfa242ddd230de4892dd32aed634e0a1de95cb5e29f96a153c192d0f34d4b002a3c2e7015c7384a83f1dc96f3c411272d51871dbad1d01175f20f311e4bfeb17919b7d1079a14929d106f9110282e39c82f823bd008623db7506e16bad3e082b8f7cdfdc398f05c6ce1b447e40b9e676207f3c5054769745982c402dd4d5ab625767ed0993b5cb26d9c64e903959d180752eb3511610eebebef44ec5ed48283b75222be82507ac17f29d76cf258401a62db6f39cd22008661413c6fd2a3dcc58fe34d68b5b80c79fa194a54428f214dabefb5d3cedd72990a5e219d8113d1285ef4829a99418363a7da3deced99c42147b6b9f064d59080d1c94ac63ac164f35a80c0d7dc480776df893cf74a32feeec7dfe86b63385adbfdb4947b74303f8eac37ce7e63019aa0984dab57be6372f879f0b5954a0fa41c6ffaff283a71ee9de23a4196858dd89f409f2cd1d49845671d676ecd9faa66c37dbe9ef7a2585459c2d1a94741c8a5708f9b9423abc88039dab77da3543f700e1a56608cc65ddc2ccd27628d7e59219ef67c25d100cde2a51d5576063a5afe12826bf06d2ebd677c1350e166bda53e8d1992c44ec340bb142b51aafdce86123084a9ebf4e242cc9d7c137b2857021059543aaa5741fd96234a819193a21d48675776ddfb9d7f95c8d25dd5945ba49fc17109465a09740ba53fffbe7bf717bace7edc9f299ce0676c88ca5f00ae876be093592fbe555d11dc3399f77d16039b64c677ea45a2867e1d72062fff4f407df7f132e819a97d540df1675bc4b21e049ba99ada904d919c4ba6c054fec2329cfb16e2fd436e00b1dc0db4e9463879f20a3c58943b2cf141c06241954bf1ac8feff051e88b5bf06371421f878be6d86af932216c8771f6c9ab750928926a8c8af300f7ec5351d8850a7d54441c5e4e6a979105ae431cfe7f5bbed4277ea04eec9b22f1fd01955cf72fab958cb26f20e3f5dd87a87e22a3c3740cf84e6d95bee37f1138f0d00081aa2fa570d98070c17769dc193d87a49cb4bc9ac8512bcefecfb503bc60e0913b989d1bbd93e7f66a908bb0b5f5a42f8bf7c2f861bd40cb72d93af856499282dcfac947f7042c23ae0ecd22cfc902623223a0c08101ac36237d967d10cc2cd5c3d32a0c27d9fedcc1d9885613cf692d7aa5b3027401f5053681ab75e686c72a11b2e40160b0b8d352b26ec561a83805d2f30c5ccd8cc68f3ff0d194784fde6d2ae008a04aadf8844b878ca485cd5cbc9b7f0fa9119dea8d80780247dd782aebe3ef429b2b9e73a10fa8faedff1f27c440766845beeacaaa36eeab36bdd782dc62669cc32da1c62807126a5ac0e99f59eab6b90055ddcd7b1490729171aa5347a3dc9e2c899ba2ad06cdfed671c5b72eddad775607fd57da925f6de601ea3d558641d11210ce8b85cd115221f4298e9ef8b7abedfc24508c34f7a91d7404b8e5eba02213a25f8bc7dea25de3e34a2cd54e7a77ddc3205c2f33086208cc270a00f8566d225214a4c97e8ad40c5b0b6aab6a8ca688e2bc35a27c824b929d6dd8de3820e5b2c0eff80dc0050088151022a8917e3baf61605f3f3f3345c7f51ffe9616af27a5534aa3c92aa4b7497ebef265ec47530ecf49fc39014379be8d9f77d910a8707605d55008911b229d216ec6bb882e9502ef2a60a53d0bbfdceb438e27761c831d2f0423449c412a03cbf803741e23c8dd58799272b7f603bc424c4590bc5cf9d988e1c3a6e60ec393fdf91c4a104e52a7551c062e37f9cef5c3c5168fb4e72bcc9b245ca64529f1739445063bd4e200a6398e6fda726834441ff5bfeb9527634179af93707029d531c6f2275ca85fad1b6210f54aab5eb395d3b44aae7f7e1fe8b644911ea69ce57b4554cba6b5b5f036737de3a399348e906c3c9da54407a8631cc9b29f3207320187429d64d6fb19477001bb6be6fafd56d2a792ffa35bc632b48e830d4e0c551591f78131b9b770a8a70080c746c022c715ab93b63816547ae8cd26be138a998c8df7ccf17fc4aae478fadb868a3d910824e999d86e6c30f6b3a7feb357abd020852449611a827850aaf59363356ed6a353aa662d5526c3138b51fddefa449b888a9f08e00fcc050a77736e441ee955a10c28e4ff3952e97e46c8bd15d731e7cd15ea8a56051c2de9b766ce9394f060ae4a162268a171a52d48ffb776eddcc2f42ebe4fa9a24f28b81e472ba801e3bb46dc1a3aca39478c36b604bdfb17a934255a8be2275bf7d527e50e1e237d1482e66582aa52e886c70105ff02b0b4ec5583b9fbdb955deff5a5876c56e697dc24a70540278804f90ebca6fbc99a0d43dde1a1fe7ce17a1a38895310bdb616b114223d9bf77a8727d9c2bd4bc9ff521bcd7ed37f57fe42df9f37371d70a2405e1c36fa66d5051264766bd471079b8c8bc6a71946912a57a91c915612e73de79d73c64084ba5f104227cc9b4dbfbe07ecb75461450f5275a834935c878bff2173022827017819897f420ae0c77c00604186770fd3e46c2ecf55d9a8a76dfb20960dd311a311017388395ceedaaa6bd4bff42ca74d8b408c6a4ffda6db726f6df0990541734f0c059b29b199e2ee11b6c576b940f8644a188ceee152bd33f4f4e59ff8eb711a970f87c4714c42b4634c6e87172b6cbe7e34e82d018f74da7519e830747879e771bdc1316f541bddc7106c0dea992d9dd0e8b11470cc9b4674f9c1d9b195ecacfc5f9902efcde42f6453fb2c5a760842ac30775d4d3fa1ee6334e0ab", 0x1000}}, 0x1006)

860.646238ms ago: executing program 0 (id=2998):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)

307.529665ms ago: executing program 1 (id=2999):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(0xffffffffffffffff, 0x4068aea3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
fsmount(0xffffffffffffffff, 0x0, 0xf0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4800)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10)

291.489966ms ago: executing program 3 (id=3000):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
r2 = syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000440)=ANY=[@ANYBLOB='shortname=mixed,iocharset=iso8859-=winnt,uni_xlate=1,uni_xlate=1,nonumtail=0,utf8=0,errors=continue,utf8=1,check=strict,iocharset=cp855,utf8=0,iocharset=koi8-u,codepage=857,utf8=0,rodir,shortname=win95,\x00'], 0x6, 0x2d4, &(0x7f0000002a80)="$eJzs3T9rZFUUAPDzkjdvZlWYKaxE8IEWVutmW5sJsgExlUsKtdDg7oJkgrALAf/g7Fa2NhYWfgJB8IPY+A0EW8HOVRauvH/MSzKJO8GJaH6/Jod7z3n3vJdL8lLkzgcvHh7cKePeo89/jtEoi41pTONxFpPYiM7DOGb6VQAA/2WPU4rfUuPMpOdOD2URMVpvawDAmpz9+7/sxfki/OHSWgMA1uT2O+++tb27e+vtshzFzuGXR3vVX/bV12Z++158FLO4GzdiHE8i6heFQdRvC1W4k1Ka52VlEq8czo/2qsrD939sr7/9a0RdvxXjmNRDKaW8C9LOm7u3tspGr35e9fFMu/60qr8Z43i+Xb99W+nqby6pj70iXn251//1GMdPH8bHMYs79dqL+i+2yvKN9PXvn71XdVXVZ/OjvWGdt5A2L/UbAwAAAAAAAAAAAAAAAAAAAADA/9r19uycYZSTP5szANvzdzafVPODKDuT4+fzNPVZd6H++UAppXmKb7vzdW6UZZnaxEV9Hi/k/YMFAQAAAAAAAAAAAAAAAAAA4Op68MmnB/uz2d37Fw6uxWKkOw0gj4g/bkdc9MrT3shLUQf5Wa0O2zX3Z7ONNjyek/dHYrPLySLObaO6iYs/loNVkq+d6rkNvvt+1dVHf58zWL7WPxl0u+tgP1v+DIfRjYzaTfJNEb2NVMRTrlWcNZVile1XLJ0ar3zvxbN1MD8nJ7LzGnv9l+bJtSPZybso6qfajLw2aHLbqUGb0ys/sTeeaj/HqCk//bMic1oHAAAAAAAAAAAAAAAAAACs1eK/f5dMPjq3dCMN19YWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFyqxef/rxDM2+KTU/GwGe8lF3H/wb95fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwNfwUAAP//ThJUUw==")
sendfile(r0, r2, &(0x7f0000000240)=0x4, 0x60a0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmmsg$inet(r3, &(0x7f0000003640)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x50}}], 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000"], 0x0, 0x53, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
getdents64(r1, 0xfffffffffffffffe, 0x29)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000040)=""/3, 0x3}, {0x0, 0x3}], 0x2, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd29, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4040)

164.963267ms ago: executing program 0 (id=3001):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc222, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1000, 0x6, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x3}}}}}]}}]}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="09000000070000000000010003"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.events\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1f, 0x8, 0x4, 0x7cb4, 0x40000, r4, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg(r5, &(0x7f0000000780)=[{{&(0x7f0000000580)=@l2={0x1f, 0x4d9, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf}, 0x80, &(0x7f0000000340)}}], 0x1, 0x40000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x1, {[@global=@item_012={0x0, 0x1, 0xa}]}}, 0x0}, 0x0)

0s ago: executing program 2 (id=3002):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
getpid()
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r4, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)

kernel console output (not intermixed with test programs):

1:2539): avc:  denied  { write } for  pid=6795 comm="syz.2.1774" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  675.412369][ T6817] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  675.935186][   T30] audit: type=1326 audit(1749316758.821:2540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.262682][ T6832] hub 1-0:1.0: USB hub found
[  676.267482][ T6832] hub 1-0:1.0: 1 port detected
[  676.341398][   T30] audit: type=1326 audit(1749316758.871:2541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.378528][   T30] audit: type=1326 audit(1749316759.141:2542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.441785][   T30] audit: type=1326 audit(1749316759.141:2543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.465714][   T30] audit: type=1326 audit(1749316759.141:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.532356][   T30] audit: type=1326 audit(1749316759.141:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.604809][   T30] audit: type=1326 audit(1749316759.141:2546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.680297][   T30] audit: type=1326 audit(1749316759.141:2547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.755235][   T30] audit: type=1326 audit(1749316759.141:2548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.802280][   T30] audit: type=1326 audit(1749316759.141:2549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  676.826657][   T30] audit: type=1326 audit(1749316759.141:2550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6831 comm="syz.2.1784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f6e486e7929 code=0x7ffc0000
[  677.933433][ T6868] syz.3.1795[6868] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  677.933535][ T6868] syz.3.1795[6868] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  677.948534][ T6868] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  678.390208][ T6871] hub 1-0:1.0: USB hub found
[  678.395335][ T6871] hub 1-0:1.0: 1 port detected
[  678.842787][ T6874] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  679.518651][ T6891] hub 1-0:1.0: USB hub found
[  679.523551][ T6891] hub 1-0:1.0: 1 port detected
[  679.675591][ T6899] hub 1-0:1.0: USB hub found
[  679.690603][ T6899] hub 1-0:1.0: 1 port detected
[  679.996878][ T6906] syz.4.1808[6906] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  679.996956][ T6906] syz.4.1808[6906] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  680.214839][ T6908] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  680.713730][ T6921] hub 1-0:1.0: USB hub found
[  680.722127][ T6921] hub 1-0:1.0: 1 port detected
[  680.867539][ T6928] syz.3.1817[6928] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  680.867680][ T6928] syz.3.1817[6928] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  680.882491][ T6928] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  680.991276][  T562] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  681.361361][  T562] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  681.371273][  T562] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  681.380388][  T562] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.403375][  T562] usb 2-1: config 0 descriptor??
[  682.017184][ T6939] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  683.008117][ T6959] syz.4.1828[6959] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  683.008227][ T6959] syz.4.1828[6959] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  683.014553][ T6945] loop0: detected capacity change from 0 to 40427
[  683.103166][ T6945] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  683.121121][ T6945] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  683.221254][ T6945] F2FS-fs (loop0): Found nat_bits in checkpoint
[  683.484008][ T6945] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  683.502165][ T6945] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  683.831284][  T562] usbhid 2-1:0.0: can't add hid device: -71
[  683.837377][  T562] usbhid: probe of 2-1:0.0 failed with error -71
[  683.953759][ T6977] syz.3.1830[6977] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  683.953862][ T6977] syz.3.1830[6977] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  683.968925][ T6977] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  683.996314][  T562] usb 2-1: USB disconnect, device number 25
[  684.003045][ T6979] syz.1.1832[6979] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  684.003144][ T6979] syz.1.1832[6979] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  684.035557][ T6979] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  684.981216][  T562] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  686.461386][  T562] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  686.504934][  T562] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  686.524489][  T562] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.546230][  T562] usb 2-1: config 0 descriptor??
[  686.637501][ T7005] loop0: detected capacity change from 0 to 256
[  686.752023][ T7005] loop0: detected capacity change from 0 to 512
[  686.762043][ T7005] EXT4-fs (loop0): Unrecognized mount option "smackfsroot=/dev/kvM" or missing value
[  687.601260][ T7021] loop0: detected capacity change from 0 to 512
[  687.706644][ T7021] EXT4-fs (loop0): orphan cleanup on readonly fs
[  687.715975][ T7021] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1845: bg 0: block 248: padding at end of block bitmap is not set
[  687.721333][  T436] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  687.741256][ T7021] __quota_error: 208 callbacks suppressed
[  687.741273][ T7021] Quota error (device loop0): write_blk: dquota write failed
[  687.762795][ T7021] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  687.782286][ T7021] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.1845: Failed to acquire dquot type 1
[  687.802384][ T7021] EXT4-fs (loop0): 1 truncate cleaned up
[  687.904958][ T7021] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  688.203634][ T7028] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  688.210918][ T7028] IPv6: NLM_F_CREATE should be set when creating new route
[  689.848497][  T562] usbhid 2-1:0.0: can't add hid device: -71
[  689.858480][  T562] usbhid: probe of 2-1:0.0 failed with error -71
[  689.876895][  T562] usb 2-1: USB disconnect, device number 26
[  689.879052][  T436] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  689.892944][  T436] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  689.908459][  T436] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.917964][  T436] usb 5-1: config 0 descriptor??
[  689.952255][   T30] audit: type=1326 audit(1749316772.841:2759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7034 comm="syz.0.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b49f89929 code=0x7ffc0000
[  689.995167][ T7035] hub 1-0:1.0: USB hub found
[  689.999952][ T7035] hub 1-0:1.0: 1 port detected
[  690.008151][   T30] audit: type=1326 audit(1749316772.871:2760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7034 comm="syz.0.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b49f89929 code=0x7ffc0000
[  690.033691][   T30] audit: type=1326 audit(1749316772.871:2761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7034 comm="syz.0.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b49f89929 code=0x7ffc0000
[  690.132809][   T30] audit: type=1326 audit(1749316772.871:2762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7034 comm="syz.0.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b49f89929 code=0x7ffc0000
[  690.289681][   T30] audit: type=1326 audit(1749316772.871:2763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7034 comm="syz.0.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b49f89929 code=0x7ffc0000
[  690.313414][   T30] audit: type=1326 audit(1749316772.871:2764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7034 comm="syz.0.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f8b49f89929 code=0x7ffc0000
[  690.337431][   T30] audit: type=1326 audit(1749316772.871:2765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7034 comm="syz.0.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b49f89929 code=0x7ffc0000
[  690.363510][   T30] audit: type=1326 audit(1749316772.871:2766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7034 comm="syz.0.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f8b49f89929 code=0x7ffc0000
[  690.792425][ T7044] device pim6reg1 entered promiscuous mode
[  691.130130][ T7058] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  692.241288][  T436] usbhid 5-1:0.0: can't add hid device: -71
[  692.247309][  T436] usbhid: probe of 5-1:0.0 failed with error -71
[  692.281528][  T436] usb 5-1: USB disconnect, device number 28
[  692.323759][ T7053] loop0: detected capacity change from 0 to 40427
[  692.434086][ T7053] F2FS-fs (loop0): invalid crc value
[  692.445148][ T7053] F2FS-fs (loop0): Found nat_bits in checkpoint
[  692.451867][ T7066] bpf_get_probe_write_proto: 2 callbacks suppressed
[  692.451885][ T7066] syz.4.1856[7066] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  692.458787][ T7066] syz.4.1856[7066] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  692.566422][ T7072] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  692.663025][ T7053] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  693.067417][ T7075] attempt to access beyond end of device
[  693.067417][ T7075] loop0: rw=2049, want=45104, limit=40427
[  693.391996][  T281] attempt to access beyond end of device
[  693.391996][  T281] loop0: rw=2049, want=45112, limit=40427
[  693.591193][ T6345] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  694.000795][ T7083] loop0: detected capacity change from 0 to 512
[  694.022348][ T7083] EXT4-fs (loop0): orphan cleanup on readonly fs
[  694.041450][ T7083] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1860: bg 0: block 248: padding at end of block bitmap is not set
[  694.079873][ T7083] __quota_error: 24 callbacks suppressed
[  694.079891][ T7083] Quota error (device loop0): write_blk: dquota write failed
[  694.093701][ T7083] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  694.110990][ T7083] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.1860: Failed to acquire dquot type 1
[  694.131270][ T7083] EXT4-fs (loop0): 1 truncate cleaned up
[  694.142540][ T7083] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  694.251458][ T6345] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  694.271465][ T6345] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  694.289933][ T6345] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.301795][ T6345] usb 2-1: config 0 descriptor??
[  694.434281][ T7093] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  695.521335][ T7099] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  697.411282][ T6345] usbhid 2-1:0.0: can't add hid device: -71
[  697.419139][ T6345] usbhid: probe of 2-1:0.0 failed with error -71
[  697.441208][  T318] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  697.449423][ T6345] usb 2-1: USB disconnect, device number 27
[  697.553490][   T30] audit: type=1400 audit(1749316780.441:2791): avc:  denied  { map } for  pid=7120 comm="syz.4.1875" path="/dev/ashmem" dev="devtmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  698.582930][ T7131] kvm [7130]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  698.603357][ T7131] kvm [7130]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  698.611270][  T318] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  698.621882][  T318] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  698.630938][  T318] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.974409][  T318] usb 1-1: config 0 descriptor??
[  698.983554][ T7131] kvm [7130]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  698.994284][ T7131] kvm [7130]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  699.431524][  T318] usbhid 1-1:0.0: can't add hid device: -71
[  699.440846][  T318] usbhid: probe of 1-1:0.0 failed with error -71
[  699.459769][  T318] usb 1-1: USB disconnect, device number 36
[  699.938349][   T30] audit: type=1400 audit(1749316782.581:2792): avc:  denied  { create } for  pid=7158 comm="syz.1.1885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  700.901400][ T7176] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  701.604841][ T7187] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  703.621264][  T436] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  704.085954][ T7235] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  704.181315][  T436] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  704.200071][  T436] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  704.231225][  T436] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.258837][  T436] usb 2-1: config 0 descriptor??
[  704.436082][ T7243] loop0: detected capacity change from 0 to 512
[  704.541220][  T318] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  704.610385][ T7243] EXT4-fs (loop0): orphan cleanup on readonly fs
[  704.617599][ T7243] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1912: bg 0: block 248: padding at end of block bitmap is not set
[  704.632668][ T7243] Quota error (device loop0): write_blk: dquota write failed
[  704.640170][ T7243] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  704.650264][ T7243] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.1912: Failed to acquire dquot type 1
[  704.662519][ T7243] EXT4-fs (loop0): 1 truncate cleaned up
[  704.668481][ T7243] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  706.707476][ T7257] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  707.143442][  T318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  707.156437][  T318] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  707.166714][  T318] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.185484][  T318] usb 4-1: config 0 descriptor??
[  707.256023][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.267138][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.278738][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.291057][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.303362][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.314740][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.325981][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.352277][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.368292][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.380442][ T7252] kvm [7250]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  707.389507][  T318] usbhid 4-1:0.0: can't add hid device: -71
[  707.395543][  T318] usbhid: probe of 4-1:0.0 failed with error -71
[  707.425899][  T318] usb 4-1: USB disconnect, device number 38
[  707.731914][  T436] usbhid 2-1:0.0: can't add hid device: -71
[  707.738008][  T436] usbhid: probe of 2-1:0.0 failed with error -71
[  707.762643][  T436] usb 2-1: USB disconnect, device number 28
[  708.498725][ T7293] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  709.037999][ T7304] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  712.040874][ T7348] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  713.231289][  T436] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  713.901331][  T436] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  713.911362][  T436] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  713.920489][  T436] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.941956][  T436] usb 3-1: config 0 descriptor??
[  713.995813][ T7400] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  715.631988][ T7423] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  717.021718][  T436] usbhid 3-1:0.0: can't add hid device: -71
[  717.028829][  T436] usbhid: probe of 3-1:0.0 failed with error -71
[  717.043411][  T436] usb 3-1: USB disconnect, device number 30
[  717.281247][   T26] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  717.561236][   T26] usb 4-1: Using ep0 maxpacket: 16
[  717.701322][   T26] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  717.709725][   T26] usb 4-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  717.720266][   T26] usb 4-1: config 0 has no interface number 0
[  717.726565][   T26] usb 4-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  717.737716][   T26] usb 4-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  717.751162][   T26] usb 4-1: config 0 interface 105 has no altsetting 0
[  717.928608][   T26] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  717.938419][   T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  717.947235][   T26] usb 4-1: Product: syz
[  717.951639][   T26] usb 4-1: Manufacturer: syz
[  717.956489][   T26] usb 4-1: SerialNumber: syz
[  718.071869][   T26] usb 4-1: config 0 descriptor??
[  720.652313][   T26] usb 4-1: USB disconnect, device number 39
[  720.795519][ T7481] device pim6reg1 entered promiscuous mode
[  722.505108][   T26] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  722.801262][ T6425] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  723.061284][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  723.071321][   T26] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  723.080461][   T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.094066][   T26] usb 4-1: config 0 descriptor??
[  723.161289][ T6425] usb 1-1: Using ep0 maxpacket: 16
[  723.281259][ T6425] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  723.289719][ T6425] usb 1-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  723.300781][ T6425] usb 1-1: config 0 has no interface number 0
[  723.307209][ T6425] usb 1-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  723.318819][ T6425] usb 1-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  723.332527][ T6425] usb 1-1: config 0 interface 105 has no altsetting 0
[  723.631916][ T6425] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  723.659847][ T6425] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.751764][ T6425] usb 1-1: Product: syz
[  723.756060][ T6425] usb 1-1: Manufacturer: syz
[  723.806821][ T6425] usb 1-1: SerialNumber: syz
[  723.816110][ T6425] usb 1-1: config 0 descriptor??
[  724.620631][ T7545] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  725.171642][   T26] usbhid 4-1:0.0: can't add hid device: -71
[  725.623710][   T26] usbhid: probe of 4-1:0.0 failed with error -71
[  725.634667][   T26] usb 4-1: USB disconnect, device number 40
[  726.013658][ T7557] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  726.905641][ T6425] usb 1-1: USB disconnect, device number 37
[  728.903550][ T7577] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  730.541195][ T6345] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  731.455194][ T7607] overlayfs: failed to resolve './file1': -2
[  731.531217][ T6345] usb 4-1: Using ep0 maxpacket: 16
[  731.651274][ T6345] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  731.659617][ T6345] usb 4-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  731.702856][ T7615] device pim6reg1 entered promiscuous mode
[  731.725611][ T6345] usb 4-1: config 0 has no interface number 0
[  731.733353][ T6345] usb 4-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  731.744782][ T6345] usb 4-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  731.758452][ T6345] usb 4-1: config 0 interface 105 has no altsetting 0
[  732.522304][ T7622] loop0: detected capacity change from 0 to 128
[  732.714520][ T7622] EXT4-fs (loop0): Test dummy encryption mode enabled
[  732.731174][ T7622] EXT4-fs (loop0): Test dummy encryption mode enabled
[  733.474477][ T7622] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none.
[  733.491619][ T7622] ext4 filesystem being mounted at /399/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  733.727999][ T6345] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  733.737338][ T6345] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  733.745551][ T6345] usb 4-1: Product: syz
[  733.754842][ T6345] usb 4-1: config 0 descriptor??
[  733.797396][ T6345] usb 4-1: can't set config #0, error -71
[  733.814471][ T6345] usb 4-1: USB disconnect, device number 41
[  737.670470][ T7662] overlayfs: failed to resolve './file1': -2
[  738.219731][ T6425] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  738.601191][ T6425] usb 3-1: Using ep0 maxpacket: 16
[  738.695483][ T7687] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  738.741474][ T6425] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  738.757977][ T6425] usb 3-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  739.034305][ T6425] usb 3-1: config 0 has no interface number 0
[  739.129989][ T6425] usb 3-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  739.282263][ T6425] usb 3-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  739.741351][ T6425] usb 3-1: config 0 interface 105 has no altsetting 0
[  739.901319][ T6425] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  739.910430][ T6425] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.951198][ T6425] usb 3-1: Product: syz
[  739.955405][ T6425] usb 3-1: Manufacturer: syz
[  739.980394][ T6425] usb 3-1: SerialNumber: syz
[  740.011215][ T6425] usb 3-1: config 0 descriptor??
[  740.140115][   T30] audit: type=1400 audit(1749316823.021:2793): avc:  denied  { create } for  pid=7705 comm="syz.3.2048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  740.169940][   T30] audit: type=1400 audit(1749316823.021:2794): avc:  denied  { write } for  pid=7705 comm="syz.3.2048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  741.414051][ T6425] usb 3-1: USB disconnect, device number 31
[  742.871339][ T7726] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  743.117173][ T7741] loop0: detected capacity change from 0 to 512
[  743.219590][ T7742] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  744.602783][ T7741] EXT4-fs (loop0): orphan cleanup on readonly fs
[  744.619911][ T7741] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2059: bg 0: block 248: padding at end of block bitmap is not set
[  744.682702][ T7741] Quota error (device loop0): write_blk: dquota write failed
[  744.710461][ T7741] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  744.754050][ T7741] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2059: Failed to acquire dquot type 1
[  744.931542][ T7741] EXT4-fs (loop0): 1 truncate cleaned up
[  744.967849][ T7741] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  747.277857][ T7789] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  748.033007][ T7800] device pim6reg1 entered promiscuous mode
[  748.145660][ T7802] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  750.199910][ T7821] loop0: detected capacity change from 0 to 512
[  750.258719][ T7821] EXT4-fs (loop0): Unrecognized mount option "smackfsroot=/dev/kvM" or missing value
[  750.552177][ T7834] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  751.734553][  T318] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  752.341332][  T318] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  752.351238][  T318] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  752.676576][  T350] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  752.689401][  T318] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.704677][  T318] usb 3-1: config 0 descriptor??
[  753.201911][  T350] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  753.212761][  T350] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  753.222551][  T350] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.266403][  T350] usb 2-1: config 0 descriptor??
[  753.371210][ T6345] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  753.641737][ T7866] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  755.121475][  T318] usbhid 3-1:0.0: can't add hid device: -71
[  755.127572][  T318] usbhid: probe of 3-1:0.0 failed with error -71
[  755.136148][  T318] usb 3-1: USB disconnect, device number 32
[  755.181261][  T751] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  755.211413][ T6345] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  755.221302][ T6345] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  755.230518][ T6345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.239846][ T6345] usb 1-1: config 0 descriptor??
[  755.251304][  T350] usbhid 2-1:0.0: can't add hid device: -71
[  755.257364][  T350] usbhid: probe of 2-1:0.0 failed with error -71
[  755.269651][  T350] usb 2-1: USB disconnect, device number 29
[  756.226312][  T751] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  756.236570][  T350] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  756.244460][  T751] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  756.255235][  T751] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.264463][  T751] usb 5-1: config 0 descriptor??
[  756.353068][ T7889] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  758.132778][ T7894] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  758.471301][ T6345] usbhid 1-1:0.0: can't add hid device: -71
[  758.485610][ T6345] usbhid: probe of 1-1:0.0 failed with error -71
[  758.523764][ T7901] device pim6reg1 entered promiscuous mode
[  758.537504][ T6345] usb 1-1: USB disconnect, device number 38
[  759.964313][  T350] usb 2-1: device descriptor read/all, error -71
[  761.198952][  T751] usbhid 5-1:0.0: can't add hid device: -71
[  761.215581][  T751] usbhid: probe of 5-1:0.0 failed with error -71
[  761.265896][  T751] usb 5-1: USB disconnect, device number 29
[  762.309278][ T7924] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  764.225820][ T7941] loop0: detected capacity change from 0 to 512
[  764.527973][ T7941] EXT4-fs (loop0): orphan cleanup on readonly fs
[  764.581732][ T7941] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2115: bg 0: block 248: padding at end of block bitmap is not set
[  764.616256][ T7941] Quota error (device loop0): write_blk: dquota write failed
[  764.630076][ T7941] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  764.641302][ T7941] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2115: Failed to acquire dquot type 1
[  764.666135][ T7941] EXT4-fs (loop0): 1 truncate cleaned up
[  764.678552][ T7941] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  768.627597][ T7959] device pim6reg1 entered promiscuous mode
[  768.912220][ T7972] loop0: detected capacity change from 0 to 512
[  769.002561][ T7972] EXT4-fs (loop0): orphan cleanup on readonly fs
[  769.012078][ T7972] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2123: bg 0: block 248: padding at end of block bitmap is not set
[  769.099822][ T7979] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  769.154375][ T7972] Quota error (device loop0): write_blk: dquota write failed
[  769.175027][ T7972] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  769.291622][ T7972] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2123: Failed to acquire dquot type 1
[  769.401633][ T7972] EXT4-fs (loop0): 1 truncate cleaned up
[  769.457117][ T7972] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  770.449711][ T7990] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  771.718284][ T8005] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  775.811748][ T8020] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  775.831798][ T8028] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  777.990379][ T8054] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  783.332142][ T8112] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  789.871206][   T26] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  790.200872][ T8174] syz.1.2180 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  790.241357][   T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  790.261235][   T26] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  790.301170][   T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.318373][   T26] usb 1-1: config 0 descriptor??
[  792.701962][   T26] usbhid 1-1:0.0: can't add hid device: -71
[  792.813884][   T26] usbhid: probe of 1-1:0.0 failed with error -71
[  792.821381][ T8214] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  793.498823][   T26] usb 1-1: USB disconnect, device number 39
[  796.502498][ T8254] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  803.337415][ T8305] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  803.653268][   T30] audit: type=1400 audit(1749316886.531:2795): avc:  denied  { remount } for  pid=8306 comm="syz.3.2216" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  804.429073][ T8315] loop0: detected capacity change from 0 to 512
[  804.557091][ T8315] EXT4-fs (loop0): orphan cleanup on readonly fs
[  804.572044][ T8315] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2219: bg 0: block 248: padding at end of block bitmap is not set
[  804.591489][ T8315] Quota error (device loop0): write_blk: dquota write failed
[  804.599032][ T8315] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  804.694332][ T8315] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2219: Failed to acquire dquot type 1
[  804.746830][ T8315] EXT4-fs (loop0): 1 truncate cleaned up
[  804.771543][ T8315] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  806.081258][  T751] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  806.122131][ T8333] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  806.831327][  T751] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  806.851511][  T751] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  806.901067][  T751] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.968772][  T751] usb 5-1: config 0 descriptor??
[  807.046731][ T8339] loop0: detected capacity change from 0 to 2048
[  807.193311][ T8339] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,min_batch_time=0x0000000000000000,barrier=0x0000000000000040,nodelalloc,,errors=continue. Quota mode: none.
[  807.334266][ T8344] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  809.101250][  T751] usbhid 5-1:0.0: can't add hid device: -71
[  809.107338][  T751] usbhid: probe of 5-1:0.0 failed with error -71
[  809.159833][  T751] usb 5-1: USB disconnect, device number 30
[  811.940952][ T8402] syz.4.2241[8402] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  811.941418][ T8402] syz.4.2241[8402] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  813.281814][ T8416] overlayfs: missing 'lowerdir'
[  813.755798][ T8421] loop0: detected capacity change from 0 to 2048
[  814.187601][ T8421] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,min_batch_time=0x0000000000000000,barrier=0x0000000000000040,nodelalloc,,errors=continue. Quota mode: none.
[  816.398952][ T8458] overlayfs: missing 'lowerdir'
[  818.662863][ T8483] loop0: detected capacity change from 0 to 512
[  818.903318][ T8483] EXT4-fs (loop0): Unrecognized mount option "smackfsroot=/dev/kvM" or missing value
[  819.460480][ T8498] overlayfs: missing 'lowerdir'
[  822.051245][ T8534] syz.4.2280[8534] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  822.051411][ T8534] syz.4.2280[8534] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  823.966723][  T318] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  824.361315][ T8556] overlayfs: missing 'lowerdir'
[  825.281286][  T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  825.301206][  T318] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  825.310306][  T318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  825.331919][  T318] usb 2-1: config 0 descriptor??
[  825.759718][ T8584] loop0: detected capacity change from 0 to 512
[  826.000477][ T8584] EXT4-fs (loop0): orphan cleanup on readonly fs
[  826.039753][ T8584] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2294: bg 0: block 248: padding at end of block bitmap is not set
[  826.067467][ T8584] Quota error (device loop0): write_blk: dquota write failed
[  826.074991][ T8584] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  826.103526][ T8584] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2294: Failed to acquire dquot type 1
[  826.115985][ T8584] EXT4-fs (loop0): 1 truncate cleaned up
[  826.122250][ T8584] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  826.359167][ T8590] syz.0.2294[8590] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  826.359585][ T8590] syz.0.2294[8590] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  827.431809][  T318] usbhid 2-1:0.0: can't add hid device: -71
[  827.542137][  T318] usbhid: probe of 2-1:0.0 failed with error -71
[  827.788873][ T8607] overlayfs: missing 'lowerdir'
[  828.429257][  T318] usb 2-1: USB disconnect, device number 32
[  828.614271][ T8626] loop0: detected capacity change from 0 to 256
[  829.502859][ T8640] syz.2.2307[8640] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  829.502962][ T8640] syz.2.2307[8640] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  830.630876][ T8640] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  833.017346][ T8633] kvm [8632]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000
[  833.033317][ T8633] kvm [8632]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000
[  834.723844][ T8655] overlayfs: missing 'lowerdir'
[  837.337925][ T8694] syz.1.2323[8694] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  837.338381][ T8694] syz.1.2323[8694] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  837.393958][ T8694] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  839.264593][ T8713] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  839.274618][ T8713] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  839.662949][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000
[  839.693404][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  839.715818][ T8700] kvm_set_msr_common: 31 callbacks suppressed
[  839.715842][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  839.731617][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  839.745055][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000
[  839.754846][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  839.771299][   T39] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  839.833747][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  839.849965][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  839.859201][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  839.873996][ T8700] kvm [8698]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000
[  840.151343][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  840.162032][   T39] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  840.172223][   T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  840.184395][   T39] usb 4-1: config 0 descriptor??
[  841.781156][  T318] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  842.047816][ T8745] syz.2.2338[8745] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  842.048178][ T8745] syz.2.2338[8745] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  842.114077][ T8745] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  842.381052][  T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  842.536041][  T318] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  842.540547][   T30] audit: type=1400 audit(1749316925.421:2796): avc:  denied  { append } for  pid=8749 comm="syz.4.2340" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  843.011314][   T39] usbhid 4-1:0.0: can't add hid device: -71
[  843.018072][   T39] usbhid: probe of 4-1:0.0 failed with error -71
[  843.044415][   T39] usb 4-1: USB disconnect, device number 42
[  843.221612][  T318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  843.257998][  T318] usb 2-1: config 0 descriptor??
[  843.293206][ T8758] kvm [8757]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  844.549427][ T8790] loop0: detected capacity change from 0 to 512
[  844.801524][ T8794] syz.2.2350[8794] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  844.801627][ T8794] syz.2.2350[8794] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  845.391954][ T8794] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  845.415422][ T8796] syz.4.2351[8796] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  845.416499][ T8796] syz.4.2351[8796] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  847.573405][ T8796] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  848.811278][  T318] usbhid 2-1:0.0: can't add hid device: -71
[  848.820230][  T318] usbhid: probe of 2-1:0.0 failed with error -71
[  848.829102][  T318] usb 2-1: USB disconnect, device number 33
[  848.917043][   T30] audit: type=1400 audit(1749316931.801:2797): avc:  denied  { relabelfrom } for  pid=8810 comm="syz.3.2357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  849.047702][ T8815] loop0: detected capacity change from 0 to 256
[  849.230666][   T30] audit: type=1400 audit(1749316931.801:2798): avc:  denied  { relabelto } for  pid=8810 comm="syz.3.2357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  849.987917][ T8823] kvm [8822]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  850.001301][ T8823] kvm [8822]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  850.323725][ T8823] kvm [8822]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  850.368941][ T8823] kvm [8822]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  850.396665][ T8823] kvm [8822]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  850.418134][ T8823] kvm [8822]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  850.459673][ T8823] kvm [8822]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  850.522678][ T8823] kvm [8822]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  850.638839][ T8845] syz.2.2365[8845] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  850.639411][ T8845] syz.2.2365[8845] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  852.940753][ T8868] syz.1.2371[8868] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  852.952860][ T8868] syz.1.2371[8868] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  853.349835][ T8868] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  855.991153][  T436] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  856.391294][  T436] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  856.411245][  T436] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  856.420364][  T436] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  856.451492][  T436] usb 3-1: config 0 descriptor??
[  856.631167][ T6345] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  857.301317][ T6345] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  857.321565][ T6345] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  857.330688][ T6345] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  857.683851][ T6345] usb 5-1: config 0 descriptor??
[  859.501294][  T436] usbhid 3-1:0.0: can't add hid device: -71
[  859.507305][  T436] usbhid: probe of 3-1:0.0 failed with error -71
[  859.533774][  T436] usb 3-1: USB disconnect, device number 33
[  859.571697][ T6345] usbhid 5-1:0.0: can't add hid device: -71
[  859.578108][ T6345] usbhid: probe of 5-1:0.0 failed with error -71
[  859.594679][ T6345] usb 5-1: USB disconnect, device number 31
[  860.047119][ T8946] loop0: detected capacity change from 0 to 512
[  860.176743][ T8946] EXT4-fs (loop0): orphan cleanup on readonly fs
[  860.234898][ T8946] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2394: bg 0: block 248: padding at end of block bitmap is not set
[  860.362063][ T8946] Quota error (device loop0): write_blk: dquota write failed
[  860.378260][ T8946] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  860.410747][ T8946] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2394: Failed to acquire dquot type 1
[  860.422717][ T8946] EXT4-fs (loop0): 1 truncate cleaned up
[  860.451273][ T8946] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  861.759725][ T8961] syz.0.2394[8961] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  861.760175][ T8961] syz.0.2394[8961] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  861.815992][ T8961] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  863.452494][ T8980] syz.1.2399[8980] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  863.453008][ T8980] syz.1.2399[8980] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  863.535359][ T8980] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  864.930477][ T9001] syz.2.2405[9001] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  864.930784][ T9001] syz.2.2405[9001] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  868.304722][ T9049] loop0: detected capacity change from 0 to 512
[  868.407708][ T9049] EXT4-fs (loop0): orphan cleanup on readonly fs
[  868.417159][ T9049] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2426: bg 0: block 248: padding at end of block bitmap is not set
[  868.461309][ T9049] Quota error (device loop0): write_blk: dquota write failed
[  868.489987][ T9049] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  868.532470][ T9049] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2426: Failed to acquire dquot type 1
[  868.551697][ T9049] EXT4-fs (loop0): 1 truncate cleaned up
[  868.564153][ T9049] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  869.370602][ T9064] syz.0.2426[9064] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  869.370701][ T9064] syz.0.2426[9064] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  869.386938][ T9064] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  869.651161][  T436] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  870.041354][  T436] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  870.055022][  T436] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  870.111150][  T436] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  870.184894][  T436] usb 5-1: config 0 descriptor??
[  870.260831][ T9073] syz.3.2432[9073] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  870.261329][ T9073] syz.3.2432[9073] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  870.310204][ T9073] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  872.481222][  T436] usbhid 5-1:0.0: can't add hid device: -71
[  872.487289][  T436] usbhid: probe of 5-1:0.0 failed with error -71
[  872.840746][  T436] usb 5-1: USB disconnect, device number 32
[  873.465604][ T9106] loop0: detected capacity change from 0 to 512
[  873.534306][ T9106] EXT4-fs (loop0): Mount option "nouser_xattr" will be removed by 3.5
[  873.534306][ T9106] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  873.534306][ T9106] 
[  873.552860][ T9106] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  873.649565][ T9106] EXT4-fs (loop0): 1 truncate cleaned up
[  873.655519][ T9106] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000040,stripe=0x0000000000004000,nouser_xattr,grpid,,errors=continue. Quota mode: none.
[  875.095846][ T9117] syz.4.2444[9117] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  875.096456][ T9117] syz.4.2444[9117] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  875.483422][ T9117] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  875.854909][ T9126] loop0: detected capacity change from 0 to 512
[  875.952685][ T9130] syz.2.2446[9130] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  875.953169][ T9130] syz.2.2446[9130] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  876.129182][ T9126] EXT4-fs (loop0): orphan cleanup on readonly fs
[  876.356764][ T9126] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2445: bg 0: block 248: padding at end of block bitmap is not set
[  876.885791][ T9126] Quota error (device loop0): write_blk: dquota write failed
[  876.923772][ T9126] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  876.964342][ T9126] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2445: Failed to acquire dquot type 1
[  877.031856][ T9126] EXT4-fs (loop0): 1 truncate cleaned up
[  877.055114][ T9126] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  878.367028][ T9151] syz.0.2445[9151] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  878.367470][ T9151] syz.0.2445[9151] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  878.423775][ T9151] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  880.632683][ T9160] kvm [9159]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  880.711416][ T9160] kvm [9159]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  880.753800][ T9160] kvm [9159]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  881.115312][ T9160] kvm [9159]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  881.363429][ T9190] loop0: detected capacity change from 0 to 256
[  884.449588][ T9239] loop0: detected capacity change from 0 to 512
[  884.570981][ T9243] device macsec0 left promiscuous mode
[  884.744880][ T9244] mmap: syz.1.2477 (9244) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  884.761382][ T6345] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  884.768542][ T9239] EXT4-fs (loop0): orphan cleanup on readonly fs
[  884.794350][ T9239] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2479: bg 0: block 248: padding at end of block bitmap is not set
[  884.809279][ T9239] Quota error (device loop0): write_blk: dquota write failed
[  884.816795][ T9239] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  884.826913][ T9239] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2479: Failed to acquire dquot type 1
[  884.841220][ T9239] EXT4-fs (loop0): 1 truncate cleaned up
[  884.847154][ T9239] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  887.251209][ T6345] usb 3-1: unable to read config index 0 descriptor/start: -71
[  887.258922][ T6345] usb 3-1: can't read configurations, error -71
[  889.157569][ T9327] syz.2.2499[9327] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  889.158031][ T9327] syz.2.2499[9327] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  889.208655][ T9327] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  889.677666][  T317] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  891.181181][  T317] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  891.203596][  T317] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  891.243934][ T9348] syz.3.2505[9348] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  891.244394][ T9348] syz.3.2505[9348] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  891.287484][  T317] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.412105][ T9348] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  891.480230][  T317] usb 5-1: config 0 descriptor??
[  893.661983][ T9369] loop0: detected capacity change from 0 to 40427
[  893.682424][ T9369] F2FS-fs (loop0): invalid crc value
[  893.690140][ T9369] F2FS-fs (loop0): Found nat_bits in checkpoint
[  893.731856][ T9369] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  893.751491][ T9369] attempt to access beyond end of device
[  893.751491][ T9369] loop0: rw=2049, want=45104, limit=40427
[  893.768993][  T815] attempt to access beyond end of device
[  893.768993][  T815] loop0: rw=2049, want=45112, limit=40427
[  894.131154][   T26] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  894.361276][  T317] usbhid 5-1:0.0: can't add hid device: -71
[  894.367974][  T317] usbhid: probe of 5-1:0.0 failed with error -71
[  894.386735][  T317] usb 5-1: USB disconnect, device number 33
[  894.511203][   T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  894.520999][   T26] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  894.532977][   T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.564268][   T26] usb 2-1: config 0 descriptor??
[  895.081193][   T26] usbhid 2-1:0.0: can't add hid device: -71
[  895.087288][   T26] usbhid: probe of 2-1:0.0 failed with error -71
[  895.107513][   T26] usb 2-1: USB disconnect, device number 34
[  895.431173][ T6345] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  895.703722][ T9434] device macsec0 left promiscuous mode
[  896.800317][ T9436] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  897.689963][ T9448] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  898.821465][ T9451] syz.1.2537[9451] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  898.821571][ T9451] syz.1.2537[9451] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  899.418880][ T9451] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  900.461238][  T317] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  900.931189][ T6345] usb 1-1: device not accepting address 40, error -71
[  900.931242][  T317] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  900.976739][  T317] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  901.003486][  T317] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.029869][  T317] usb 3-1: config 0 descriptor??
[  902.363903][ T1626] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  902.621168][ T1626] usb 2-1: Using ep0 maxpacket: 16
[  902.769983][ T1626] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  902.778497][ T1626] usb 2-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  902.819329][ T1626] usb 2-1: config 0 has no interface number 0
[  902.825724][ T1626] usb 2-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  902.836824][ T1626] usb 2-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  902.850203][ T1626] usb 2-1: config 0 interface 105 has no altsetting 0
[  902.923809][ T9501] syz.3.2552[9501] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  902.924289][ T9501] syz.3.2552[9501] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  902.967918][ T9501] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  903.121714][ T1626] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  903.160990][ T1626] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  903.271357][ T1626] usb 2-1: Product: syz
[  903.338667][ T1626] usb 2-1: Manufacturer: syz
[  903.520163][ T1626] usb 2-1: SerialNumber: syz
[  903.531327][  T317] usbhid 3-1:0.0: can't add hid device: -71
[  903.944749][  T317] usbhid: probe of 3-1:0.0 failed with error -71
[  903.964519][ T1626] usb 2-1: config 0 descriptor??
[  903.977584][  T317] usb 3-1: USB disconnect, device number 36
[  904.186791][ T1626] usb 2-1: USB disconnect, device number 35
[  904.445034][ T9515] syz.1.2559[9515] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  904.445534][ T9515] syz.1.2559[9515] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  904.501248][  T317] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  904.921645][  T317] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  904.981747][  T317] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  905.446089][  T317] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.488816][  T317] usb 3-1: config 0 descriptor??
[  907.751258][  T317] usbhid 3-1:0.0: can't add hid device: -71
[  907.759773][ T9539] syz.4.2566[9539] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  907.760296][ T9539] syz.4.2566[9539] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  907.902915][  T317] usbhid: probe of 3-1:0.0 failed with error -71
[  908.417135][  T317] usb 3-1: USB disconnect, device number 37
[  909.757408][ T9560] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  909.981203][  T317] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  910.081117][  T436] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  910.251185][  T317] usb 3-1: Using ep0 maxpacket: 16
[  910.412951][  T317] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  910.441335][  T436] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  910.455904][  T317] usb 3-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  910.493540][  T317] usb 3-1: config 0 has no interface number 0
[  910.500064][  T317] usb 3-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  910.551610][  T317] usb 3-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  910.566402][  T317] usb 3-1: config 0 interface 105 has no altsetting 0
[  910.678441][  T436] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  910.687850][  T436] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.701454][  T436] usb 5-1: config 0 descriptor??
[  910.781575][  T317] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  910.795384][  T317] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.803607][  T317] usb 3-1: Product: syz
[  910.807887][  T317] usb 3-1: Manufacturer: syz
[  910.812576][  T317] usb 3-1: SerialNumber: syz
[  910.818858][  T317] usb 3-1: config 0 descriptor??
[  912.162849][ T9601] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  912.951203][  T436] usbhid 5-1:0.0: can't add hid device: -71
[  912.957317][  T436] usbhid: probe of 5-1:0.0 failed with error -71
[  913.032627][  T436] usb 5-1: USB disconnect, device number 34
[  913.090468][ T9618] device macsec0 left promiscuous mode
[  913.172695][  T317] usb 3-1: USB disconnect, device number 38
[  914.595182][ T9631] kvm [9630]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xaf
[  914.604794][ T9631] kvm [9630]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x40af
[  915.681995][ T9653] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  916.421115][ T8475] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  916.891351][ T8475] usb 4-1: Using ep0 maxpacket: 16
[  917.011789][ T8475] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  917.052189][ T8475] usb 4-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  917.129020][ T8475] usb 4-1: config 0 has no interface number 0
[  917.135290][ T8475] usb 4-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  917.146446][ T8475] usb 4-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  917.159832][ T8475] usb 4-1: config 0 interface 105 has no altsetting 0
[  917.591211][ T8475] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  917.600528][ T8475] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.625968][ T8475] usb 4-1: Product: syz
[  917.644619][ T8475] usb 4-1: Manufacturer: syz
[  917.649583][ T8475] usb 4-1: SerialNumber: syz
[  917.718663][ T8475] usb 4-1: config 0 descriptor??
[  918.934961][ T9713] 9pnet: Insufficient options for proto=fd
[  920.016765][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000
[  920.027901][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  920.327576][ T6345] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  920.337072][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000
[  920.348263][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  920.377259][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  920.382699][ T8475] usb 4-1: USB disconnect, device number 43
[  920.395363][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  920.414284][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000
[  920.486746][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  920.502035][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  920.518052][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  920.527250][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  920.541348][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000
[  920.550940][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  920.961395][ T6345] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  920.972138][ T6345] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  920.981427][ T6345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.990647][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  921.007518][ T6345] usb 1-1: config 0 descriptor??
[  921.024201][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  921.038731][ T9723] kvm [9722]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  922.306795][ T9766] syz.4.2633[9766] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  922.307319][ T9766] syz.4.2633[9766] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  922.336514][ T9766] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  923.511293][ T6345] usbhid 1-1:0.0: can't add hid device: -71
[  923.517305][ T6345] usbhid: probe of 1-1:0.0 failed with error -71
[  923.812979][ T6345] usb 1-1: USB disconnect, device number 42
[  925.084218][ T9784] loop0: detected capacity change from 0 to 512
[  925.122788][ T9784] EXT4-fs (loop0): orphan cleanup on readonly fs
[  925.315857][ T9784] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2638: bg 0: block 248: padding at end of block bitmap is not set
[  925.442557][ T9784] Quota error (device loop0): write_blk: dquota write failed
[  925.450046][ T9784] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  925.478663][ T9784] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2638: Failed to acquire dquot type 1
[  925.521234][ T9784] EXT4-fs (loop0): 1 truncate cleaned up
[  925.532745][ T9784] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  925.752780][  T436] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  925.793059][ T9792] syz.0.2638[9792] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  925.793519][ T9792] syz.0.2638[9792] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  925.917807][ T9792] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  927.771252][  T436] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  927.791149][  T436] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  927.800242][  T436] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  927.813076][  T436] usb 3-1: config 0 descriptor??
[  927.905024][ T9804] loop0: detected capacity change from 0 to 40427
[  927.926343][ T9804] F2FS-fs (loop0): invalid crc value
[  927.954847][ T9804] F2FS-fs (loop0): Found nat_bits in checkpoint
[  928.008558][ T9804] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  930.251299][  T436] usbhid 3-1:0.0: can't add hid device: -71
[  930.257299][  T436] usbhid: probe of 3-1:0.0 failed with error -71
[  930.268448][  T436] usb 3-1: USB disconnect, device number 39
[  930.516686][ T9853] syz.2.2653[9853] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  930.517160][ T9853] syz.2.2653[9853] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  930.554646][ T9853] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  931.751189][  T318] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  932.311211][  T318] usb 4-1: Using ep0 maxpacket: 16
[  932.431327][  T318] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  932.439567][  T318] usb 4-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  932.470540][  T318] usb 4-1: config 0 has no interface number 0
[  932.482138][  T318] usb 4-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  932.505667][  T318] usb 4-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  932.547307][  T318] usb 4-1: config 0 interface 105 has no altsetting 0
[  932.731426][  T318] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  932.740522][  T318] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  932.762586][  T318] usb 4-1: Product: syz
[  932.766834][  T318] usb 4-1: Manufacturer: syz
[  932.781109][  T318] usb 4-1: SerialNumber: syz
[  932.790365][  T318] usb 4-1: config 0 descriptor??
[  934.481074][ T9888] syz.2.2662[9888] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  934.511963][ T9888] syz.2.2662[9888] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  935.183468][  T318] usb 4-1: USB disconnect, device number 44
[  937.690922][ T9933] kvm [9932]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xf983
[  937.731906][ T9933] kvm_set_msr_common: 3 callbacks suppressed
[  937.731928][ T9933] kvm [9932]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0xaf51
[  937.782287][ T9933] kvm [9932]: vcpu0, guest rIP: 0x1be vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xb291, nop
[  937.818436][ T9933] kvm [9932]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0xf359
[  937.920592][ T9942] syz.3.2677[9942] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  937.921110][ T9942] syz.3.2677[9942] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  937.962048][ T9942] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  940.289128][ T9966] loop0: detected capacity change from 0 to 512
[  940.489959][ T9966] EXT4-fs (loop0): orphan cleanup on readonly fs
[  940.538056][ T9966] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2684: bg 0: block 248: padding at end of block bitmap is not set
[  940.577334][ T9966] Quota error (device loop0): write_blk: dquota write failed
[  940.585217][ T9966] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  940.605666][ T9966] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2684: Failed to acquire dquot type 1
[  940.635107][ T9966] EXT4-fs (loop0): 1 truncate cleaned up
[  940.648445][ T9966] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  941.201448][ T9977] syz.4.2686[9977] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  941.201567][ T9977] syz.4.2686[9977] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  941.213742][ T9978] syz.0.2684[9978] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  941.225305][ T9978] syz.0.2684[9978] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  945.291142][  T318] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  945.709065][T10041] syz.3.2702[10041] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  945.713808][T10041] syz.3.2702[10041] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  947.681760][T10042] loop0: detected capacity change from 0 to 512
[  947.750643][T10042] EXT4-fs (loop0): Mount option "nouser_xattr" will be removed by 3.5
[  947.750643][T10042] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  947.750643][T10042] 
[  947.769103][T10042] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  947.854737][T10042] EXT4-fs (loop0): 1 truncate cleaned up
[  947.860498][T10042] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000040,stripe=0x0000000000004000,nouser_xattr,grpid,,errors=continue. Quota mode: none.
[  947.892490][  T318] usb 3-1: unable to read config index 0 descriptor/start: -71
[  947.915249][  T318] usb 3-1: can't read configurations, error -71
[  948.262793][T10057] syz.3.2706[10057] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  948.281150][T10057] syz.3.2706[10057] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  949.857323][T10053] kvm [10048]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xf983
[  949.907081][T10053] kvm [10048]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0xaf51
[  949.945882][T10053] kvm [10048]: vcpu0, guest rIP: 0x1be vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xb291, nop
[  949.974748][T10053] kvm [10048]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0xf359
[  950.181175][T10078] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  950.608497][T10070] kvm [10069]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  952.258749][T10095] kvm [10094]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0xa380
[  952.281972][T10095] kvm [10094]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0xc0
[  952.296511][T10095] kvm [10094]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x7260
[  952.331241][  T571] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  954.481223][  T571] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  954.499409][  T571] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  954.612396][  T571] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  954.621549][  T571] usb 4-1: config 0 descriptor??
[  954.921922][T10131] syz.1.2727[10131] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  954.947025][T10131] syz.1.2727[10131] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  955.612859][T10140] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  955.911238][  T571] usbhid 4-1:0.0: can't add hid device: -71
[  955.978760][  T571] usbhid: probe of 4-1:0.0 failed with error -71
[  956.051316][  T571] usb 4-1: USB disconnect, device number 45
[  957.121078][T10158] syz.1.2735[10158] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  957.138415][T10158] syz.1.2735[10158] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  960.080406][T10175] syz.2.2739[10175] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  960.093441][T10175] syz.2.2739[10175] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  961.525288][T10179] kvm [10178]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0xa380
[  961.611789][T10179] kvm [10178]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0xc0
[  961.641172][T10179] kvm [10178]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x7260
[  961.961171][  T371] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  962.507281][  T371] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  962.531388][  T371] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  962.682007][  T371] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.803673][  T371] usb 3-1: config 0 descriptor??
[  963.237121][  T751] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  963.870595][T10231] syz.1.2753[10231] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  963.871147][T10231] syz.1.2753[10231] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  963.921365][  T751] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  964.105612][  T751] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  964.196446][  T751] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  964.267340][  T751] usb 5-1: config 0 descriptor??
[  965.091215][  T371] usbhid 3-1:0.0: can't add hid device: -71
[  965.097216][  T371] usbhid: probe of 3-1:0.0 failed with error -71
[  965.125146][  T371] usb 3-1: USB disconnect, device number 42
[  967.261230][  T751] usbhid 5-1:0.0: can't add hid device: -71
[  967.267512][  T751] usbhid: probe of 5-1:0.0 failed with error -71
[  967.350455][  T751] usb 5-1: USB disconnect, device number 35
[  967.927474][T10304] loop0: detected capacity change from 0 to 512
[  967.944796][  T371] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  967.958766][T10304] EXT4-fs (loop0): orphan cleanup on readonly fs
[  967.966137][T10304] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2771: bg 0: block 248: padding at end of block bitmap is not set
[  967.980742][T10304] Quota error (device loop0): write_blk: dquota write failed
[  967.988281][T10304] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  967.998540][T10304] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2771: Failed to acquire dquot type 1
[  968.010651][T10304] EXT4-fs (loop0): 1 truncate cleaned up
[  968.018139][T10304] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  968.061425][ T4058] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  968.232868][T10311] syz.0.2771[10311] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  968.233326][T10311] syz.0.2771[10311] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  968.331497][T10311] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  968.361216][ T4058] usb 3-1: Using ep0 maxpacket: 16
[  968.541222][  T371] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  968.551257][  T371] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  968.560352][  T371] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  968.572931][  T371] usb 4-1: config 0 descriptor??
[  969.211217][ T4058] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  969.224674][ T4058] usb 3-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  969.258893][ T4058] usb 3-1: config 0 has no interface number 0
[  969.371125][ T4058] usb 3-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  969.407624][ T4058] usb 3-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  969.431087][ T4058] usb 3-1: config 0 interface 105 has no altsetting 0
[  969.610590][T10325] syz.4.2775[10325] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  969.611031][T10325] syz.4.2775[10325] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  969.658654][T10325] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  969.891116][ T4058] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  970.942835][ T4058] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  970.999489][ T4058] usb 3-1: Product: syz
[  971.016469][ T4058] usb 3-1: Manufacturer: syz
[  971.031090][ T4058] usb 3-1: SerialNumber: syz
[  971.071661][ T4058] usb 3-1: config 0 descriptor??
[  971.091168][ T4058] usb 3-1: can't set config #0, error -71
[  971.111145][ T4058] usb 3-1: USB disconnect, device number 43
[  971.311162][T10232] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  972.281240][T10232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  972.293014][T10232] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  972.307337][T10232] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  972.323260][T10232] usb 1-1: config 0 descriptor??
[  972.522373][ T4058] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  972.551165][  T371] usbhid 4-1:0.0: can't add hid device: -71
[  972.560517][  T371] usbhid: probe of 4-1:0.0 failed with error -71
[  972.637287][  T371] usb 4-1: USB disconnect, device number 46
[  973.541026][ T4058] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  973.550887][ T4058] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  973.560117][ T4058] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  973.570843][ T4058] usb 5-1: config 0 descriptor??
[  974.897742][T10368] syz.2.2787[10368] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  974.897856][T10368] syz.2.2787[10368] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  974.933122][T10368] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  975.584094][T10232] usbhid 1-1:0.0: can't add hid device: -71
[  975.590354][T10232] usbhid: probe of 1-1:0.0 failed with error -71
[  975.603223][T10232] usb 1-1: USB disconnect, device number 43
[  976.013249][T10232] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  976.117766][T10383] syz.2.2791[10383] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  976.118277][T10383] syz.2.2791[10383] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  976.154262][T10383] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  976.323960][T10232] usb 1-1: Using ep0 maxpacket: 16
[  976.735999][ T4058] usbhid 5-1:0.0: can't add hid device: -71
[  977.996338][ T4058] usbhid: probe of 5-1:0.0 failed with error -71
[  978.004066][ T4058] usb 5-1: USB disconnect, device number 36
[  978.081220][T10232] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  978.093640][T10232] usb 1-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[  978.108157][T10232] usb 1-1: config 0 has no interface number 0
[  978.115958][T10232] usb 1-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[  978.127573][T10232] usb 1-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[  978.145636][T10232] usb 1-1: config 0 interface 105 has no altsetting 0
[  978.331140][T10232] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  978.674476][T10232] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  978.713013][T10232] usb 1-1: Product: syz
[  978.717314][T10232] usb 1-1: Manufacturer: syz
[  978.722218][T10232] usb 1-1: SerialNumber: syz
[  978.727687][T10232] usb 1-1: config 0 descriptor??
[  978.751196][T10232] usb 1-1: can't set config #0, error -71
[  978.762574][T10232] usb 1-1: USB disconnect, device number 44
[  978.821194][ T4058] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  979.251258][T10412] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  979.841298][ T4058] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  979.856454][ T4058] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  979.877736][ T4058] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  979.897824][ T4058] usb 5-1: config 0 descriptor??
[  981.644059][T10454] syz.3.2809[10454] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  981.644662][T10454] syz.3.2809[10454] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  983.021218][ T4058] usbhid 5-1:0.0: can't add hid device: -71
[  983.062501][ T4058] usbhid: probe of 5-1:0.0 failed with error -71
[  983.081145][ T4058] usb 5-1: USB disconnect, device number 37
[  983.215889][T10466] loop0: detected capacity change from 0 to 256
[  984.021130][  T317] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  984.381277][  T317] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  984.411096][  T317] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  984.420222][  T317] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.437782][  T317] usb 3-1: config 0 descriptor??
[  987.862099][  T317] usbhid 3-1:0.0: can't add hid device: -71
[  987.888746][  T317] usbhid: probe of 3-1:0.0 failed with error -71
[  988.139212][  T317] usb 3-1: USB disconnect, device number 44
[  988.969563][T10544] syz.1.2832[10544] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  988.969676][T10544] syz.1.2832[10544] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  991.301087][  T317] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  993.321429][  T317] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  993.467125][  T317] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  993.476729][  T317] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  993.499517][  T317] usb 1-1: config 0 descriptor??
[  997.881162][  T317] usbhid 1-1:0.0: can't add hid device: -71
[  997.887206][  T317] usbhid: probe of 1-1:0.0 failed with error -71
[  997.954924][  T317] usb 1-1: USB disconnect, device number 45
[ 1000.592371][T10665] loop0: detected capacity change from 0 to 256
[ 1001.824558][T10681] loop0: detected capacity change from 0 to 256
[ 1010.061530][T10797] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[ 1010.087892][T10797] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[ 1010.184918][T10811] loop0: detected capacity change from 0 to 256
[ 1014.151144][  T751] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1014.183815][  T471] tipc: Disabling bearer <udp:syz2>
[ 1014.190057][  T471] tipc: Disabling bearer <udp:syz0>
[ 1014.197358][   T30] audit: type=1400 audit(1749317097.051:2799): avc:  denied  { mounton } for  pid=10843 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 1014.226938][  T471] tipc: Left network mode
[ 1014.266771][T10843] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1014.274607][T10843] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.282548][T10843] device bridge_slave_0 entered promiscuous mode
[ 1014.300115][T10843] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1014.307316][T10843] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.336113][T10843] device bridge_slave_1 entered promiscuous mode
[ 1014.461119][  T751] usb 4-1: Using ep0 maxpacket: 16
[ 1014.468883][T10843] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1014.475995][T10843] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1014.483297][T10843] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1014.490337][T10843] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1014.591668][  T751] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[ 1014.610395][T10857] overlayfs: failed to resolve './file1': -2
[ 1014.680178][  T751] usb 4-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[ 1014.772526][  T751] usb 4-1: config 0 has no interface number 0
[ 1014.827855][  T751] usb 4-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[ 1014.871438][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1014.879479][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1014.880412][  T751] usb 4-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[ 1014.888205][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1014.909724][  T751] usb 4-1: config 0 interface 105 has no altsetting 0
[ 1014.922680][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1014.953089][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1014.975991][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1014.999748][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1015.018504][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1015.035615][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1015.054703][T10843] device veth0_vlan entered promiscuous mode
[ 1015.071201][  T751] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1015.084197][  T751] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1015.097607][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1015.102797][  T751] usb 4-1: Product: syz
[ 1015.111520][T10843] device veth1_macvtap entered promiscuous mode
[ 1015.131108][  T751] usb 4-1: Manufacturer: syz
[ 1015.135765][  T751] usb 4-1: SerialNumber: syz
[ 1015.146768][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1015.159273][  T751] usb 4-1: config 0 descriptor??
[ 1015.166485][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1015.195076][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1015.248529][  T471] device bridge_slave_1 left promiscuous mode
[ 1015.256346][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.272815][  T471] device bridge_slave_0 left promiscuous mode
[ 1015.278990][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.305521][  T471] device veth0_vlan left promiscuous mode
[ 1015.647487][   T30] audit: type=1400 audit(1749317098.531:2800): avc:  denied  { mounton } for  pid=10843 comm="syz-executor" path="/root/syzkaller.O0w3Bw/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1015.735131][  T751] usb 4-1: USB disconnect, device number 47
[ 1015.840710][T10878] loop0: detected capacity change from 0 to 128
[ 1015.926017][T10878] EXT4-fs (loop0): Test dummy encryption mode enabled
[ 1015.933122][T10878] EXT4-fs (loop0): Test dummy encryption mode enabled
[ 1016.119281][T10878] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none.
[ 1016.134911][T10878] ext4 filesystem being mounted at /571/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1018.092802][T10909] netlink: 'syz.2.2928': attribute type 12 has an invalid length.
[ 1020.263560][T10919] loop0: detected capacity change from 0 to 512
[ 1021.401468][T10919] EXT4-fs (loop0): orphan cleanup on readonly fs
[ 1021.420501][T10919] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2931: bg 0: block 248: padding at end of block bitmap is not set
[ 1021.435792][T10919] Quota error (device loop0): write_blk: dquota write failed
[ 1021.524825][T10919] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[ 1021.780133][T10919] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.2931: Failed to acquire dquot type 1
[ 1021.813126][T10919] EXT4-fs (loop0): 1 truncate cleaned up
[ 1021.871695][T10919] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[ 1022.194626][T10951] syz.0.2931[10951] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1022.195091][T10951] syz.0.2931[10951] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1022.241044][T10951] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1022.268316][  T317] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[ 1023.761173][  T317] usb 3-1: Using ep0 maxpacket: 16
[ 1023.944465][  T317] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[ 1023.953306][  T317] usb 3-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[ 1023.964068][  T317] usb 3-1: config 0 has no interface number 0
[ 1023.970256][  T317] usb 3-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[ 1023.991076][  T317] usb 3-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[ 1024.005504][  T317] usb 3-1: config 0 interface 105 has no altsetting 0
[ 1025.666139][  T317] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1025.675514][  T317] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1025.683608][  T317] usb 3-1: Product: syz
[ 1025.687790][  T317] usb 3-1: Manufacturer: syz
[ 1025.693974][  T317] usb 3-1: config 0 descriptor??
[ 1025.711201][  T317] usb 3-1: can't set config #0, error -71
[ 1025.718068][  T317] usb 3-1: USB disconnect, device number 45
[ 1027.951078][  T576] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1028.048617][   T30] audit: type=1326 audit(1749317110.931:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11021 comm="syz.0.2960" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8b49f89929 code=0x0
[ 1028.331247][  T576] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1028.347101][  T576] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 1028.364995][  T576] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1028.385564][  T576] usb 5-1: config 0 descriptor??
[ 1028.561131][T10232] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[ 1029.141230][T10232] usb 3-1: Using ep0 maxpacket: 16
[ 1029.281209][T10232] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[ 1029.295680][T10232] usb 3-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[ 1029.322769][T10232] usb 3-1: config 0 has no interface number 0
[ 1029.335427][T10232] usb 3-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[ 1029.381958][T10232] usb 3-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[ 1029.410010][T10232] usb 3-1: config 0 interface 105 has no altsetting 0
[ 1029.671197][T10232] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1029.683919][T10232] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1029.695439][T10232] usb 3-1: Product: syz
[ 1029.699668][T10232] usb 3-1: Manufacturer: syz
[ 1029.704726][T10232] usb 3-1: SerialNumber: syz
[ 1029.710600][T10232] usb 3-1: config 0 descriptor??
[ 1030.771588][  T576] usbhid 5-1:0.0: can't add hid device: -71
[ 1030.797990][  T576] usbhid: probe of 5-1:0.0 failed with error -71
[ 1030.989250][  T576] usb 5-1: USB disconnect, device number 38
[ 1031.953043][T10232] usb 3-1: USB disconnect, device number 46
[ 1032.041092][    C0] ------------[ cut here ]------------
[ 1032.046626][    C0] refcount_t: addition on 0; use-after-free.
[ 1032.052771][    C0] WARNING: CPU: 0 PID: 11057 at lib/refcount.c:25 refcount_warn_saturate+0x104/0x1a0
[ 1032.062318][    C0] Modules linked in:
[ 1032.066232][    C0] CPU: 0 PID: 11057 Comm: syz.1.2971 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0
[ 1032.076257][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1032.086373][    C0] RIP: 0010:refcount_warn_saturate+0x104/0x1a0
[ 1032.092580][    C0] Code: 04 01 48 c7 c7 60 ef 62 85 e8 08 9d 50 02 0f 0b eb df e8 5f d6 1c ff c6 05 ba f8 99 04 01 48 c7 c7 a0 ee 62 85 e8 ec 9c 50 02 <0f> 0b eb c3 e8 43 d6 1c ff c6 05 9f f8 99 04 01 48 c7 c7 00 ef 62
[ 1032.112248][    C0] RSP: 0018:ffffc900000079e0 EFLAGS: 00010246
[ 1032.118343][    C0] RAX: fc44761748fd6900 RBX: 0000000000000002 RCX: ffff888117008000
[ 1032.126515][    C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[ 1032.134546][    C0] RBP: ffffc900000079f0 R08: dffffc0000000000 R09: fffff52000000e89
[ 1032.142601][    C0] R10: fffff52000000e89 R11: 1ffff92000000e88 R12: ffff888117f44808
[ 1032.150598][    C0] R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc90000007ba0
[ 1032.158623][    C0] FS:  00007f7ac77156c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1032.167634][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1032.174255][    C0] CR2: 0000001b3191fffc CR3: 000000012bd91000 CR4: 00000000003506b0
[ 1032.182270][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1032.190254][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1032.198247][    C0] Call Trace:
[ 1032.201597][    C0]  <IRQ>
[ 1032.204449][    C0]  tipc_crypto_xmit+0x1938/0x2400
[ 1032.209484][    C0]  ? tipc_crypto_do_cmd+0xcf0/0xcf0
[ 1032.214734][    C0]  ? __copy_skb_header+0x437/0x600
[ 1032.219861][    C0]  tipc_bearer_xmit_skb+0x226/0x360
[ 1032.225091][    C0]  ? __skb_clone+0x47a/0x790
[ 1032.229697][    C0]  ? tipc_bearer_mtu+0x160/0x160
[ 1032.234660][    C0]  ? skb_clone+0x202/0x360
[ 1032.239091][    C0]  tipc_disc_timeout+0x6a2/0x830
[ 1032.244051][    C0]  ? update_rq_clock+0x1eb/0x580
[ 1032.249002][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1032.254229][    C0]  ? __kasan_check_write+0x14/0x20
[ 1032.259355][    C0]  ? _raw_spin_lock_irqsave+0x110/0x110
[ 1032.264951][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1032.270164][    C0]  call_timer_fn+0x38/0x290
[ 1032.274705][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1032.279924][    C0]  __run_timers+0x639/0x9a0
[ 1032.284470][    C0]  ? calc_index+0x200/0x200
[ 1032.288994][    C0]  ? sched_clock_cpu+0x18/0x3c0
[ 1032.293891][    C0]  run_timer_softirq+0x6a/0xf0
[ 1032.298689][    C0]  handle_softirqs+0x250/0x560
[ 1032.303484][    C0]  __irq_exit_rcu+0x52/0xf0
[ 1032.308046][    C0]  irq_exit_rcu+0x9/0x10
[ 1032.312358][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1032.318018][    C0]  </IRQ>
[ 1032.320956][    C0]  <TASK>
[ 1032.323917][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1032.329920][    C0] RIP: 0010:clear_page_erms+0x7/0x10
[ 1032.335266][    C0] Code: 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 8d 7f 40 75 d9 90 c3 90 90 90 90 90 90 90 b9 00 10 00 00 31 c0 <f3> aa c3 00 00 cc cc 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53
[ 1032.354899][    C0] RSP: 0018:ffffc90001257128 EFLAGS: 00010246
[ 1032.360963][    C0] RAX: 0000000000000000 RBX: ffff88813bc17000 RCX: 0000000000000cc0
[ 1032.369488][    C0] RDX: 0000000000000200 RSI: 0000000000000001 RDI: ffff88813bc17340
[ 1032.377629][    C0] RBP: ffffc90001257158 R08: dffffc0000000000 R09: ffffed1027782e00
[ 1032.385709][    C0] R10: fffff940009de0bf R11: 1ffffd40009de0be R12: 0000000000000001
[ 1032.393760][    C0] R13: 1ffff11022e01172 R14: ffff888117008b90 R15: dffffc0000000000
[ 1032.401826][    C0]  ? kernel_init_free_pages+0x72/0xf0
[ 1032.407224][    C0]  post_alloc_hook+0x10b/0x1b0
[ 1032.412037][    C0]  prep_new_page+0x1c/0x110
[ 1032.416561][    C0]  get_page_from_freelist+0x2cc5/0x2d50
[ 1032.422149][    C0]  ? __kasan_slab_alloc+0xcf/0xf0
[ 1032.427193][    C0]  ? __alloc_pages+0x440/0x440
[ 1032.431983][    C0]  ? __alloc_pages_bulk+0xab0/0xab0
[ 1032.437200][    C0]  ? debug_smp_processor_id+0x17/0x20
[ 1032.442612][    C0]  __alloc_pages+0x18f/0x440
[ 1032.447212][    C0]  ? prep_new_page+0x110/0x110
[ 1032.452000][    C0]  ? __kasan_check_read+0x11/0x20
[ 1032.457060][    C0]  ? __vm_enough_memory+0x11b/0x2d0
[ 1032.462291][    C0]  shmem_alloc_and_acct_page+0x42b/0x870
[ 1032.467952][    C0]  ? shmem_swapin_page+0x14c0/0x14c0
[ 1032.473282][    C0]  ? xas_start+0x317/0x3e0
[ 1032.477728][    C0]  ? xas_load+0x2ea/0x300
[ 1032.482081][    C0]  ? pagecache_get_page+0xb28/0xc20
[ 1032.487296][    C0]  ? page_cache_prev_miss+0x270/0x270
[ 1032.492715][    C0]  ? _raw_spin_lock_irq+0x8f/0xe0
[ 1032.497761][    C0]  ? _raw_spin_lock_irqsave+0x110/0x110
[ 1032.503353][    C0]  ? lru_cache_add+0x268/0x4d0
[ 1032.508133][    C0]  shmem_getpage_gfp+0xfe5/0x2310
[ 1032.513193][    C0]  ? __kasan_check_write+0x14/0x20
[ 1032.518324][    C0]  shmem_write_begin+0xce/0x1b0
[ 1032.523207][    C0]  generic_perform_write+0x2ad/0x670
[ 1032.528509][    C0]  ? grab_cache_page_write_begin+0xb0/0xb0
[ 1032.534389][    C0]  ? file_remove_privs+0x590/0x590
[ 1032.539541][    C0]  ? rwsem_write_trylock+0x130/0x300
[ 1032.544952][    C0]  ? clear_nonspinnable+0x60/0x60
[ 1032.549990][    C0]  __generic_file_write_iter+0x268/0x480
[ 1032.555660][    C0]  generic_file_write_iter+0xa9/0x1d0
[ 1032.561075][    C0]  vfs_write+0x802/0xf70
[ 1032.565344][    C0]  ? file_end_write+0x1b0/0x1b0
[ 1032.570187][    C0]  ? __fget_files+0x2c4/0x320
[ 1032.574883][    C0]  ? __fdget_pos+0x1f7/0x380
[ 1032.579483][    C0]  ? ksys_write+0x71/0x240
[ 1032.583928][    C0]  ksys_write+0x140/0x240
[ 1032.588286][    C0]  ? __ia32_sys_read+0x90/0x90
[ 1032.593071][    C0]  ? debug_smp_processor_id+0x17/0x20
[ 1032.598544][    C0]  __x64_sys_write+0x7b/0x90
[ 1032.603151][    C0]  x64_sys_call+0x8ef/0x9a0
[ 1032.607666][    C0]  do_syscall_64+0x4c/0xa0
[ 1032.612272][    C0]  ? clear_bhb_loop+0x50/0xa0
[ 1032.616982][    C0]  ? clear_bhb_loop+0x50/0xa0
[ 1032.621683][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1032.627593][    C0] RIP: 0033:0x7f7ac90ab3df
[ 1032.632029][    C0] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1032.651679][    C0] RSP: 002b:00007f7ac7714df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1032.660183][    C0] RAX: ffffffffffffffda RBX: 00000000013bd7ef RCX: 00007f7ac90ab3df
[ 1032.668189][    C0] RDX: 00000000013bd7ef RSI: 00007f7abf2f5000 RDI: 0000000000000003
[ 1032.676203][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000005514
[ 1032.684353][    C0] R10: 00000000000003cc R11: 0000000000000293 R12: 0000000000000003
[ 1032.692392][    C0] R13: 00007f7ac7714ef0 R14: 00007f7ac7714eb0 R15: 00007f7abf2f5000
[ 1032.700384][    C0]  </TASK>
[ 1032.703442][    C0] ---[ end trace 98b13db44289be11 ]---
[ 1032.708919][    C0] ------------[ cut here ]------------
[ 1032.714420][    C0] refcount_t: underflow; use-after-free.
[ 1032.720150][    C0] WARNING: CPU: 0 PID: 11057 at lib/refcount.c:28 refcount_warn_saturate+0x120/0x1a0
[ 1032.729774][    C0] Modules linked in:
[ 1032.733726][    C0] CPU: 0 PID: 11057 Comm: syz.1.2971 Tainted: G        W         5.15.185-syzkaller-00339-ge678c93d43cc #0
[ 1032.745126][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1032.755218][    C0] RIP: 0010:refcount_warn_saturate+0x120/0x1a0
[ 1032.761410][    C0] Code: 04 01 48 c7 c7 a0 ee 62 85 e8 ec 9c 50 02 0f 0b eb c3 e8 43 d6 1c ff c6 05 9f f8 99 04 01 48 c7 c7 00 ef 62 85 e8 d0 9c 50 02 <0f> 0b eb a7 e8 27 d6 1c ff c6 05 80 f8 99 04 01 48 c7 c7 40 ee 62
[ 1032.781081][    C0] RSP: 0018:ffffc900000079e0 EFLAGS: 00010246
[ 1032.787164][    C0] RAX: fc44761748fd6900 RBX: 0000000000000003 RCX: ffff888117008000
[ 1032.795158][    C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[ 1032.803174][    C0] RBP: ffffc900000079f0 R08: dffffc0000000000 R09: ffffed103ee065e8
[ 1032.811181][    C0] R10: ffffed103ee065e8 R11: 1ffff1103ee065e7 R12: ffff888117f44808
[ 1032.819182][    C0] R13: dffffc0000000000 R14: 0000000000000003 R15: 00000000c0000000
[ 1032.827179][    C0] FS:  00007f7ac77156c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1032.836157][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1032.842776][    C0] CR2: 0000001b3191fffc CR3: 000000012bd91000 CR4: 00000000003506b0
[ 1032.850772][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1032.858765][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1032.866779][    C0] Call Trace:
[ 1032.870065][    C0]  <IRQ>
[ 1032.872947][    C0]  tipc_crypto_xmit+0x1a82/0x2400
[ 1032.878005][    C0]  ? tipc_crypto_do_cmd+0xcf0/0xcf0
[ 1032.883241][    C0]  ? __copy_skb_header+0x437/0x600
[ 1032.888369][    C0]  tipc_bearer_xmit_skb+0x226/0x360
[ 1032.893596][    C0]  ? __skb_clone+0x47a/0x790
[ 1032.898197][    C0]  ? tipc_bearer_mtu+0x160/0x160
[ 1032.903168][    C0]  ? skb_clone+0x202/0x360
[ 1032.907599][    C0]  tipc_disc_timeout+0x6a2/0x830
[ 1032.912584][    C0]  ? update_rq_clock+0x1eb/0x580
[ 1032.917540][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1032.922767][    C0]  ? __kasan_check_write+0x14/0x20
[ 1032.927894][    C0]  ? _raw_spin_lock_irqsave+0x110/0x110
[ 1032.933487][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1032.938813][    C0]  call_timer_fn+0x38/0x290
[ 1032.943370][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1032.948600][    C0]  __run_timers+0x639/0x9a0
[ 1032.953168][    C0]  ? calc_index+0x200/0x200
[ 1032.957693][    C0]  ? sched_clock_cpu+0x18/0x3c0
[ 1032.962593][    C0]  run_timer_softirq+0x6a/0xf0
[ 1032.967387][    C0]  handle_softirqs+0x250/0x560
[ 1032.972185][    C0]  __irq_exit_rcu+0x52/0xf0
[ 1032.976707][    C0]  irq_exit_rcu+0x9/0x10
[ 1032.980955][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1032.986614][    C0]  </IRQ>
[ 1032.989555][    C0]  <TASK>
[ 1032.992508][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1032.998500][    C0] RIP: 0010:clear_page_erms+0x7/0x10
[ 1033.003817][    C0] Code: 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 8d 7f 40 75 d9 90 c3 90 90 90 90 90 90 90 b9 00 10 00 00 31 c0 <f3> aa c3 00 00 cc cc 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53
[ 1033.023470][    C0] RSP: 0018:ffffc90001257128 EFLAGS: 00010246
[ 1033.029552][    C0] RAX: 0000000000000000 RBX: ffff88813bc17000 RCX: 0000000000000cc0
[ 1033.037565][    C0] RDX: 0000000000000200 RSI: 0000000000000001 RDI: ffff88813bc17340
[ 1033.045590][    C0] RBP: ffffc90001257158 R08: dffffc0000000000 R09: ffffed1027782e00
[ 1033.053601][    C0] R10: fffff940009de0bf R11: 1ffffd40009de0be R12: 0000000000000001
[ 1033.061611][    C0] R13: 1ffff11022e01172 R14: ffff888117008b90 R15: dffffc0000000000
[ 1033.069596][    C0]  ? kernel_init_free_pages+0x72/0xf0
[ 1033.074996][    C0]  post_alloc_hook+0x10b/0x1b0
[ 1033.079779][    C0]  prep_new_page+0x1c/0x110
[ 1033.084461][    C0]  get_page_from_freelist+0x2cc5/0x2d50
[ 1033.090045][    C0]  ? __kasan_slab_alloc+0xcf/0xf0
[ 1033.095106][    C0]  ? __alloc_pages+0x440/0x440
[ 1033.099885][    C0]  ? __alloc_pages_bulk+0xab0/0xab0
[ 1033.105113][    C0]  ? debug_smp_processor_id+0x17/0x20
[ 1033.110504][    C0]  __alloc_pages+0x18f/0x440
[ 1033.115122][    C0]  ? prep_new_page+0x110/0x110
[ 1033.119897][    C0]  ? __kasan_check_read+0x11/0x20
[ 1033.124946][    C0]  ? __vm_enough_memory+0x11b/0x2d0
[ 1033.130156][    C0]  shmem_alloc_and_acct_page+0x42b/0x870
[ 1033.135822][    C0]  ? shmem_swapin_page+0x14c0/0x14c0
[ 1033.141163][    C0]  ? xas_start+0x317/0x3e0
[ 1033.145589][    C0]  ? xas_load+0x2ea/0x300
[ 1033.149910][    C0]  ? pagecache_get_page+0xb28/0xc20
[ 1033.155132][    C0]  ? page_cache_prev_miss+0x270/0x270
[ 1033.160524][    C0]  ? _raw_spin_lock_irq+0x8f/0xe0
[ 1033.165572][    C0]  ? _raw_spin_lock_irqsave+0x110/0x110
[ 1033.171166][    C0]  ? lru_cache_add+0x268/0x4d0
[ 1033.175938][    C0]  shmem_getpage_gfp+0xfe5/0x2310
[ 1033.180965][    C0]  ? __kasan_check_write+0x14/0x20
[ 1033.186107][    C0]  shmem_write_begin+0xce/0x1b0
[ 1033.190976][    C0]  generic_perform_write+0x2ad/0x670
[ 1033.196316][    C0]  ? grab_cache_page_write_begin+0xb0/0xb0
[ 1033.202162][    C0]  ? file_remove_privs+0x590/0x590
[ 1033.207286][    C0]  ? rwsem_write_trylock+0x130/0x300
[ 1033.212593][    C0]  ? clear_nonspinnable+0x60/0x60
[ 1033.217644][    C0]  __generic_file_write_iter+0x268/0x480
[ 1033.223299][    C0]  generic_file_write_iter+0xa9/0x1d0
[ 1033.228687][    C0]  vfs_write+0x802/0xf70
[ 1033.232954][    C0]  ? file_end_write+0x1b0/0x1b0
[ 1033.237822][    C0]  ? __fget_files+0x2c4/0x320
[ 1033.242534][    C0]  ? __fdget_pos+0x1f7/0x380
[ 1033.247142][    C0]  ? ksys_write+0x71/0x240
[ 1033.251599][    C0]  ksys_write+0x140/0x240
[ 1033.255946][    C0]  ? __ia32_sys_read+0x90/0x90
[ 1033.260704][    C0]  ? debug_smp_processor_id+0x17/0x20
[ 1033.266102][    C0]  __x64_sys_write+0x7b/0x90
[ 1033.270706][    C0]  x64_sys_call+0x8ef/0x9a0
[ 1033.275261][    C0]  do_syscall_64+0x4c/0xa0
[ 1033.279790][    C0]  ? clear_bhb_loop+0x50/0xa0
[ 1033.284615][    C0]  ? clear_bhb_loop+0x50/0xa0
[ 1033.289449][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1033.295402][    C0] RIP: 0033:0x7f7ac90ab3df
[ 1033.299836][    C0] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1033.319477][    C0] RSP: 002b:00007f7ac7714df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1033.327932][    C0] RAX: ffffffffffffffda RBX: 00000000013bd7ef RCX: 00007f7ac90ab3df
[ 1033.335941][    C0] RDX: 00000000013bd7ef RSI: 00007f7abf2f5000 RDI: 0000000000000003
[ 1033.343942][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000005514
[ 1033.351944][    C0] R10: 00000000000003cc R11: 0000000000000293 R12: 0000000000000003
[ 1033.359923][    C0] R13: 00007f7ac7714ef0 R14: 00007f7ac7714eb0 R15: 00007f7abf2f5000
[ 1033.367923][    C0]  </TASK>
[ 1033.370948][    C0] ---[ end trace 98b13db44289be12 ]---
[ 1033.376754][    C0] ------------[ cut here ]------------
[ 1033.382231][    C0] refcount_t: saturated; leaking memory.
[ 1033.387939][    C0] WARNING: CPU: 0 PID: 11057 at lib/refcount.c:22 refcount_warn_saturate+0x158/0x1a0
[ 1033.397422][    C0] Modules linked in:
[ 1033.401356][    C0] CPU: 0 PID: 11057 Comm: syz.1.2971 Tainted: G        W         5.15.185-syzkaller-00339-ge678c93d43cc #0
[ 1033.412760][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1033.422850][    C0] RIP: 0010:refcount_warn_saturate+0x158/0x1a0
[ 1033.429013][    C0] Code: 04 01 48 c7 c7 40 ee 62 85 e8 b4 9c 50 02 0f 0b eb 8b e8 0b d6 1c ff c6 05 65 f8 99 04 01 48 c7 c7 40 ee 62 85 e8 98 9c 50 02 <0f> 0b e9 6c ff ff ff e8 ec d5 1c ff c6 05 4a f8 99 04 01 48 c7 c7
[ 1033.448642][    C0] RSP: 0018:ffffc900000079e0 EFLAGS: 00010246
[ 1033.454750][    C0] RAX: fc44761748fd6900 RBX: 0000000000000001 RCX: ffff888117008000
[ 1033.462753][    C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[ 1033.470760][    C0] RBP: ffffc900000079f0 R08: dffffc0000000000 R09: ffffed103ee04e93
[ 1033.478773][    C0] R10: ffffed103ee04e93 R11: 1ffff1103ee04e92 R12: ffff888117f44808
[ 1033.486782][    C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffc90000007ba0
[ 1033.494794][    C0] FS:  00007f7ac77156c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1033.503771][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1033.510371][    C0] CR2: 0000001b3191fffc CR3: 000000012bd91000 CR4: 00000000003506b0
[ 1033.518374][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1033.526384][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1033.534396][    C0] Call Trace:
[ 1033.537687][    C0]  <IRQ>
[ 1033.540548][    C0]  tipc_crypto_xmit+0x1938/0x2400
[ 1033.545599][    C0]  ? tipc_crypto_do_cmd+0xcf0/0xcf0
[ 1033.550809][    C0]  ? __copy_skb_header+0x437/0x600
[ 1033.555943][    C0]  tipc_bearer_xmit_skb+0x226/0x360
[ 1033.561176][    C0]  ? __skb_clone+0x47a/0x790
[ 1033.565773][    C0]  ? tipc_bearer_mtu+0x160/0x160
[ 1033.570703][    C0]  ? skb_clone+0x202/0x360
[ 1033.575141][    C0]  tipc_disc_timeout+0x6a2/0x830
[ 1033.580115][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1033.585352][    C0]  ? _find_next_bit+0x106/0x200
[ 1033.590226][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1033.595470][    C0]  call_timer_fn+0x38/0x290
[ 1033.600149][    C0]  ? tipc_disc_init_msg+0x600/0x600
[ 1033.605386][    C0]  __run_timers+0x639/0x9a0
[ 1033.609905][    C0]  ? calc_index+0x200/0x200
[ 1033.614436][    C0]  ? sched_clock_cpu+0x18/0x3c0
[ 1033.619302][    C0]  run_timer_softirq+0x6a/0xf0
[ 1033.624105][    C0]  handle_softirqs+0x250/0x560
[ 1033.628886][    C0]  __irq_exit_rcu+0x52/0xf0
[ 1033.633412][    C0]  irq_exit_rcu+0x9/0x10
[ 1033.637674][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1033.643409][    C0]  </IRQ>
[ 1033.646358][    C0]  <TASK>
[ 1033.649295][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1033.655438][    C0] RIP: 0010:clear_page_erms+0x7/0x10
[ 1033.660735][    C0] Code: 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 8d 7f 40 75 d9 90 c3 90 90 90 90 90 90 90 b9 00 10 00 00 31 c0 <f3> aa c3 00 00 cc cc 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53
[ 1033.680370][    C0] RSP: 0018:ffffc90001257128 EFLAGS: 00010246
[ 1033.686498][    C0] RAX: 0000000000000000 RBX: ffff88813bc17000 RCX: 0000000000000cc0
[ 1033.694506][    C0] RDX: 0000000000000200 RSI: 0000000000000001 RDI: ffff88813bc17340
[ 1033.703073][    C0] RBP: ffffc90001257158 R08: dffffc0000000000 R09: ffffed1027782e00
[ 1033.711089][    C0] R10: fffff940009de0bf R11: 1ffffd40009de0be R12: 0000000000000001
[ 1033.719071][    C0] R13: 1ffff11022e01172 R14: ffff888117008b90 R15: dffffc0000000000
[ 1033.727075][    C0]  ? kernel_init_free_pages+0x72/0xf0
[ 1033.732488][    C0]  post_alloc_hook+0x10b/0x1b0
[ 1033.737260][    C0]  prep_new_page+0x1c/0x110
[ 1033.741783][    C0]  get_page_from_freelist+0x2cc5/0x2d50
[ 1033.747353][    C0]  ? __kasan_slab_alloc+0xcf/0xf0
[ 1033.752403][    C0]  ? __alloc_pages+0x440/0x440
[ 1033.757178][    C0]  ? __alloc_pages_bulk+0xab0/0xab0
[ 1033.762402][    C0]  ? debug_smp_processor_id+0x17/0x20
[ 1033.767788][    C0]  __alloc_pages+0x18f/0x440
[ 1033.772403][    C0]  ? prep_new_page+0x110/0x110
[ 1033.777180][    C0]  ? __kasan_check_read+0x11/0x20
[ 1033.782251][    C0]  ? __vm_enough_memory+0x11b/0x2d0
[ 1033.787466][    C0]  shmem_alloc_and_acct_page+0x42b/0x870
[ 1033.793143][    C0]  ? shmem_swapin_page+0x14c0/0x14c0
[ 1033.798451][    C0]  ? xas_start+0x317/0x3e0
[ 1033.802902][    C0]  ? xas_load+0x2ea/0x300
[ 1033.807249][    C0]  ? pagecache_get_page+0xb28/0xc20
[ 1033.812510][    C0]  ? page_cache_prev_miss+0x270/0x270
[ 1033.817908][    C0]  ? _raw_spin_lock_irq+0x8f/0xe0
[ 1033.822958][    C0]  ? _raw_spin_lock_irqsave+0x110/0x110
[ 1033.828518][    C0]  ? lru_cache_add+0x268/0x4d0
[ 1033.833305][    C0]  shmem_getpage_gfp+0xfe5/0x2310
[ 1033.838367][    C0]  ? __kasan_check_write+0x14/0x20
[ 1033.843508][    C0]  shmem_write_begin+0xce/0x1b0
[ 1033.848384][    C0]  generic_perform_write+0x2ad/0x670
[ 1033.853697][    C0]  ? grab_cache_page_write_begin+0xb0/0xb0
[ 1033.859558][    C0]  ? file_remove_privs+0x590/0x590
[ 1033.864751][    C0]  ? rwsem_write_trylock+0x130/0x300
[ 1033.870063][    C0]  ? clear_nonspinnable+0x60/0x60
[ 1033.875126][    C0]  __generic_file_write_iter+0x268/0x480
[ 1033.880779][    C0]  generic_file_write_iter+0xa9/0x1d0
[ 1033.886185][    C0]  vfs_write+0x802/0xf70
[ 1033.890445][    C0]  ? file_end_write+0x1b0/0x1b0
[ 1033.895325][    C0]  ? __fget_files+0x2c4/0x320
[ 1033.900027][    C0]  ? __fdget_pos+0x1f7/0x380
[ 1033.904664][    C0]  ? ksys_write+0x71/0x240
[ 1033.909104][    C0]  ksys_write+0x140/0x240
[ 1033.913461][    C0]  ? __ia32_sys_read+0x90/0x90
[ 1033.918235][    C0]  ? debug_smp_processor_id+0x17/0x20
[ 1033.923632][    C0]  __x64_sys_write+0x7b/0x90
[ 1033.928238][    C0]  x64_sys_call+0x8ef/0x9a0
[ 1033.932767][    C0]  do_syscall_64+0x4c/0xa0
[ 1033.937192][    C0]  ? clear_bhb_loop+0x50/0xa0
[ 1033.941904][    C0]  ? clear_bhb_loop+0x50/0xa0
[ 1033.946594][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1033.952518][    C0] RIP: 0033:0x7f7ac90ab3df
[ 1033.956948][    C0] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1033.976583][    C0] RSP: 002b:00007f7ac7714df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1033.985033][    C0] RAX: ffffffffffffffda RBX: 00000000013bd7ef RCX: 00007f7ac90ab3df
[ 1033.993039][    C0] RDX: 00000000013bd7ef RSI: 00007f7abf2f5000 RDI: 0000000000000003
[ 1034.001057][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000005514
[ 1034.009036][    C0] R10: 00000000000003cc R11: 0000000000000293 R12: 0000000000000003
[ 1034.017033][    C0] R13: 00007f7ac7714ef0 R14: 00007f7ac7714eb0 R15: 00007f7abf2f5000
[ 1034.025056][    C0]  </TASK>
[ 1034.028090][    C0] ---[ end trace 98b13db44289be13 ]---
[ 1034.067968][T11069] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1034.075160][T11069] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1034.082996][T11069] device bridge_slave_0 entered promiscuous mode
[ 1034.944836][T11069] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1034.957213][T11069] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1034.965129][T11069] device bridge_slave_1 entered promiscuous mode
[ 1035.024445][T11094] syz.1.2980[11094] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1035.024961][T11094] syz.1.2980[11094] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1035.918450][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1036.016506][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1036.032624][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1036.045627][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1036.053968][ T7639] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1036.061048][ T7639] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1036.068554][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1036.078088][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1036.086613][ T7639] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1036.093913][ T7639] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1036.111846][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1036.119810][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1036.139814][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1036.212784][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1036.249611][T11069] device veth0_vlan entered promiscuous mode
[ 1036.268160][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1036.315783][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1036.349946][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1036.388133][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1036.423505][T11069] device veth1_macvtap entered promiscuous mode
[ 1036.457035][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1036.490040][ T7639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1036.790033][  T471] tipc: Disabling bearer <udp:syz2>
[ 1036.797218][  T471] tipc: Disabling bearer <udp:syz0>
[ 1036.894925][  T471] tipc: Left network mode
[ 1037.082402][  T471] ------------[ cut here ]------------
[ 1037.088285][  T471] refcount_t: saturated; leaking memory.
[ 1037.144766][  T471] WARNING: CPU: 1 PID: 471 at lib/refcount.c:19 refcount_warn_saturate+0x13c/0x1a0
[ 1037.211320][ T1626] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1037.231808][  T471] Modules linked in:
[ 1037.235837][  T471] CPU: 0 PID: 471 Comm: kworker/u4:5 Tainted: G        W         5.15.185-syzkaller-00339-ge678c93d43cc #0
[ 1037.247513][  T471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1037.257750][  T471] Workqueue: netns cleanup_net
[ 1037.271908][  T471] RIP: 0010:refcount_warn_saturate+0x13c/0x1a0
[ 1037.282427][  T471] Code: 04 01 48 c7 c7 00 ef 62 85 e8 d0 9c 50 02 0f 0b eb a7 e8 27 d6 1c ff c6 05 80 f8 99 04 01 48 c7 c7 40 ee 62 85 e8 b4 9c 50 02 <0f> 0b eb 8b e8 0b d6 1c ff c6 05 65 f8 99 04 01 48 c7 c7 40 ee 62
[ 1037.352522][  T471] RSP: 0018:ffffc900011d77c0 EFLAGS: 00010246
[ 1037.358832][  T471] RAX: e2f7f264712e4700 RBX: 0000000000000000 RCX: ffff8881140e93c0
[ 1037.367141][  T471] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1037.377487][  T471] RBP: ffffc900011d77d0 R08: dffffc0000000000 R09: ffffed103ee265e8
[ 1037.385571][  T471] R10: ffffed103ee265e8 R11: 1ffff1103ee265e7 R12: 1ffff9200023af04
[ 1037.398737][  T471] R13: ffff888107da908c R14: 0000000000000000 R15: 0000000000000cc0
[ 1037.408924][  T471] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1037.418222][  T471] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1037.425109][  T471] CR2: 0000001b2d71eff8 CR3: 0000000133cc7000 CR4: 00000000003526b0
[ 1037.433406][  T471] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1037.441638][  T471] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1037.449678][  T471] Call Trace:
[ 1037.461447][  T471]  <TASK>
[ 1037.466541][  T471]  nf_nat_masq_schedule+0x439/0x4c0
[ 1037.479786][  T471]  ? nf_nat_masq_schedule+0x4c0/0x4c0
[ 1037.521058][ T1626] usb 5-1: Using ep0 maxpacket: 16
[ 1037.526571][  T471]  ? masq_device_event+0xd0/0xd0
[ 1037.532412][  T471]  ? nfqnl_rcv_dev_event+0x441/0x470
[ 1037.538456][  T471]  ? __kasan_check_read+0x11/0x20
[ 1037.547421][  T471]  masq_device_event+0x9b/0xd0
[ 1037.552681][  T471]  raw_notifier_call_chain+0x90/0x100
[ 1037.558196][  T471]  dev_close_many+0x32d/0x4d0
[ 1037.563648][  T471]  ? __dev_open+0x4c0/0x4c0
[ 1037.568257][  T471]  ? finish_task_switch+0x16b/0x780
[ 1037.573871][  T471]  ? __switch_to_asm+0x3a/0x60
[ 1037.578744][  T471]  ? __kasan_check_read+0x11/0x20
[ 1037.726152][  T471]  unregister_netdevice_many+0x44c/0x1990
[ 1037.761801][ T1626] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[ 1037.819180][  T471]  ? __cond_resched+0xb0/0xb0
[ 1037.828079][ T1626] usb 5-1: config 0 has an invalid descriptor of length 131, skipping remainder of the config
[ 1037.934871][  T471]  ? alloc_netdev_mqs+0xc90/0xc90
[ 1037.940195][  T471]  ? sysvec_reschedule_ipi+0x78/0x80
[ 1037.948771][  T471]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[ 1037.956135][  T471]  ? ip6gre_exit_batch_net+0x594/0x5f0
[ 1037.963214][  T471]  ip6gre_exit_batch_net+0x5a5/0x5f0
[ 1037.968678][  T471]  ? irqentry_exit+0x37/0x40
[ 1037.984005][  T471]  ? sysvec_reschedule_ipi+0x78/0x80
[ 1037.998758][ T1626] usb 5-1: config 0 has no interface number 0
[ 1037.999913][  T471]  ? ip6gre_init_net+0x340/0x340
[ 1038.004925][ T1626] usb 5-1: too many endpoints for config 0 interface 105 altsetting 50: 182, using maximum allowed: 30
[ 1038.021376][ T1626] usb 5-1: config 0 interface 105 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 182
[ 1038.022101][  T471]  ? ip6gre_init_net+0x340/0x340
[ 1038.034973][ T1626] usb 5-1: config 0 interface 105 has no altsetting 0
[ 1038.047419][  T471]  cleanup_net+0x602/0xad0
[ 1038.052044][  T471]  ? ops_init+0x4a0/0x4a0
[ 1038.056493][  T471]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[ 1038.062537][  T471]  process_one_work+0x6be/0xba0
[ 1038.067669][  T471]  worker_thread+0xa59/0x1200
[ 1038.072592][  T471]  kthread+0x411/0x500
[ 1038.077068][  T471]  ? worker_clr_flags+0x190/0x190
[ 1038.119027][  T471]  ? kthread_blkcg+0xd0/0xd0
[ 1038.146063][  T471]  ret_from_fork+0x1f/0x30
[ 1038.169638][  T471]  </TASK>
[ 1038.185701][  T471] ---[ end trace 98b13db44289be14 ]---
[ 1038.221545][ T1626] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1038.293295][ T1626] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1038.372043][ T1626] usb 5-1: Product: syz
[ 1038.376309][ T1626] usb 5-1: Manufacturer: syz
[ 1038.381436][ T1626] usb 5-1: SerialNumber: syz
[ 1038.555440][ T1626] usb 5-1: config 0 descriptor??
[ 1039.236918][  T471] device bridge_slave_1 left promiscuous mode
[ 1039.248375][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1039.267309][  T471] device bridge_slave_0 left promiscuous mode
[ 1039.285992][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1039.312218][  T471] device veth0_vlan left promiscuous mode
[ 1040.471958][  T471] ==================================================================
[ 1040.480063][  T471] BUG: KASAN: use-after-free in tcp_metrics_flush_all+0xd3/0x210
[ 1040.487800][  T471] Read of size 4 at addr ffff888107da908c by task kworker/u4:5/471
[ 1040.495692][  T471] 
[ 1040.498024][  T471] CPU: 0 PID: 471 Comm: kworker/u4:5 Tainted: G        W         5.15.185-syzkaller-00339-ge678c93d43cc #0
[ 1040.509380][  T471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1040.519433][  T471] Workqueue: netns cleanup_net
[ 1040.524199][  T471] Call Trace:
[ 1040.527470][  T471]  <TASK>
[ 1040.530399][  T471]  __dump_stack+0x21/0x30
[ 1040.534753][  T471]  dump_stack_lvl+0xee/0x150
[ 1040.539360][  T471]  ? show_regs_print_info+0x20/0x20
[ 1040.544575][  T471]  ? load_image+0x3a0/0x3a0
[ 1040.549081][  T471]  ? __kasan_check_read+0x11/0x20
[ 1040.554111][  T471]  ? preempt_schedule_common+0xbe/0xf0
[ 1040.559617][  T471]  print_address_description+0x7f/0x2c0
[ 1040.565199][  T471]  ? tcp_metrics_flush_all+0xd3/0x210
[ 1040.570577][  T471]  kasan_report+0xf1/0x140
[ 1040.574995][  T471]  ? _raw_spin_lock_bh+0x8e/0xe0
[ 1040.579931][  T471]  ? tcp_metrics_flush_all+0xd3/0x210
[ 1040.585306][  T471]  kasan_check_range+0x280/0x290
[ 1040.590269][  T471]  __kasan_check_read+0x11/0x20
[ 1040.595246][  T471]  tcp_metrics_flush_all+0xd3/0x210
[ 1040.600455][  T471]  ? tcp_net_metrics_init+0x150/0x150
[ 1040.605831][  T471]  tcp_net_metrics_exit_batch+0x10/0x20
[ 1040.611412][  T471]  cleanup_net+0x602/0xad0
[ 1040.615829][  T471]  ? ops_init+0x4a0/0x4a0
[ 1040.620178][  T471]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[ 1040.625647][  T471]  process_one_work+0x6be/0xba0
[ 1040.630496][  T471]  worker_thread+0xa59/0x1200
[ 1040.635203][  T471]  kthread+0x411/0x500
[ 1040.639281][  T471]  ? worker_clr_flags+0x190/0x190
[ 1040.644325][  T471]  ? kthread_blkcg+0xd0/0xd0
[ 1040.648912][  T471]  ret_from_fork+0x1f/0x30
[ 1040.653339][  T471]  </TASK>
[ 1040.656373][  T471] 
[ 1040.658685][  T471] Allocated by task 285:
[ 1040.662914][  T471]  __kasan_slab_alloc+0xbd/0xf0
[ 1040.667762][  T471]  slab_post_alloc_hook+0x4f/0x2b0
[ 1040.672886][  T471]  kmem_cache_alloc+0xf7/0x260
[ 1040.677686][  T471]  copy_net_ns+0x145/0x5c0
[ 1040.682103][  T471]  create_new_namespaces+0x3a2/0x660
[ 1040.687383][  T471]  unshare_nsproxy_namespaces+0x120/0x170
[ 1040.693098][  T471]  ksys_unshare+0x4ac/0x7b0
[ 1040.697600][  T471]  __x64_sys_unshare+0x38/0x40
[ 1040.702370][  T471]  x64_sys_call+0x442/0x9a0
[ 1040.706882][  T471]  do_syscall_64+0x4c/0xa0
[ 1040.711306][  T471]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1040.717197][  T471] 
[ 1040.719513][  T471] Freed by task 471:
[ 1040.723403][  T471]  kasan_set_track+0x4a/0x70
[ 1040.728004][  T471]  kasan_set_free_info+0x23/0x40
[ 1040.732936][  T471]  ____kasan_slab_free+0x125/0x160
[ 1040.738057][  T471]  __kasan_slab_free+0x11/0x20
[ 1040.742824][  T471]  slab_free_freelist_hook+0xc2/0x190
[ 1040.748189][  T471]  kmem_cache_free+0x100/0x320
[ 1040.752943][  T471]  cleanup_net+0xa2d/0xad0
[ 1040.757352][  T471]  process_one_work+0x6be/0xba0
[ 1040.762196][  T471]  worker_thread+0xa59/0x1200
[ 1040.766875][  T471]  kthread+0x411/0x500
[ 1040.770941][  T471]  ret_from_fork+0x1f/0x30
[ 1040.775353][  T471] 
[ 1040.777668][  T471] Last potentially related work creation:
[ 1040.783376][  T471]  kasan_save_stack+0x3a/0x60
[ 1040.788055][  T471]  __kasan_record_aux_stack+0xd2/0x100
[ 1040.793531][  T471]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1040.799346][  T471]  insert_work+0x51/0x310
[ 1040.803679][  T471]  __queue_work+0x8e5/0xc60
[ 1040.808181][  T471]  queue_work_on+0xd2/0x140
[ 1040.812689][  T471]  xfrm_hash_grow_check+0xd7/0x140
[ 1040.817814][  T471]  xfrm_state_find+0x26a0/0x2a70
[ 1040.822755][  T471]  xfrm_resolve_and_create_bundle+0x626/0x28d0
[ 1040.829010][  T471]  xfrm_lookup_with_ifid+0xa3e/0x2120
[ 1040.834396][  T471]  xfrm_lookup_route+0x3c/0x170
[ 1040.839246][  T471]  ip_route_output_flow+0x1d2/0x2d0
[ 1040.844459][  T471]  udp_sendmsg+0x1241/0x20b0
[ 1040.849049][  T471]  inet_sendmsg+0xa5/0xc0
[ 1040.853387][  T471]  ____sys_sendmsg+0x5a2/0x8c0
[ 1040.858153][  T471]  ___sys_sendmsg+0x1f0/0x260
[ 1040.862833][  T471]  __sys_sendmmsg+0x278/0x480
[ 1040.867519][  T471]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1040.872492][  T471]  x64_sys_call+0x6c6/0x9a0
[ 1040.877000][  T471]  do_syscall_64+0x4c/0xa0
[ 1040.881436][  T471]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1040.887334][  T471] 
[ 1040.889660][  T471] Second to last potentially related work creation:
[ 1040.896233][  T471]  kasan_save_stack+0x3a/0x60
[ 1040.901000][  T471]  __kasan_record_aux_stack+0xd2/0x100
[ 1040.906460][  T471]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1040.912267][  T471]  insert_work+0x51/0x310
[ 1040.916597][  T471]  __queue_work+0x8e5/0xc60
[ 1040.921099][  T471]  queue_work_on+0xd2/0x140
[ 1040.925600][  T471]  xfrm_hash_grow_check+0xd7/0x140
[ 1040.930714][  T471]  xfrm_state_find+0x26a0/0x2a70
[ 1040.935649][  T471]  xfrm_resolve_and_create_bundle+0x626/0x28d0
[ 1040.941800][  T471]  xfrm_lookup_with_ifid+0xa3e/0x2120
[ 1040.947170][  T471]  xfrm_lookup_route+0x3c/0x170
[ 1040.952106][  T471]  ip_route_output_flow+0x1d2/0x2d0
[ 1040.957299][  T471]  udp_sendmsg+0x1241/0x20b0
[ 1040.961887][  T471]  inet_sendmsg+0xa5/0xc0
[ 1040.966213][  T471]  ____sys_sendmsg+0x5a2/0x8c0
[ 1040.970976][  T471]  ___sys_sendmsg+0x1f0/0x260
[ 1040.975651][  T471]  __sys_sendmmsg+0x278/0x480
[ 1040.980325][  T471]  __x64_sys_sendmmsg+0xa0/0xb0
[ 1040.985176][  T471]  x64_sys_call+0x6c6/0x9a0
[ 1040.989682][  T471]  do_syscall_64+0x4c/0xa0
[ 1040.994095][  T471]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1041.000019][  T471] 
[ 1041.002343][  T471] The buggy address belongs to the object at ffff888107da9000
[ 1041.002343][  T471]  which belongs to the cache net_namespace of size 3968
[ 1041.016654][  T471] The buggy address is located 140 bytes inside of
[ 1041.016654][  T471]  3968-byte region [ffff888107da9000, ffff888107da9f80)
[ 1041.030010][  T471] The buggy address belongs to the page:
[ 1041.035631][  T471] page:ffffea00041f6a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888107dae000 pfn:0x107da8
[ 1041.047164][  T471] head:ffffea00041f6a00 order:3 compound_mapcount:0 compound_pincount:0
[ 1041.055542][  T471] flags: 0x4000000000010200(slab|head|zone=1)
[ 1041.061639][  T471] raw: 4000000000010200 0000000000000000 0000000100000001 ffff8881001c4d80
[ 1041.070235][  T471] raw: ffff888107dae000 0000000080080004 00000001ffffffff 0000000000000000
[ 1041.078807][  T471] page dumped because: kasan: bad access detected
[ 1041.085232][  T471] page_owner tracks the page as allocated
[ 1041.090951][  T471] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 281, ts 23055109066, free_ts 23053120469
[ 1041.109969][  T471]  post_alloc_hook+0x192/0x1b0
[ 1041.114741][  T471]  prep_new_page+0x1c/0x110
[ 1041.119260][  T471]  get_page_from_freelist+0x2cc5/0x2d50
[ 1041.124822][  T471]  __alloc_pages+0x18f/0x440
[ 1041.129413][  T471]  new_slab+0xa1/0x4d0
[ 1041.133482][  T471]  ___slab_alloc+0x381/0x810
[ 1041.138068][  T471]  __slab_alloc+0x49/0x90
[ 1041.142396][  T471]  kmem_cache_alloc+0x138/0x260
[ 1041.147249][  T471]  copy_net_ns+0x145/0x5c0
[ 1041.151664][  T471]  create_new_namespaces+0x3a2/0x660
[ 1041.156947][  T471]  unshare_nsproxy_namespaces+0x120/0x170
[ 1041.162682][  T471]  ksys_unshare+0x4ac/0x7b0
[ 1041.167179][  T471]  __x64_sys_unshare+0x38/0x40
[ 1041.171941][  T471]  x64_sys_call+0x442/0x9a0
[ 1041.176443][  T471]  do_syscall_64+0x4c/0xa0
[ 1041.180854][  T471]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1041.186760][  T471] page last free stack trace:
[ 1041.191426][  T471]  free_unref_page_prepare+0x542/0x550
[ 1041.196900][  T471]  free_unref_page+0xa2/0x550
[ 1041.201573][  T471]  __free_pages+0x6c/0x100
[ 1041.205984][  T471]  __free_slab+0xe8/0x1e0
[ 1041.210314][  T471]  __unfreeze_partials+0x160/0x190
[ 1041.215426][  T471]  put_cpu_partial+0xc6/0x120
[ 1041.220102][  T471]  __slab_free+0x1d4/0x290
[ 1041.224521][  T471]  ___cache_free+0x104/0x120
[ 1041.229114][  T471]  qlink_free+0x4d/0x90
[ 1041.233265][  T471]  qlist_free_all+0x5f/0xb0
[ 1041.237767][  T471]  kasan_quarantine_reduce+0x14a/0x170
[ 1041.243222][  T471]  __kasan_slab_alloc+0x2f/0xf0
[ 1041.248165][  T471]  slab_post_alloc_hook+0x4f/0x2b0
[ 1041.253274][  T471]  kmem_cache_alloc+0xf7/0x260
[ 1041.258037][  T471]  getname_flags+0xb9/0x500
[ 1041.262540][  T471]  getname+0x19/0x20
[ 1041.266442][  T471] 
[ 1041.268763][  T471] Memory state around the buggy address:
[ 1041.274393][  T471]  ffff888107da8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1041.282457][  T471]  ffff888107da9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1041.290521][  T471] >ffff888107da9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1041.298672][  T471]                       ^
[ 1041.303007][  T471]  ffff888107da9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1041.311063][  T471]  ffff888107da9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1041.319118][  T471] ==================================================================
[ 1041.327167][  T471] Disabling lock debugging due to kernel taint
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1041.468183][   T30] audit: type=1400 audit(1749317124.271:2802): avc:  denied  { write } for  pid=273 comm="syz-executor" path="pipe:[13067]" dev="pipefs" ino=13067 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1041.568477][   T30] audit: type=1400 audit(1749317124.291:2803): avc:  denied  { read } for  pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 1041.628602][   T30] audit: type=1400 audit(1749317124.291:2804): avc:  denied  { search } for  pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1041.650301][   T30] audit: type=1400 audit(1749317124.291:2805): avc:  denied  { write } for  pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1041.678277][   T30] audit: type=1400 audit(1749317124.291:2806): avc:  denied  { add_name } for  pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1041.699171][   T30] audit: type=1400 audit(1749317124.291:2807): avc:  denied  { create } for  pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1041.719954][   T30] audit: type=1400 audit(1749317124.291:2808): avc:  denied  { append open } for  pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1041.743207][   T30] audit: type=1400 audit(1749317124.291:2809): avc:  denied  { getattr } for  pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1041.969140][  T471] tipc: Disabling bearer <udp:syz2>
[ 1041.981252][  T471] tipc: Disabling bearer <udp:syz0>
[ 1042.001208][T10232] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[ 1042.011352][  T471] tipc: Left network mode
[ 1042.015914][ T1626] usb 5-1: USB disconnect, device number 39
[ 1042.842891][  T471] device bridge_slave_1 left promiscuous mode
[ 1042.849021][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1042.856531][  T471] device bridge_slave_0 left promiscuous mode
[ 1042.862717][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1042.870858][  T471] device bridge_slave_1 left promiscuous mode
[ 1042.877272][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1042.884856][  T471] device bridge_slave_0 left promiscuous mode
[ 1042.890972][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1042.899205][  T471] device veth1_macvtap left promiscuous mode
[ 1042.905224][  T471] device veth0_vlan left promiscuous mode
[ 1042.911281][  T471] device veth1_macvtap left promiscuous mode
[ 1042.917284][  T471] device veth0_vlan left promiscuous mode
[ 1043.954492][  T471] tipc: Disabling bearer <udp:syz0>
[ 1043.959908][  T471] tipc: Disabling bearer <udp:syz2>
[ 1043.965490][  T471] tipc: Left network mode
[ 1044.811936][  T471] device bridge_slave_1 left promiscuous mode
[ 1044.818089][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1044.825630][  T471] device bridge_slave_0 left promiscuous mode
[ 1044.831890][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1044.840349][  T471] device bridge_slave_1 left promiscuous mode
[ 1044.846745][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1044.854235][  T471] device bridge_slave_0 left promiscuous mode
[ 1044.860346][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1044.868488][  T471] device veth1_macvtap left promiscuous mode
[ 1044.874529][  T471] device veth0_vlan left promiscuous mode
[ 1044.880388][  T471] device veth1_macvtap left promiscuous mode
[ 1044.886686][  T471] device veth0_vlan left promiscuous mode